Half a dozen security issues affecting multiple versions of Splunk Enterprise and Splunk Cloud Platform have been flagged by Splunk, the most severe of which is the high-severity unauthenticated blind server-side request forgery vulnerability, tracked as CVE-2025-20371, reports The Cyber Express.
The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include almost half a dozen security issues impacting GNU Bash, Smartbedded Meteobridge, Juniper ScreenOS, Jenkins, and Samsung products, Security Affairs reports.
CloudDefense.AI founder and CEO Anshu Bansal warns that cloud misconfigurations remain the leading driver of breaches, despite global security spending topping $183.9 billion last year, according to Forbes.
BleepingComputer reports that more than 48,800 internet-exposed Cisco Adaptive Security Appliance and Firewall Threat Defense devices remain at risk to intrusions involving the actively exploited flaws, tracked as CVE-2025-20362 and CVE-2025-20333.
Chinese state-sponsored threat actor UNC5174, also known as Uteus or Uetus, has been launching intrusions leveraging the recently addressed high-severity VMware Tools and VMware Aria Operations zero-day, tracked as CVE-2025-41244, since October 2024, reports The Hacker News.
