Vulnerability
Amazon discloses Linux WorkSpaces vulnerability in authentication tokens
Rapportert av AI Bilde generert av AI
Amazon Web Services has revealed a security flaw in its WorkSpaces client for Linux that allows local attackers to extract authentication tokens and access other users' virtual desktops. The vulnerability, CVE-2025-12779, affects client versions from 2023.0 to 2024.8 and carries a CVSS score of 8.8. AWS urges immediate upgrades to version 2025.0 or later to mitigate the risk.
NVIDIA has released an urgent security update to address a high-severity vulnerability in its NSIGHT Graphics tool for Linux systems. The flaw, identified as CVE-2025-33206, could enable attackers to execute arbitrary code if exploited. Affected users are urged to upgrade immediately to mitigate risks.
Rapportert av AI
A critical vulnerability in the TLP Linux power management tool has been fixed after researchers discovered it allowed local attackers to bypass authentication and alter system settings. The flaw, identified in version 1.9.0 and tracked as CVE-2025-67859, stemmed from a race condition in the Polkit mechanism. TLP developers released version 1.9.1 on January 7, 2026, addressing the issue following coordinated disclosure.
A severe remote code execution vulnerability in Imunify360 AV has been patched, affecting a security tool that protects around 56 million Linux-hosted websites. Discovered in the product's deobfuscation logic, the flaw allows attackers to execute arbitrary commands and potentially seize control of hosting servers. CloudLinux released a fix on October 21, 2025, though no formal CVE or advisory followed.
Rapportert av AI
The U.S. Cybersecurity and Infrastructure Security Agency has issued an urgent alert about a critical Linux kernel vulnerability, CVE-2024-1086, now being used by ransomware operators. This flaw allows local privilege escalation and was patched in January 2024. The warning highlights ongoing risks to enterprise systems despite available fixes.
A proof-of-concept exploit has been released for CVE-2025-8941, a high-severity flaw in Linux-PAM's pam_namespace module. The vulnerability allows local attackers with low privileges to gain root access through race conditions and symlink manipulation. Security experts urge immediate patching to prevent system compromise.
Rapportert av AI
A high-severity vulnerability in the Linux Pluggable Authentication Modules framework, identified as CVE-2025-8941, enables local attackers to gain root privileges through symlink attacks and race conditions. Security researchers have released a proof-of-concept exploit, highlighting risks to Linux systems. The flaw affects multiple distributions and requires immediate patching.
Rust in Linux Kernel: First Vulnerability Emerges in Android Binder Driver
tirsdag, 16. desember 2025, 23:12React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft
tirsdag, 16. desember 2025, 11:30Silent Whisper vulnerability exposes WhatsApp users to secret tracking
lørdag, 13. desember 2025, 23:54China-nexus groups and cybercriminals ramp up React2Shell exploits
onsdag, 10. desember 2025, 15:36React2Shell flaw exploited for PeerBlight malware on Linux
søndag, 2. november 2025, 21:17CISA warns of ransomware exploiting Linux kernel vulnerability
lørdag, 1. november 2025, 19:33Security flaw in WordPress add-on affects 10,000 sites
lørdag, 1. november 2025, 03:51CISA warns of exploited Linux kernel vulnerability in ransomware attacks
fredag, 31. oktober 2025, 06:47CISA confirms Linux kernel flaw exploited in ransomware attacks
onsdag, 22. oktober 2025, 19:48CISA warns of exploited high-severity Windows SMB flaw