#privilege-escalation

[ follow ]
fromTheregister
15 hours ago

Microsoft Exchange bug can allow 'total domain compromise'

CVE-2025-53786 is an elevation of privilege bug that Outsider Security's Dirk-jan Mollema reported to Microsoft. It exists because of the way hybrid Exchange deployments, which connect on-premises Exchange servers to Exchange Online, use a shared identity to authenticate users between the two environments.
Privacy professionals
#cybersecurity
fromThe Hacker News
1 month ago
Information security

New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions

Two critical local privilege escalation vulnerabilities have been discovered in major Linux distributions, allowing unprivileged users to gain root access.
fromThe Hacker News
3 months ago
Information security

Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler

Windows task scheduling service has multiple vulnerabilities allowing local privilege escalation and log erasure.
more#cybersecurity
fromSecuritymagazine
4 weeks ago

Sudo Vulnerability Discovered, May Exposes Linux Systems

CVE-2025-32462 has received a lower CVSS score due to the conditions that are needed. Namely, successful execution would require someone to make a misconfiguration and deploy a Sudoers file with an incorrect host for this vulnerability to work.
Privacy professionals
Growth hacking
fromThe Hacker News
2 months ago

Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise

A significant privilege escalation flaw in Windows Server 2025 allows attackers to compromise any Active Directory user due to misconfigured delegation settings.
fromThe Hacker News
2 months ago

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

These roles, often created automatically or recommended during setup, grant overly broad permissions, such as full S3 access.
Information security
fromThe Hacker News
3 months ago

GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages

A patched vulnerability in Google Cloud Platform allowed privilege escalation in the Cloud Composer service.
[ Load more ]