Vulnerability
Amazon discloses Linux WorkSpaces vulnerability in authentication tokens
Raportoinut AI AI:n luoma kuva
Amazon Web Services has revealed a security flaw in its WorkSpaces client for Linux that allows local attackers to extract authentication tokens and access other users' virtual desktops. The vulnerability, CVE-2025-12779, affects client versions from 2023.0 to 2024.8 and carries a CVSS score of 8.8. AWS urges immediate upgrades to version 2025.0 or later to mitigate the risk.
NVIDIA has released an urgent security update to address a high-severity vulnerability in its NSIGHT Graphics tool for Linux systems. The flaw, identified as CVE-2025-33206, could enable attackers to execute arbitrary code if exploited. Affected users are urged to upgrade immediately to mitigate risks.
Raportoinut AI
A critical vulnerability in the TLP Linux power management tool has been fixed after researchers discovered it allowed local attackers to bypass authentication and alter system settings. The flaw, identified in version 1.9.0 and tracked as CVE-2025-67859, stemmed from a race condition in the Polkit mechanism. TLP developers released version 1.9.1 on January 7, 2026, addressing the issue following coordinated disclosure.
A severe remote code execution vulnerability in Imunify360 AV has been patched, affecting a security tool that protects around 56 million Linux-hosted websites. Discovered in the product's deobfuscation logic, the flaw allows attackers to execute arbitrary commands and potentially seize control of hosting servers. CloudLinux released a fix on October 21, 2025, though no formal CVE or advisory followed.
Raportoinut AI
The U.S. Cybersecurity and Infrastructure Security Agency has issued an urgent alert about a critical Linux kernel vulnerability, CVE-2024-1086, now being used by ransomware operators. This flaw allows local privilege escalation and was patched in January 2024. The warning highlights ongoing risks to enterprise systems despite available fixes.
A proof-of-concept exploit has been released for CVE-2025-8941, a high-severity flaw in Linux-PAM's pam_namespace module. The vulnerability allows local attackers with low privileges to gain root access through race conditions and symlink manipulation. Security experts urge immediate patching to prevent system compromise.
Raportoinut AI
A high-severity vulnerability in the Linux Pluggable Authentication Modules framework, identified as CVE-2025-8941, enables local attackers to gain root privileges through symlink attacks and race conditions. Security researchers have released a proof-of-concept exploit, highlighting risks to Linux systems. The flaw affects multiple distributions and requires immediate patching.
Rust in Linux Kernel: First Vulnerability Emerges in Android Binder Driver
16. joulukuuta 2025 23.12React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft
16. joulukuuta 2025 11.30Silent Whisper vulnerability exposes WhatsApp users to secret tracking
13. joulukuuta 2025 23.54China-nexus groups and cybercriminals ramp up React2Shell exploits
10. joulukuuta 2025 15.36React2Shell flaw exploited for PeerBlight malware on Linux
2. marraskuuta 2025 21.17CISA warns of ransomware exploiting Linux kernel vulnerability
1. marraskuuta 2025 19.33Security flaw in WordPress add-on affects 10,000 sites
1. marraskuuta 2025 03.51CISA warns of exploited Linux kernel vulnerability in ransomware attacks
31. lokakuuta 2025 06.47CISA confirms Linux kernel flaw exploited in ransomware attacks
22. lokakuuta 2025 19.48CISA warns of exploited high-severity Windows SMB flaw