Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

DNS rebinding

BIND flaws could enable DNS cache poisoning; patches issued

News, Research, Risk, Vendors, Vulnerabilities

October 23, 2025

BIND developers warned of two vulnerabilities, CVE-2025-40778 and CVE-2025-40780, that can enable DNS cache poisoning by allowing forged responses to be accepted; patches were released and operators are urged to apply them.
Patched command injection in Figma MCP server could allow remote code execution, researchers say

News, Research, Vendors, Vulnerabilities

October 8, 2025

A command injection bug in the figma-developer-mcp Model Context Protocol server, tracked as CVE-2025-53967 and scored 7.5, could allow remote code execution by interpolating unvalidated input into shell commands; the issue was fixed in version 0.6.3 and researchers recommend avoiding child_process.exec with untrusted data.

About
Editorial Policy
Privacy
Contact