flaw

  • Blog
    digitpatrox1 day ago
    15

    New Linux udisks flaw lets attackers get root on major Linux distros

    Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions. The first flaw (tracked as CVE-2025-6018) was found in the configuration of the Pluggable Authentication Modules (PAM) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15, allowing local attackers to gain the privileges of the “allow_active” user. The…

    Read More »
  • Blog
    digitpatrox5 days ago
    32

    Discord flaw lets hackers reuse expired invites in malware campaign

    Hackers are hijacking expired or deleted Discord invite links to redirect users to malicious sites that deliver remote access trojans and information-stealing malware. The campaign relies on a flaw in the Discord invitation system to leverage multi-stage infections that evade multiple antivirus engines. “Reviving” expired Discord invites Discord invite links are URLs that allow someone to join a specific Discord server. They…

    Read More »
  • Blog
    digitpatrox1 week ago
    32

    New Secure Boot flaw lets attackers install bootkit malware, patch now

    Security researchers have disclosed a new Secure Boot bypass tracked as CVE-2025-3052 that can be used to turn off security on PCs and servers and install bootkit malware. The flaw affects nearly every system that trusts Microsoft’s “UEFI CA 2011” certificate, which is pretty much all hardware that supports Secure Boot. Binarly researcher Alex Matrosov discovered the CVE-2025-3052 flaw after finding…

    Read More »
  • Blog
    digitpatrox1 week ago
    37

    Over 84,000 Roundcube instances vulnerable to actively exploited flaw

    Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) flaw with a public exploit. The flaw, which impacts Roundcube versions 1.1.0 through 1.6.10, spanning over a decade, was patched on June 1, 2025, following its discovery and reporting by security researcher Kirill Firsov. The bug stems from unsanitized $_GET[‘_from’] input, enabling PHP object deserialization…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    84

    New Mirai botnet infect TBK DVR devices via command injection flaw

    A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. The flaw, tracked under CVE-2024-3721, is a command injection vulnerability disclosed by security researcher “netsecfish” in April 2024. The proof-of-concept (PoC) the researcher published at the time came in the form of a specially…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    35

    Cisco patches critical flaw affecting Identity Services Engine

    Cisco has issued patches for three vulnerabilities affecting its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) services. The three flaws, tracked as CVE-2025-20286, CVE-2025-20130, and CVE-2025-20129, included critical vulnerability with a rating of 9.9/10 which also included a public proof of concept exploit. Highest on the list priorities for customers was CVE-2025-20286, which was detailed as a ‘static…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    47

    Last week’s 7-hour outage caused by software flaw

    American cybersecurity company SentinelOne revealed over the weekend that a software flaw triggered a seven-hour-long outage on Thursday. This massive outage affected multiple customer-facing services in what SentinelOne described as a “global service disruption.” SentinelOne acknowledged the outage in a post published Thursday, reassuring customers that their systems were still protected. “Customer endpoints are still protected at this time, but…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    38

    Exploit details for max severity Cisco IOS XE flaw now public

    Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. The write-up by Horizon3 researchers does not contain a ‘ready-to-run’ proof of concept RCE exploit script, but it does provide enough information for a skilled attacker or even an LLM to fill…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    47

    Hackers are exploiting critical flaw in vBulletin forum software

    Two critical vulnerabilities affecting the open-source forum software vBulletin have been discovered, with one confirmed to be actively exploited in the wild. The flaws, tracked under CVE-2025-48827 and CVE-2025-48828, and rated critical (CVSS v3 score: 10.0 and 9.0 respectively), are an API method invocation and a remote code execution (RCE) via template engine abuse flaws. They impact vBulletin versions 5.0.0…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    40

    A flaw in OneDrive’s File Picker feature could give access to hundreds of apps

    A newly-discovered security flaw in OneDrive’s File Picker feature could expose users’ entire OneDrive content to third-party web applications such as ChatGPT. The vulnerability, discovered by Oasis Security, allows websites to access a user’s entire OneDrive content, rather than just the specific files selected for upload via the File Picker feature. Researchers said they believe that hundreds of apps are…

    Read More »
Load More
Back to top button
close