vulnerability

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)

Debian, Don't miss, Hot stuff, Linux, macOS, News, Stratascale, SUSE, Ubuntu, vulnerability /

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) 2025-07-01 at 16:11 By Zeljka Zorz If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been disclosed on Monday. What is Sudo? Sudo is command-line utility in Unix-like […]

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) Read More »

Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’

ICS, ICS/OT, vulnerability /

Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’ 2025-07-01 at 15:24 By Eduard Kovacs CISA has informed organizations about critical authentication bypass and remote code execution vulnerabilities in Microsens NMP Web+. The post Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’ appeared first on SecurityWeek. This article

Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’ Read More »

CitrixBleed 2 might be actively exploited (CVE-2025-5777)

Censys, Citrix, Don't miss, enterprise, Hot stuff, NetScaler, News, ReliaQuest, vulnerability /

CitrixBleed 2 might be actively exploited (CVE-2025-5777) 2025-06-30 at 15:47 By Zeljka Zorz While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which have been patched earlier this month. CVE-2025-5777, in

CitrixBleed 2 might be actively exploited (CVE-2025-5777) Read More »

Airoha Chip Vulnerabilities Expose Headphones to Takeover

Airoha, BLE, Bluetooth, headphone, Mobile & Wireless, vulnerability, wireless /

Airoha Chip Vulnerabilities Expose Headphones to Takeover 2025-06-30 at 14:11 By Ionut Arghire Vulnerabilities in Airoha Bluetooth SoCs expose headphone and earbud products from multiple vendors to takeover attacks. The post Airoha Chip Vulnerabilities Expose Headphones to Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Airoha Chip Vulnerabilities Expose Headphones to Takeover Read More »

Critical Cisco ISE Vulnerabilities Allow Remote Code Execution 

Cisco, patch, Vulnerabilities, vulnerability /

Critical Cisco ISE Vulnerabilities Allow Remote Code Execution  2025-06-26 at 12:02 By Ionut Arghire Two critical vulnerabilities in Cisco ISE could allow remote attackers to execute arbitrary code with root privileges. The post Critical Cisco ISE Vulnerabilities Allow Remote Code Execution  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Cisco ISE Vulnerabilities Allow Remote Code Execution  Read More »

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

Don't miss, Hot stuff, News, open source, PoC, vulnerability /

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) 2025-06-26 at 00:15 By Zeljka Zorz A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is being leveraged by attackers, though technical details

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) Read More »

New Vulnerabilities Expose Millions of Brother Printers to Hacking

Brother, Featured, IoT Security, printer, Vulnerabilities, vulnerability /

New Vulnerabilities Expose Millions of Brother Printers to Hacking 2025-06-25 at 14:21 By Eduard Kovacs Rapid7 has found several serious vulnerabilities affecting over 700 printer models from Brother and other vendors.  The post New Vulnerabilities Expose Millions of Brother Printers to Hacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

New Vulnerabilities Expose Millions of Brother Printers to Hacking Read More »

Code Execution Vulnerability Patched in GitHub Enterprise Server

GitHub, RCE, Vulnerabilities, vulnerability /

Code Execution Vulnerability Patched in GitHub Enterprise Server 2025-06-25 at 14:21 By Ionut Arghire A high-severity vulnerability in GitHub Enterprise Server could have allowed remote attackers to execute arbitrary code. The post Code Execution Vulnerability Patched in GitHub Enterprise Server appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Code Execution Vulnerability Patched in GitHub Enterprise Server Read More »

Chrome 138, Firefox 140 Patch Multiple Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome 138, Firefox 140 Patch Multiple Vulnerabilities 2025-06-25 at 13:18 By Ionut Arghire Chrome 138 and Firefox 140 are rolling out with fixes for two dozen vulnerabilities, including high-severity memory safety issues. The post Chrome 138, Firefox 140 Patch Multiple Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 138, Firefox 140 Patch Multiple Vulnerabilities Read More »

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)

Don't miss, Hot stuff, News, Trend Micro, vulnerability, Windows, WinRAR /

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218) 2025-06-24 at 12:45 By Zeljka Zorz A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The vulnerability has been patched in WinRAR 7.12 beta 1, released on June 10, 2025, and users are advised

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218) Read More »

Critical Authentication Bypass Flaw Patched in Teleport

Authentication Bypass, Teleport, Vulnerabilities, vulnerability /

Critical Authentication Bypass Flaw Patched in Teleport 2025-06-23 at 14:50 By Ionut Arghire A critical-severity vulnerability in Teleport could allow remote attackers to bypass SSH authentication and access managed systems. The post Critical Authentication Bypass Flaw Patched in Teleport appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Authentication Bypass Flaw Patched in Teleport Read More »

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)

Citrix, Don't miss, enterprise, Hot stuff, NetScaler, News, security update, vulnerability /

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) 2025-06-23 at 14:14 By Zeljka Zorz Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The vulnerabilities have been privately disclosed and there is no indication that they are under active exploitation. Nevertheless, the

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) Read More »

Motors Theme Vulnerability Exploited to Hack WordPress Websites

exploited, Vulnerabilities, vulnerability, WordPress /

Motors Theme Vulnerability Exploited to Hack WordPress Websites 2025-06-20 at 14:22 By Ionut Arghire Threat actors are exploiting a critical-severity vulnerability in Motors theme for WordPress to change arbitrary user passwords. The post Motors Theme Vulnerability Exploited to Hack WordPress Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Motors Theme Vulnerability Exploited to Hack WordPress Websites Read More »

High-Severity Vulnerabilities Patched by Cisco, Atlassian

Atlassian, Cisco, patch, Vulnerabilities, vulnerability /

High-Severity Vulnerabilities Patched by Cisco, Atlassian 2025-06-19 at 11:47 By Ionut Arghire Cisco has resolved a high-severity vulnerability in Meraki MX and Meraki Z devices. Atlassian pushed patches for multiple third-party dependencies. The post High-Severity Vulnerabilities Patched by Cisco, Atlassian appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

High-Severity Vulnerabilities Patched by Cisco, Atlassian Read More »

Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection

GerriScary, Gerrit, Google, supply chain, Vulnerabilities, vulnerability /

Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection 2025-06-18 at 20:11 By Ionut Arghire Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects. The post Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection appeared first on SecurityWeek. This article is an excerpt

Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection Read More »

Critical Vulnerability Patched in Citrix NetScaler

Citrix, patch, Vulnerabilities, vulnerability /

Critical Vulnerability Patched in Citrix NetScaler 2025-06-18 at 16:20 By Ionut Arghire Citrix has released patches for critical- and high-severity vulnerabilities in NetScaler and Secure Access Client and Workspace for Windows. The post Critical Vulnerability Patched in Citrix NetScaler appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Vulnerability Patched in Citrix NetScaler Read More »

Linux Security: New Flaws Allow Root Access, CISA Warns of Old Bug Exploitation

CISA KEV, exploited, kernel, Linux, Vulnerabilities, vulnerability /

Linux Security: New Flaws Allow Root Access, CISA Warns of Old Bug Exploitation 2025-06-18 at 15:33 By Eduard Kovacs Qualys has disclosed two Linux vulnerabilities that can be chained for full root access, and CISA added a flaw to its KEV catalog. The post Linux Security: New Flaws Allow Root Access, CISA Warns of Old

Linux Security: New Flaws Allow Root Access, CISA Warns of Old Bug Exploitation Read More »

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019)

Debian, Don't miss, Fedora, Hot stuff, Linux, News, openSUSE, Qualys, Ubuntu, vulnerability /

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) 2025-06-18 at 14:49 By Zeljka Zorz Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most Linux distributions “with minimal effort.” About the vulnerabilities (CVE-2025-6018, CVE-2025-6019) CVE-2025-6018 affects the Pluggable

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) Read More »

Chrome 137 Update Patches High-Severity Vulnerabilities

Chrome, exploited, Russia, Vulnerabilities, vulnerability /

Chrome 137 Update Patches High-Severity Vulnerabilities 2025-06-18 at 12:52 By Ionut Arghire Google has released a Chrome 137 update to resolve two memory bugs in the browser’s V8 and Profiler components. The post Chrome 137 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 137 Update Patches High-Severity Vulnerabilities Read More »

Scroll to Top