Vulnerability

Pixnapping attack steals sensitive data from Android devices

Academic researchers have revealed a new Android vulnerability called Pixnapping that lets malicious apps steal 2FA codes, private messages, and other visible data without needing permissions. The attack, which takes less than 30 seconds, exploits screen rendering times and has been demonstrated on Google Pixel phones and the Samsung Galaxy S25. Google has released partial mitigations, with further patches planned.

PoC exploit released for Linux-PAM vulnerability allowing root escalation

20 अक्टूबर 2025 Lisa Kern

A high-severity vulnerability in the Linux Pluggable Authentication Modules framework, identified as CVE-2025-8941, enables local attackers to gain root privileges through symlink attacks and race conditions. Security researchers have released a proof-of-concept exploit, highlighting risks to Linux systems. The flaw affects multiple distributions and requires immediate patching.

Cisco SNMP vulnerability exploited to deploy Linux rootkits

16 अक्टूबर 2025 AI द्वारा रिपोर्ट किया गया

Cybersecurity firm Trend Micro has revealed Operation Zero Disco, a campaign exploiting a critical Cisco SNMP flaw to install rootkits on network devices. The attack targets older switches, enabling persistent access and evasion of detection. As of October 2025, it has compromised enterprise networks reliant on legacy infrastructure.

Secure Boot bypass flaw affects nearly 200,000 Framework Linux systems

Nearly 200,000 Linux computers from U.S. manufacturer Framework shipped with a vulnerability allowing Secure Boot bypass. The issue stems from a 'memory modify' command in signed UEFI shells that can disable signature verification. Framework is addressing the problem through firmware updates.