#privilege-escalation

[ follow ]
#cybersecurity #vulnerabilities #cloud-security #sudo #microsoft-patch-tuesday
Information security
fromThe Hacker News
3 days ago

Microsoft Fixes 80 Flaws - Including SMB PrivEsc and Azure CVSS 10.0 Bugs

Microsoft patched 80 vulnerabilities, including eight Critical; nearly half were privilege escalation flaws and one SMB elevation (CVE-2025-55234) was publicly known.
fromFuturism
4 days ago

Programmers Using AI Create Way More Glaring Security Issues, Data Shows

Artificial intelligence has notorious problems with accuracy - so maybe it's not surprising that using it as a coding assistant creates more security problems, too. As a security firm called Apiiro found in new research, developers who used AI produce ten times more security problems than their counterparts who don't use the technology. Looking at code from thousands of developers and tens of thousand repositories, Apiiro found that AI-assisted devs were indeed producing three or four times more code - and as the firm's product manager Itay Nussbaum suggested, that breakneck pace seems to be causing the security gaps.
Artificial intelligence
Information security
fromCSO Online
2 weeks ago

Critical Docker Desktop flaw allows container escape

A Docker container escape vulnerability can allow an attacker to create containers, mount host filesystems, and execute code by overwriting system libraries on Windows.
fromTheregister
1 month ago

Microsoft Exchange bug can allow 'total domain compromise'

CVE-2025-53786 is an elevation of privilege bug that Outsider Security's Dirk-jan Mollema reported to Microsoft. It exists because of the way hybrid Exchange deployments, which connect on-premises Exchange servers to Exchange Online, use a shared identity to authenticate users between the two environments.
Privacy professionals
#cybersecurity
fromThe Hacker News
2 months ago
Information security

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

Two critical local privilege escalation vulnerabilities have been discovered in major Linux distributions, allowing unprivileged users to gain root access.
fromThe Hacker News
4 months ago
Information security

Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler

Windows task scheduling service has multiple vulnerabilities allowing local privilege escalation and log erasure.
more#cybersecurity
fromSecuritymagazine
2 months ago

Sudo Vulnerability Discovered, May Exposes Linux Systems

CVE-2025-32462 has received a lower CVSS score due to the conditions that are needed. Namely, successful execution would require someone to make a misconfiguration and deploy a Sudoers file with an incorrect host for this vulnerability to work.
Privacy professionals
Growth hacking
fromThe Hacker News
3 months ago

Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise

A significant privilege escalation flaw in Windows Server 2025 allows attackers to compromise any Active Directory user due to misconfigured delegation settings.
fromThe Hacker News
3 months ago

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3 access.
Information security
[ Load more ]