Topic: privilege escalation
-
Critical Privilege Escalation Vulnerability Discovered in Azure ML
A security flaw in Azure Machine Learning (AML) allows attackers with basic storage access to escalate privileges, execute malicious code, and potentially compromise entire Azure subscriptions. The vulnerability stems from AML's handling of invoker scripts, which attackers can manipulate to gain ...
Read More » -
Critical Sudo Privilege Escalation Flaws Patched (CVE-2025-32462, CVE-2025-32463)
Linux administrators must urgently patch two new Sudo vulnerabilities (CVE-2025-32462 and CVE-2025-32463), which allow local attackers to escalate privileges and gain root access under specific conditions. CVE-2025-32462 is a low-severity flaw in the host option, while CVE-2025-32463 is a critica...
Read More » -
Microsoft Exchange Vulnerability Threatens Hybrid Cloud Security
A critical Microsoft Exchange vulnerability (CVE-2025-53786, CVSS 8.0) threatens hybrid cloud environments, enabling privilege escalation across on-premises and cloud systems with minimal detection. Microsoft urges immediate action, including applying April 2025 updates and reconfiguring authenti...
Read More » -
Microsoft Warns Admins: Patch Critical Exchange Flaw (CVE-2025-53786)
Microsoft warns of a critical Exchange Server vulnerability (CVE-2025-53786) allowing privilege escalation in hybrid cloud environments due to a shared authentication mechanism. Mitigation steps include installing updates, deploying a dedicated hybrid app, and resetting credentials, with Microsof...
Read More » -
Zoom Fixes Critical Windows Security Flaw - Update Now
Zoom issued an urgent security update for its Windows app due to a critical vulnerability (CVE-2025-49457, severity 9.6/10) that could let hackers fully control affected systems. The flaw arises from Zoom’s improper handling of DLLs, allowing attackers to plant malicious files and execute harmful...
Read More » -
29,000 Unpatched Servers Still Vulnerable to Microsoft Exchange Flaw
Over 29,000 Microsoft Exchange servers remain vulnerable to CVE-2025-53786, a critical flaw allowing attackers to escalate access in hybrid cloud setups, with the highest concentrations in the U.S., Germany, and Russia. The exploit enables attackers with local admin privileges to bypass secur...
Read More » -
Critical Docker Desktop Flaw Exposes Windows Hosts to Hijacking
A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS allows attackers to compromise the host system by executing malicious containers, bypassing the Enhanced Container Isolation feature. The flaw enables unauthorized access to host files and services via the Docker Eng...
Read More » -
8 Ransomware Groups Now Using This EDR-Bypassing Tool
A new advanced tool is being used by multiple ransomware groups to bypass endpoint security by exploiting vulnerable drivers and disabling critical defenses before launching attacks. The tool employs heavy obfuscation and BYOVD attacks to target security products from major vendors, allowing rans...
Read More » -
ManageEngine Boosts Identity Threat Protection
ManageEngine's AD360 platform has introduced new risk exposure management and multi-factor authentication (MFA) features to address critical vulnerabilities like privilege escalation and unsecured local accounts. Credential abuse remains a top attack vector, with 22% of breaches linked to poorly ...
Read More » -
Is Your Security Ready for Self-Thinking AI?
Autonomous AI systems are transforming cybersecurity by introducing adaptive, human-like behaviors that challenge traditional identity and access management frameworks. Agentic AI creates new vulnerabilities, such as privilege escalation and authentication bypass, requiring proactive strategies l...
Read More » -
CISA Warns of Critical Git Flaw Under Active Exploitation
CISA has issued an urgent warning about a critical vulnerability in Git (CVE-2025-48384) that allows arbitrary code execution and requires federal agencies to patch by September 15th. The flaw arises from improper handling of carriage return characters in configuration files, which attackers can ...
Read More » -
Active Exploits Target MSP RMM Vulnerabilities (CVE-2025-8875, CVE-2025-8876)
Critical security flaws (CVE-2025-8875 and CVE-2025-8876) in N-central's remote monitoring platform are being actively exploited, risking MSPs and their clients. The vulnerabilities, involving insecure deserialization and command injection, could grant attackers broad network access if exploited,...
Read More »
