Vulnerabilities
BIND and Unbound DNS resolvers disclose cache poisoning vulnerabilities
Developers of the widely used BIND DNS software have warned of two high-severity vulnerabilities that could enable cache poisoning attacks, similar to those revealed in 2008. Unbound, another DNS resolver, faces a related flaw reported by the same researchers. Patches for all issues became available on October 22, 2025.
CISA adds Oracle and other flaws to exploited vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency has added vulnerabilities from Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft Internet Explorer to its Known Exploited Vulnerabilities catalog. This action requires federal agencies to address these flaws by October 27, 2025, to mitigate risks from ongoing exploits. Among the additions is a critical Oracle vulnerability recently patched after exploitation by ransomware actors.
Canonical issues Ubuntu security updates for MuPDF, Redis, Samba, and more
Canonical has released several Ubuntu Security Notices addressing critical vulnerabilities in key open-source packages such as MuPDF, Redis, Samba, and Apache Subversion. These updates fix issues that could lead to denial-of-service attacks, data leaks, and remote code execution across multiple long-term support releases. The patches reinforce Ubuntu's commitment to system stability and security.
Hundreds of Adobe Magento stores hit by critical security flaw
More than 250 attacks targeted Adobe Magento stores within 24 hours following the discovery of a critical security vulnerability. The incident highlights ongoing risks in e-commerce platforms. Cybersecurity experts urge immediate updates to mitigate further threats.