Tag: linux

New VanHelsing Ransomware-as-a-Service Hits Windows, Linux, BSD, ARM and ESXi

Nov 11, 2025 11:20 AM

Tags: attack, cyber, cybercrime, infrastructure, linux, ransomware, service, threat, windows

A sophisticated new ransomware operation dubbed VanHelsing has emerged as a rapidly expanding threat in the cybercriminal landscape. First observed on March 7, 2025, this operation functions as a Ransomware-as-a-Service (RaaS) platform, licensing its destructive capabilities to affiliated threat actors and demonstrating alarming speed in scaling attacks across diverse infrastructure platforms. VanHelsing operates under a…
Runtime bugs break container walls, enabling root on Docker hosts

Nov 10, 2025 1:19 PM

Tags: access, attack, container, cve, detection, docker, exploit, flaw, linux, monitoring, vulnerability

Console and Write-Gadget Lurkers: CVE-2025-52565 & CVE-2025-52881: The second vulnerability, tracked as CVE-2025-52565, targets “/dev/console” bind-mount handling. An attacker can replace the target path with a symlink, which will cause runc to bind-mount the wrong target, allowing the attacker to gain write access to procfs paths.”As with CVE-2025-31133, this happens after pivot_root(2) and so cannot…
Runtime bugs break container walls, enabling root on Docker hosts

Nov 10, 2025 1:19 PM

Tags: access, attack, container, cve, detection, docker, exploit, flaw, linux, monitoring, vulnerability

Console and Write-Gadget Lurkers: CVE-2025-52565 & CVE-2025-52881: The second vulnerability, tracked as CVE-2025-52565, targets “/dev/console” bind-mount handling. An attacker can replace the target path with a symlink, which will cause runc to bind-mount the wrong target, allowing the attacker to gain write access to procfs paths.”As with CVE-2025-31133, this happens after pivot_root(2) and so cannot…
Runtime bugs break container walls, enabling root on Docker hosts

Nov 10, 2025 1:19 PM

Tags: access, attack, container, cve, detection, docker, exploit, flaw, linux, monitoring, vulnerability

Console and Write-Gadget Lurkers: CVE-2025-52565 & CVE-2025-52881: The second vulnerability, tracked as CVE-2025-52565, targets “/dev/console” bind-mount handling. An attacker can replace the target path with a symlink, which will cause runc to bind-mount the wrong target, allowing the attacker to gain write access to procfs paths.”As with CVE-2025-31133, this happens after pivot_root(2) and so cannot…
New Microsoft Teams Feature Exposes Users to Phishing and Malware Risks

Nov 8, 2025 6:19 AM

Tags: android, cyber, email, linux, malware, microsoft, phishing, risk, update

Microsoft is poised to roll out a significant update to Teams, enabling users to initiate chats with anyone using just an email address”, even if the recipient isn’t a Teams user. While the feature, launching in targeted releases by early November 2025 and globally by January 2026, promises expanded connectivity across Android, desktop, iOS, Linux,…
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework

Nov 7, 2025 8:20 PM

Tags: access, ai, android, antivirus, api, apple, attack, authentication, business, cio, cisa, ciso, cloud, communications, container, control, credentials, cryptography, cve, cyber, cybercrime, cybersecurity, data, defense, detection, docker, endpoint, exploit, firewall, flaw, framework, google, governance, group, guide, hacker, identity, infrastructure, injection, Internet, kubernetes, leak, least-privilege, linux, malicious, malware, mfa, microsoft, mitigation, mitre, mobile, network, offense, oracle, programming, resilience, risk, risk-management, service, skills, soc, social-engineering, software, sophos, spam, strategy, supply-chain, switch, tactics, technology, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE’s major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks. Key takeaways Google is forecasting that AI will kick…
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework

Nov 7, 2025 8:20 PM

Tags: access, ai, android, antivirus, api, apple, attack, authentication, business, cio, cisa, ciso, cloud, communications, container, control, credentials, cryptography, cve, cyber, cybercrime, cybersecurity, data, defense, detection, docker, endpoint, exploit, firewall, flaw, framework, google, governance, group, guide, hacker, identity, infrastructure, injection, Internet, kubernetes, leak, least-privilege, linux, malicious, malware, mfa, microsoft, mitigation, mitre, mobile, network, offense, oracle, programming, resilience, risk, risk-management, service, skills, soc, social-engineering, software, sophos, spam, strategy, supply-chain, switch, tactics, technology, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE’s major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks. Key takeaways Google is forecasting that AI will kick…
Amazon WorkSpaces Linux Bug Lets Attackers Steal Credentials

Nov 7, 2025 8:20 PM

Tags: authentication, credentials, flaw, linux

A flaw in Amazon WorkSpaces for Linux lets attackers steal authentication tokens. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/amazon-workspaces-linux-vulnerability/
Amazon WorkSpaces Linux Bug Lets Attackers Steal Credentials

Nov 7, 2025 8:20 PM

Tags: authentication, credentials, flaw, linux

A flaw in Amazon WorkSpaces for Linux lets attackers steal authentication tokens. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/amazon-workspaces-linux-vulnerability/
Critical CVE-2025-12779 Vulnerability Exposes Amazon WorkSpaces for Linux Users to Token Theft

Nov 7, 2025 3:19 PM

Tags: access, authentication, cve, flaw, linux, theft, unauthorized, vulnerability

A newly disclosed security flaw in the Amazon WorkSpaces client for Linux has raised serious concerns across organizations relying on AWS virtual desktop infrastructure. The vulnerability, identified as CVE-2025-12779, enables local attackers to extract valid authentication tokens and gain unauthorized access to other users’ WorkSpace sessions. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/amazon-workspaces-cve-2025-12779/
Critical CVE-2025-12779 Vulnerability Exposes Amazon WorkSpaces for Linux Users to Token Theft

Nov 7, 2025 3:19 PM

Tags: access, authentication, cve, flaw, linux, theft, unauthorized, vulnerability

A newly disclosed security flaw in the Amazon WorkSpaces client for Linux has raised serious concerns across organizations relying on AWS virtual desktop infrastructure. The vulnerability, identified as CVE-2025-12779, enables local attackers to extract valid authentication tokens and gain unauthorized access to other users’ WorkSpace sessions. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/amazon-workspaces-cve-2025-12779/
Critical CVE-2025-12779 Vulnerability Exposes Amazon WorkSpaces for Linux Users to Token Theft

Nov 7, 2025 3:19 PM

Tags: access, authentication, cve, flaw, linux, theft, unauthorized, vulnerability

A newly disclosed security flaw in the Amazon WorkSpaces client for Linux has raised serious concerns across organizations relying on AWS virtual desktop infrastructure. The vulnerability, identified as CVE-2025-12779, enables local attackers to extract valid authentication tokens and gain unauthorized access to other users’ WorkSpace sessions. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/amazon-workspaces-cve-2025-12779/
Amazon WorkSpaces for Linux Vulnerability Exposes Valid Auth Tokens to Attackers

Nov 7, 2025 7:19 AM

Tags: access, authentication, cve, cyber, flaw, linux, service, unauthorized, vulnerability

A recently disclosed vulnerability in the Amazon WorkSpaces client for Linux exposes a critical security flaw that could allow attackers to gain unauthorized access to user environments due to improper handling of authentication tokens. The issue, tracked as CVE-2025-12779, has prompted urgent action from Amazon Web Services (AWS) and serves as an essential reminder for…
Amazon WorkSpaces for Linux Vulnerability Exposes Valid Auth Tokens to Attackers

Nov 7, 2025 7:19 AM

Tags: access, authentication, cve, cyber, flaw, linux, service, unauthorized, vulnerability

A recently disclosed vulnerability in the Amazon WorkSpaces client for Linux exposes a critical security flaw that could allow attackers to gain unauthorized access to user environments due to improper handling of authentication tokens. The issue, tracked as CVE-2025-12779, has prompted urgent action from Amazon Web Services (AWS) and serves as an essential reminder for…
Google Issues Emergency Chrome 142 Update to Fix Multiple High-Risk Vulnerabilities

Nov 6, 2025 4:19 PM

Tags: android, browser, chrome, control, google, linux, macOS, remote-code-execution, risk, update, vulnerability, windows

Google has rolled out an emergency update for its Chrome browser, version 142, to address a series of serious remote code execution (RCE) vulnerabilities that could allow attackers to take control of affected systems. The update, released on November 5, 2025, is being distributed gradually across desktop platforms, Windows, macOS, and Linux, as well as…
Google Issues Emergency Chrome 142 Update to Fix Multiple High-Risk Vulnerabilities

Nov 6, 2025 4:19 PM

Tags: android, browser, chrome, control, google, linux, macOS, remote-code-execution, risk, update, vulnerability, windows

Google has rolled out an emergency update for its Chrome browser, version 142, to address a series of serious remote code execution (RCE) vulnerabilities that could allow attackers to take control of affected systems. The update, released on November 5, 2025, is being distributed gradually across desktop platforms, Windows, macOS, and Linux, as well as…
Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

Nov 6, 2025 12:19 PM

Tags: access, edr, exploit, group, linux, malware, russia, threat, tool, windows

Curly COMrades threat actors exploit Windows Hyper-V to hide Linux VMs, evade EDR tools, and deploy custom malware undetected. Bitdefender researchers, aided by Georgia’s CERT, uncovered that Curly COMrades, a group linked to Russian interests, abused Windows Hyper-V to gain covert, long-term access to victims. Threat actors created hidden Alpine Linux VMs (120MB/256MB) hosting custom…
Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection

Nov 6, 2025 9:19 AM

Tags: detection, edr, exploit, hacker, linux, threat, windows

The threat actor known as Curly COMrades has been observed exploiting virtualization technologies as a way to bypass security solutions and execute custom malware.According to a new report from Bitdefender, the adversary is said to have enabled the Hyper-V role on selected victim systems to deploy a minimalistic, Alpine Linux-based virtual machine.”This hidden environment, with…
Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM

Nov 6, 2025 5:19 AM

Tags: apt, backdoor, edr, linux

The post Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/curly-comrades-apt-bypasses-edr-by-hiding-linux-backdoor-inside-covert-hyper-v-vm/
Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM

Nov 6, 2025 5:19 AM

Tags: apt, backdoor, edr, linux

The post Curly COMrades APT Bypasses EDR by Hiding Linux Backdoor Inside Covert Hyper-V VM appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/curly-comrades-apt-bypasses-edr-by-hiding-linux-backdoor-inside-covert-hyper-v-vm/
Critical React Native NPM Vulnerability Exposes Developer Systems to Remote Attacks

Nov 5, 2025 5:19 PM

Tags: attack, cve, flaw, linux, macOS, open-source, remote-code-execution, vulnerability, windows

A severe vulnerability was discovered in the React Native Community CLI, a popular open-source package downloaded nearly two million times every week by developers building cross-platform applications. Tracked as CVE-2025-11953, this flaw allows unauthenticated remote code execution across Windows, macOS, and Linux systems. In practical terms, attackers can execute arbitrary commands on a developer’s machine…
Jupyter Misconfiguration Exposes Systems to Root Privilege Escalation

Nov 5, 2025 10:20 AM

Tags: access, cyber, flaw, linux, penetration-testing, vulnerability

Security researchers have uncovered a vulnerability in commonly misconfigured Jupyter notebook servers that allows attackers to gain root-level access on Linux systems. The flaw doesn’t stem from a bug in Jupyter itself, but rather from dangerous configuration choices that leave systems wide open to privilege escalation attacks. During a recent penetration test, a security professional…
10 promising cybersecurity startups CISOs should know about

Nov 5, 2025 9:19 AM

Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, container, control, cybersecurity, data, deep-fake, defense, detection, endpoint, exploit, finance, gartner, google, governance, government, grc, ibm, identity, linux, malicious, microsoft, military, monitoring, network, open-source, ransomware, RedTeam, risk, saas, software, startup, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-trust

2. Chainguard: Category: Software supply chain securityWhy they’re here: Founded in 2021 by Dan Lorenc (formerly at Microsoft and Google), Chainguard offers a Linux-based platform for securely building applications. The company has raised more than $600M and is valued at $3.5B. In fiscal year 2025, Chainguard reached a $40M annual run rate and by the…
10 promising cybersecurity startups CISOs should know about

Nov 5, 2025 9:19 AM

Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, container, control, cybersecurity, data, deep-fake, defense, detection, endpoint, exploit, finance, gartner, google, governance, government, grc, ibm, identity, linux, malicious, microsoft, military, monitoring, network, open-source, ransomware, RedTeam, risk, saas, software, startup, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-trust

2. Chainguard: Category: Software supply chain securityWhy they’re here: Founded in 2021 by Dan Lorenc (formerly at Microsoft and Google), Chainguard offers a Linux-based platform for securely building applications. The company has raised more than $600M and is valued at $3.5B. In fiscal year 2025, Chainguard reached a $40M annual run rate and by the…
10 promising cybersecurity startups CISOs should know about

Nov 5, 2025 9:19 AM

Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, container, control, cybersecurity, data, deep-fake, defense, detection, endpoint, exploit, finance, gartner, google, governance, government, grc, ibm, identity, linux, malicious, microsoft, military, monitoring, network, open-source, ransomware, RedTeam, risk, saas, software, startup, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-trust

2. Chainguard: Category: Software supply chain securityWhy they’re here: Founded in 2021 by Dan Lorenc (formerly at Microsoft and Google), Chainguard offers a Linux-based platform for securely building applications. The company has raised more than $600M and is valued at $3.5B. In fiscal year 2025, Chainguard reached a $40M annual run rate and by the…
Pro-Russian Hackers Use Linux VMs to Hide in Windows

Nov 4, 2025 11:19 PM

Tags: hacker, linux, russia, threat, windows

A threat actor known as Curly COMrades is using Linux VMs to remain undetected in Windows environments while conducting Russia-aligned activities. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/pro-russian-hackers-linux-vms-hide-windows
Russian hackers abuse Hyper-V to hide malware in Linux VMs

Nov 4, 2025 3:19 PM

Tags: detection, endpoint, group, hacker, linux, malware, microsoft, russia, technology, windows

The Russian hacker group Curly COMrades has been abusing Microsoft’s Hyper-V virtualization technology in Windows to bypass endpoint detection and response solutions by creating a hidden Alpine Linux-based virtual machine. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/russian-hackers-abuse-hyper-v-to-hide-malware-in-linux-vms/
NDSS 2025 VulShield: Protecting Vulnerable Code Before Deploying Patches

Nov 3, 2025 11:19 PM

Tags: attack, conference, data-breach, exploit, linux, network, software, threat, update, vulnerability

SESSION Session 1D: System-Level Security Authors, Creators & Presenters: Yuan Li (Zhongguancun Laboratory & Tsinghua University), Chao Zhang (Tsinghua University & JCSS & Zhongguancun Laboratory), Jinhao Zhu (UC Berkeley), Penghui Li (Zhongguancun Laboratory), Chenyang Li (Peking University), Songtao Yang (Zhongguancun Laboratory), Wende Tan (Tsinghua University) PAPER VulShield: Protecting Vulnerable Code Before Deploying Patches Despite the…
NDSS 2025 Statically Discover Cross-Entry Use-After-Free Vulnerabilities In The Linux Kernel

Nov 3, 2025 7:20 PM

Tags: conference, control, data, detection, framework, linux, network, tool, vulnerability

SESSION Session 1D: System-Level Security Authors, Creators & Presenters: Hang Zhang (Indiana University Bloomington), Jangha Kim (The Affiliated Institute of ETRI, ROK), Chuhong Yuan (Georgia Institute of Technology), Zhiyun Qian (University of California, Riverside), Taesoo Kim (Georgia Institute of Technology) PAPER Statically Discover Cross-Entry Use-After-Free Vulnerabilities in the Linux Kernel Use-After-Free (UAF) is one of…
NDSS 2025 Statically Discover Cross-Entry Use-After-Free Vulnerabilities In The Linux Kernel

Nov 3, 2025 7:20 PM

Tags: conference, control, data, detection, framework, linux, network, tool, vulnerability

SESSION Session 1D: System-Level Security Authors, Creators & Presenters: Hang Zhang (Indiana University Bloomington), Jangha Kim (The Affiliated Institute of ETRI, ROK), Chuhong Yuan (Georgia Institute of Technology), Zhiyun Qian (University of California, Riverside), Taesoo Kim (Georgia Institute of Technology) PAPER Statically Discover Cross-Entry Use-After-Free Vulnerabilities in the Linux Kernel Use-After-Free (UAF) is one of…