Topic: privilege escalation
-
Critical JumpCloud Windows Agent Flaw Allows Local Privilege Escalation
A critical security flaw (CVE-2025-34352) in JumpCloud's Remote Assist for Windows agent allows local users to escalate privileges to SYSTEM level or cause denial-of-service attacks by exploiting insecure file handling during uninstallation. The vulnerability stems from the agent's uninstaller pe...
Read More » -
Microsoft Fixes 3 Actively Exploited Zero-Day Vulnerabilities
Microsoft patched three actively exploited zero-day vulnerabilities in its October 2025 Patch Tuesday, including flaws in a pre-installed modem driver, Windows Remote Access Connection Manager, and IGEL OS, requiring immediate updates. The vulnerabilities enable attackers to escalate privileges t...
Read More » -
Urgent CISA Alert: Active Attacks Exploit Critical Linux Sudo Flaw
A critical vulnerability (CVE-2025-32463) in Linux sudo versions 1.9.14 to 1.9.17 allows local attackers to escalate privileges to root using the -R option, even without sudoers file authorization. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known E...
Read More » -
Microsoft Fixes 80+ Flaws, Warns of 6 High-Risk Exploits
Microsoft's March 2026 security update addresses over 80 vulnerabilities, with six high-risk privilege escalation flaws requiring immediate attention due to their high exploit likelihood. Among the most critical is a flaw in the Windows Accessibility Infrastructure (CVE-2026-24291), which allows ...
Read More » -
Critical SolarWinds Serv-U Flaws Grant Root Server Access
SolarWinds has released critical security patches for its Serv-U file transfer software to fix four vulnerabilities that could allow remote code execution and full administrative takeover of servers. All four flaws require the attacker to already have high-privilege access, limiting exploitation ...
Read More » -
Critical Windows Admin Center Flaw Exposed by Microsoft (CVE-2026-26119)
Microsoft has patched a critical privilege-escalation vulnerability (CVE-2026-26119) in Windows Admin Center, which could allow attackers with basic credentials to gain elevated system rights. The flaw, involving improper authentication, is remotely exploitable with low complexity and no user int...
Read More » -
Why Hackers Keep Exploiting the Same Security Gaps
The majority of successful breaches stem from fundamental failures in identity management, third-party access controls, and perimeter device security, with stolen credentials being a primary gateway. Attackers frequently exploit trusted tools and workflows, such as remote management software and ...
Read More » -
SonicWall Zero-Day Exploit Patched (CVE-2025-40602)
SonicWall has released a critical update for a new, actively exploited local privilege escalation flaw (CVE-2025-40602) in its SMA 1000 series appliances, urging immediate patching. This vulnerability is especially dangerous when chained with a previously patched flaw (CVE-2025-23006), allowing a...
Read More » -
CPU Spike Exposed RansomHub Ransomware Attack
An employee inadvertently triggered a ransomware attack by downloading a malicious file disguised as a browser update, initiating automated reconnaissance and credential harvesting. Attackers established persistence and network access through a SOCKS proxy, exploiting Active Directory weaknesses ...
Read More » -
Ransomware Gangs Now Exploiting Critical Linux Flaw
A critical Linux kernel vulnerability (CVE-2024-1086) is now being actively exploited by ransomware gangs, allowing attackers to gain complete control over affected systems. The flaw enables local privilege escalation to root access, permitting attackers to disable security, deploy malware, and s...
Read More » -
Urgent: Patch Windows SMB Flaw Being Actively Exploited
A critical Windows SMB Client vulnerability (CVE-2025-33073) is being actively exploited, allowing attackers to gain SYSTEM-level privileges through a malicious script that compromises SMB connections. Microsoft patched the flaw in June 2025, and CISA has added it to its Known Exploited Vulnerabi...
Read More » -
Urgent Windows SMB Flaw Actively Exploited, CISA Warns
A critical Windows SMB vulnerability (CVE-2025-33073) is being actively exploited, allowing attackers to gain full SYSTEM-level control over unpatched systems. The flaw affects a wide range of Microsoft operating systems, including Windows Server, Windows 10, and Windows 11 up to version 24H2, an...
Read More » -
Chinese Hackers Exploiting VMware Zero-Day Since 2025
A critical privilege escalation vulnerability (CVE-2025-41244) in Broadcom's VMware software has been actively exploited since October 2024, allowing attackers to gain root-level control over affected virtual machines. The exploitation has been attributed to UNC5174, a Chinese state-sponsored thr...
Read More » -
Microsoft's Entra ID Flaws: A Near-Catastrophic Security Risk
Security researcher Dirk-jan Mollema discovered two severe vulnerabilities in Microsoft’s Entra ID that could have allowed attackers to gain global administrator privileges across nearly all Azure customer environments. The flaws enabled an attacker to impersonate any user in any tenant, potentia...
Read More » -
Critical Privilege Escalation Vulnerability Discovered in Azure ML
A security flaw in Azure Machine Learning (AML) allows attackers with basic storage access to escalate privileges, execute malicious code, and potentially compromise entire Azure subscriptions. The vulnerability stems from AML's handling of invoker scripts, which attackers can manipulate to gain ...
Read More » -
Critical Sudo Privilege Escalation Flaws Patched (CVE-2025-32462, CVE-2025-32463)
Linux administrators must urgently patch two new Sudo vulnerabilities (CVE-2025-32462 and CVE-2025-32463), which allow local attackers to escalate privileges and gain root access under specific conditions. CVE-2025-32462 is a low-severity flaw in the host option, while CVE-2025-32463 is a critica...
Read More » -
MonsterRAT: Stealthy Malware Threatens Windows Systems
A sophisticated phishing campaign distributes the previously undocumented MonsterRAT malware, which targets Windows systems and grants attackers full administrative control through a multi-stage infection process. The attack uses phishing emails disguised as business correspondence to deliver the...
Read More » -
Urgent Microsoft Update: Patch Windows 10, 11, Server Now
Microsoft has urgently patched a zero-day vulnerability (CVE-2025-62215) in the Windows Kernel, which is already being actively exploited to gain system-level privileges. The flaw involves improper synchronization in concurrent execution, allowing attackers to escalate privileges after initial ac...
Read More » -
Urgent: Patch Critical Cisco UCCX Vulnerabilities Now
Cisco has patched two critical vulnerabilities (CVE-2025-20358 and CVE-2025-20354) in its Unified Contact Center Express platform, which could allow attackers to bypass authentication and gain root-level control. CVE-2025-20358 enables unauthenticated attackers to manipulate the login process and...
Read More » -
Kerberoasting in 2025: Protect Your Service Accounts Now
Kerberoasting is a persistent attack exploiting Kerberos authentication to escalate privileges and compromise service accounts in Active Directory environments. Attackers use compromised standard user accounts to request encrypted service tickets, which they crack offline to gain control of high-...
Read More » -
Old Windows Flaws Still Leak Your Passwords
Outdated Windows protocols like LLMNR and NBT-NS pose a security threat by allowing credential theft through inherent design flaws, not software vulnerabilities, as they automatically trust any responding device on the network. Attackers can use tools like Responder to intercept authentication da...
Read More » -
Azure AD Credentials Leaked in Public App Settings
A critical vulnerability in Azure Active Directory was discovered, where credentials were exposed in public configuration files, allowing potential exploitation. Attackers could use these credentials to impersonate trusted applications, gaining unauthorized access to sensitive data and systems wi...
Read More » -
NSA-Reported VMware Flaws Patched by Broadcom
Broadcom has released critical patches for two VMware NSX vulnerabilities (CVE-2025-41251 and CVE-2025-41252) that allow unauthenticated attackers to enumerate valid usernames, posing risks of unauthorized access. Additional high-severity flaws were addressed in VMware vCenter (CVE-2025-41250) an...
Read More » -
Cisco Patches 48 Firewall Flaws, Warns of Active SD-WAN Attacks
Cisco has issued critical patches for two actively exploited vulnerabilities in its Catalyst SD-WAN Manager, which could allow attackers to gain elevated system privileges. The company also fixed 48 flaws in its firewall products, including two maximum-severity issues: an authentication bypass an...
Read More » -
Microsoft Fixes 59 Flaws, 6 Already Under Attack
Microsoft has patched 59 vulnerabilities, with six actively exploited flaws requiring urgent updates to prevent breaches. The exploited vulnerabilities include security bypasses and privilege escalations, which can allow attackers to disable security tools or compromise networks. Microsoft is als...
Read More » -
SonicWall SMA1000 Zero-Day Exploited in Active Attacks
SonicWall has issued an urgent alert for SMA1000 appliance users to apply a critical update, as active attacks exploit a new medium-severity local privilege escalation flaw (CVE-2025-40602) chained with a previously patched critical bug to achieve remote code execution with root privileges. The v...
Read More » -
Microsoft Patches 56 Flaws, Including Two Zero-Days Under Active Attack
Microsoft's final 2025 security update patches 56 vulnerabilities, including three critical flaws, with two already being actively exploited. The most urgent fix is for CVE-2025-62221, a privilege escalation flaw in Windows that is under active attack and requires prompt patching. Other significa...
Read More » -
CISA Urges Immediate VMware Patch for Chinese Hacker Exploit
CISA has issued an urgent directive for U.S. government agencies to patch a critical VMware vulnerability (CVE-2025-41244) that allows privilege escalation to root level, requiring action within three weeks. The vulnerability is actively exploited by UNC5174, a Chinese state-sponsored group, whic...
Read More » -
Securing Identity in the Age of AI Agents
Traditional security frameworks are inadequate for governing autonomous AI agents, which operate outside conventional perimeters and make independent decisions across multiple platforms. Key risks include shadow agents that bypass formal procedures, privilege escalation enabling unauthorized admi...
Read More » -
Urgent Windows Update: 2-Week Security Deadline
Microsoft has released urgent security updates addressing two actively exploited zero-day vulnerabilities, with federal agencies mandated to patch within two weeks to prevent system compromise. CVE-2025-59230 is a local privilege escalation flaw in Windows Remote Access Connection Manager, while ...
Read More » -
Moxa Devices Expose Hard-Coded Credentials (CVE-2025-6950)
Moxa has urgently patched five critical vulnerabilities in its industrial network devices, including a severe flaw (CVE-2025-6950) that allows remote attackers to take full control without authentication. The vulnerabilities include authentication bypasses and privilege escalations, enabling unau...
Read More » -
Crimson Collective Hackers Breach AWS for Data Theft
The Crimson Collective is a hacking group infiltrating AWS infrastructures to steal sensitive data and extort organizations, as seen in a breach at Red GitLab repositories. Attackers compromise AWS using exposed credentials and tools like TruffleHog, then escalate privileges to gain administrativ...
Read More » -
Microsoft Entra ID Flaw Let Attackers Hijack Company Tenants
A critical vulnerability (CVE-2025-55241) in Microsoft's Entra ID could have allowed attackers to gain full control over an organization's tenant by exploiting unsigned "actor tokens" and a weakness in the Azure AD Graph API. The flaw enabled attackers to impersonate any user, escalate privileges...
Read More » -
Microsoft, Adobe, SAP Issue Critical September 2025 Patch Tuesday Updates
The September 2025 Patch Tuesday included critical security updates from Microsoft, Adobe, and SAP, addressing numerous vulnerabilities not currently under active exploitation. Microsoft patched over 80 flaws, including a privilege escalation issue in Windows NTLM and a high-risk remote code exec...
Read More » -
Microsoft Exchange Vulnerability Threatens Hybrid Cloud Security
A critical Microsoft Exchange vulnerability (CVE-2025-53786, CVSS 8.0) threatens hybrid cloud environments, enabling privilege escalation across on-premises and cloud systems with minimal detection. Microsoft urges immediate action, including applying April 2025 updates and reconfiguring authenti...
Read More » -
Microsoft Warns Admins: Patch Critical Exchange Flaw (CVE-2025-53786)
Microsoft warns of a critical Exchange Server vulnerability (CVE-2025-53786) allowing privilege escalation in hybrid cloud environments due to a shared authentication mechanism. Mitigation steps include installing updates, deploying a dedicated hybrid app, and resetting credentials, with Microsof...
Read More » -
Triofox Hack: Critical File-Sharing Flaw Exploited
A critical security vulnerability (CVE-2025-12480) in Gladinet's Triofox platform allows attackers to execute malicious code by exploiting improper access control and manipulating the antivirus feature, affecting versions prior to 16.7.10368.56560. The exploitation campaign, tracked as UNC6485, b...
Read More » -
Survive a Ransomware Attack on Active Directory: An Executive Guide
Active Directory is critical for enterprise identity management, and rushing recovery after a ransomware attack can worsen damage by reintroducing malware or compromised settings. Attackers typically use legitimate credentials to infiltrate, then escalate privileges by exploiting weaknesses like ...
Read More » -
Cisco Flaw (CVE-2026-20045) Actively Exploited for RCE Attacks
A critical code injection vulnerability (CVE-2026-20045) in Cisco's unified communications products is being actively exploited, allowing attackers to execute malicious code and gain full system control. The flaw impacts several core enterprise collaboration platforms, including Cisco Unified Com...
Read More » -
Stop Malicious PowerShell with New ExtraHop Security Tools
ExtraHop has introduced new security enhancements to detect and neutralize malicious PowerShell activity, which attackers use to operate stealthily within networks by blending in with normal administrative tasks. The platform integrates detection mechanisms that identify specific malicious behavi...
Read More » -
DDR5 Memory Vulnerable to Rowhammer Attack
A team from ETH Zurich and Google has executed a practical Rowhammer attack on DDR5 memory, bypassing built-in protections in SK Hynix devices and assigned CVE-2025-6202. The attack, named Phoenix, reverse-engineers DDR5's Target Row Refresh protocols to induce consistent bit flips, enabling priv...
Read More » -
SolarWinds Serv-U Exposes Critical RCE Vulnerabilities
SolarWinds has released critical patches for its Serv-U file transfer software to address four severe vulnerabilities that could allow attackers to gain full system control, requiring immediate updates. The vulnerabilities, which include broken access control and type confusion bugs, enable remot...
Read More » -
Urgent Patch for Critical Cisco SD-WAN Zero-Day Flaw
A critical, actively exploited zero-day vulnerability (CVE-2026-20127) in Cisco SD-WAN products has prompted an urgent joint alert from international cybersecurity agencies, demanding immediate patching. The flaw allows an unauthenticated attacker to bypass security and gain full administrative c...
Read More » -
Cisco Patches Critical Zero-Day Flaw in AsyncOS (CVE-2025-20393)
Cisco has patched a critical zero-day vulnerability (CVE-2025-20393) in its Email Security and Web Manager appliances, which was actively exploited by suspected state-sponsored actors. The flaw allowed unauthenticated attackers to execute root-level commands via a flaw in the Spam Quarantine feat...
Read More » -
Critical Fortinet Flaw Actively Exploited by Hackers
A critical, unauthenticated command injection vulnerability (CVE-2025-64155) in FortiSIEM versions 6.7 to 7.5 allows attackers to gain full system control. Active exploitation of this flaw is confirmed, and immediate patching to specified fixed versions or restricting access to TCP port 7900 is u...
Read More » -
Critical FortiSIEM Flaw Patched: Remote Code Execution Risk
A critical, unauthenticated OS command injection vulnerability (CVE-2025-64155) in Fortinet's FortiSIEM platform allows remote attackers to execute arbitrary code and take full control of systems. The flaw, found in the phMonitor service, involves a two-stage attack: unauthenticated argument inje...
Read More » -
DeadLock Ransomware Evades Security with BYOVD Attack
The DeadLock ransomware campaign uses a BYOVD technique, exploiting a known vulnerability (CVE-2024-51324) in a Baidu Antivirus driver to disable security software and delete recovery options before deploying its payload. The ransomware itself, written in C++, uses process hollowing and a custom ...
Read More » -
US Agencies Still Vulnerable to Critical Cisco Flaws
CISA issued an emergency directive for U.S. federal agencies to patch two actively exploited Cisco vulnerabilities (CVE-2025-20333 and CVE-2025-20362), as many devices were incorrectly reported as secure. These vulnerabilities enable remote code execution and privilege escalation, and are linked ...
Read More » -
Capita Hit With £14m Fine Over 6.6 Million Data Breach
Capita has been fined £14 million by the UK's Information Commissioner's Office for a data breach that exposed the personal information of approximately 6.6 million individuals, with the penalty reduced from an initial £45 million due to the company's cooperation and security improvements. The br...
Read More » -
New 'Obscura' Ransomware Emerges as Stealthy Threat
A new ransomware called "Obscura," discovered in late August 2025, uses domain infrastructure to stealthily spread across corporate networks by placing itself in the NETLOGON share for automatic replication. Upon execution, it disables recovery mechanisms like Volume Shadow Copies, terminates ove...
Read More »