Vulnerability
Amazon discloses Linux WorkSpaces vulnerability in authentication tokens
Imeripotiwa na AI Picha iliyoundwa na AI
Amazon Web Services has revealed a security flaw in its WorkSpaces client for Linux that allows local attackers to extract authentication tokens and access other users' virtual desktops. The vulnerability, CVE-2025-12779, affects client versions from 2023.0 to 2024.8 and carries a CVSS score of 8.8. AWS urges immediate upgrades to version 2025.0 or later to mitigate the risk.
NVIDIA has released an urgent security update to address a high-severity vulnerability in its NSIGHT Graphics tool for Linux systems. The flaw, identified as CVE-2025-33206, could enable attackers to execute arbitrary code if exploited. Affected users are urged to upgrade immediately to mitigate risks.
Imeripotiwa na AI
A critical vulnerability in the TLP Linux power management tool has been fixed after researchers discovered it allowed local attackers to bypass authentication and alter system settings. The flaw, identified in version 1.9.0 and tracked as CVE-2025-67859, stemmed from a race condition in the Polkit mechanism. TLP developers released version 1.9.1 on January 7, 2026, addressing the issue following coordinated disclosure.
A severe remote code execution vulnerability in Imunify360 AV has been patched, affecting a security tool that protects around 56 million Linux-hosted websites. Discovered in the product's deobfuscation logic, the flaw allows attackers to execute arbitrary commands and potentially seize control of hosting servers. CloudLinux released a fix on October 21, 2025, though no formal CVE or advisory followed.
Imeripotiwa na AI
The U.S. Cybersecurity and Infrastructure Security Agency has issued an urgent alert about a critical Linux kernel vulnerability, CVE-2024-1086, now being used by ransomware operators. This flaw allows local privilege escalation and was patched in January 2024. The warning highlights ongoing risks to enterprise systems despite available fixes.
A proof-of-concept exploit has been released for CVE-2025-8941, a high-severity flaw in Linux-PAM's pam_namespace module. The vulnerability allows local attackers with low privileges to gain root access through race conditions and symlink manipulation. Security experts urge immediate patching to prevent system compromise.
Imeripotiwa na AI
A high-severity vulnerability in the Linux Pluggable Authentication Modules framework, identified as CVE-2025-8941, enables local attackers to gain root privileges through symlink attacks and race conditions. Security researchers have released a proof-of-concept exploit, highlighting risks to Linux systems. The flaw affects multiple distributions and requires immediate patching.
Rust in Linux Kernel: First Vulnerability Emerges in Android Binder Driver
Jumanne, 16. Mwezi wa kumi na mbili 2025, 23:12:04React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft
Jumanne, 16. Mwezi wa kumi na mbili 2025, 11:30:18Silent Whisper vulnerability exposes WhatsApp users to secret tracking
Jumamosi, 13. Mwezi wa kumi na mbili 2025, 23:54:19China-nexus groups and cybercriminals ramp up React2Shell exploits
Jumatano, 10. Mwezi wa kumi na mbili 2025, 15:36:03React2Shell flaw exploited for PeerBlight malware on Linux
Jumapili, 2. Mwezi wa kumi na moja 2025, 21:17:53CISA warns of ransomware exploiting Linux kernel vulnerability
Jumamosi, 1. Mwezi wa kumi na moja 2025, 19:33:55Security flaw in WordPress add-on affects 10,000 sites
Jumamosi, 1. Mwezi wa kumi na moja 2025, 03:51:02CISA warns of exploited Linux kernel vulnerability in ransomware attacks
Ijumaa, 31. Mwezi wa kumi 2025, 06:47:35CISA confirms Linux kernel flaw exploited in ransomware attacks
Jumatano, 22. Mwezi wa kumi 2025, 19:48:41CISA warns of exploited high-severity Windows SMB flaw