Collecting Cyber-News from over 60 sources

Tag: linux

Unity Warns Developers of Security Vulnerability Affecting Games on Android, Windows, and Linux Platforms

Oct 6, 2025 11:35 AM

Tags: android, linux, macOS, software, vulnerability, windows

A recently disclosed security vulnerability in Unity has prompted security updates and, in some cases, game removals across platforms like Steam. The issue affects Unity versions 2017.1 and later, spanning a wide range of games and applications released over the last several years. According to Unity, this Unity vulnerability impacts software built for Android, Windows, macOS,…
PoC Published for Sudo Flaw Lets Attackers Escalate to Root

Oct 6, 2025 7:34 AM

Tags: access, cve, cyber, cybersecurity, exploit, flaw, linux, vulnerability

A proof-of-concept exploit has been released for CVE-2025-32463, a critical local privilege escalation vulnerability affecting the Sudo binary that allows attackers to gain root access on Linux systems. The flaw was discovered by security researcher Rich Mirch and has garnered significant attention from the cybersecurity community. Critical Vulnerability in Sudo Binary CVE-2025-32463 represents a serious…
Red Hat Investigates Widespread Breach of Private GitLab Repositories

Oct 2, 2025 6:41 PM

Tags: breach, gitlab, linux, software, threat

A threat actor claimed 28,000 private repositories had been compromised, and the Linux software maker said it had initiated necessary remediation steps. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/red-hat-widespread-breaches-private-gitlab-repositories
Chrome Security Update Addressing 21 Vulnerabilities

Oct 2, 2025 8:41 AM

Tags: browser, chrome, cyber, linux, update, vulnerability, windows

The Chrome team has releasedChrome 141.0.7390.54/55to the stable channel for Windows, Mac, and Linux, rolling out over the coming days and weeks. This update delivers critical security fixes, including 21 distinct vulnerabilities that span high, medium, and low severity. External researchers contributed to several of these fixes, earning rewards up to $25,000. Users are strongly…
IBM killing mainframe coding kit for PCs this year

Oct 2, 2025 5:41 AM

Tags: cloud, ibm, linux

Linux-based System z emulator will go away on Dec. 31, replaced by cloud-based solution from ISVs First seen on theregister.com Jump to article: www.theregister.com/2025/09/30/ibm_system_z_dead/
CISA warns of critical Linux Sudo flaw exploited in attacks

Sep 30, 2025 4:08 PM

Tags: attack, cisa, exploit, flaw, hacker, linux, vulnerability

Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-critical-linux-sudo-flaw-exploited-in-attacks/
CISA Issues Alert on Active Exploitation of Linux and Unix Sudo Flaw

Sep 30, 2025 1:08 PM

Tags: cisa, control, cyber, cybersecurity, exploit, flaw, infrastructure, linux, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent alert for system administrators and IT teams worldwide. Researchers have confirmed that attackers are actively exploiting a serious vulnerability in the sudo utility used on many Linux and Unix systems. This flaw, tracked asCVE-2025-32463, could allow attackers to gain full administrative control of affected machines. Sudo…
Researchers Publish Technical Analysis of Linux Sudo Privilege Escalation

Sep 30, 2025 1:08 PM

Tags: access, cve, cyber, flaw, linux, vulnerability

A team of security researchers has released an in-depth technical report on CVE-2025-32463, a critical local privilege escalation flaw in the widely used Linux sudo utility. The vulnerability, which affects sudo versions 1.9.14 through 1.9.17, allows a local attacker with standard sudo access to gain full root privileges by abusing the tool’schrootfeature. At the heart…
CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

Sep 30, 2025 8:08 AM

Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, linux, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to…
LockBit 5.0 ist zurück; zielt auf Linux, Windows und ESXi

Sep 29, 2025 12:08 PM

Tags: infrastructure, linux, lockbit, malware, vmware, windows

Eigentlich sollte die LockBit-Infrastruktur ja mit der Operation Cronos zerschlagen sein. Trend Micro schlägt jetzt Alarm, denn man ist auf eine neue Variante LockBit 5.0 gestoßen. Die Malware greift Systeme mit Linux, Windows sowie VMware ESXi-Instanzen an. Rückblick auf LockBit … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/29/lockbit-5-0-ist-zurueck-zielt-auf-linux-windows-und-esxi/
Lockbit 5.0: Neue Ransomware-Variante für Windows und Linux im Umlauf

Sep 29, 2025 12:08 PM

Tags: linux, lockbit, malware, ransomware, windows

Die Cybererpresser verbessern die Verschleierung ihrer Malware und Erschweren die Wiederherstellung verschlüsselter Dateien. First seen on golem.de Jump to article: www.golem.de/news/lockbit-5-0-neue-ransomware-variante-fuer-windows-und-linux-im-umlauf-2509-200598.html
SMS Pools and what the US Secret Service Really Found Around New York

Sep 29, 2025 11:09 AM

Tags: apple, authentication, business, china, conference, control, country, credit-card, crime, crypto, data, email, exploit, finance, fraud, google, group, Hardware, infrastructure, iphone, jobs, korea, law, linux, mfa, mobile, phishing, phone, scam, service, smishing, software, theft, usa, windows

Last week the United Nations General Assembly kicked off in New York City. On the first day, a strange US Secret Service press conference revealed that they had seized 300 SIM Servers with 100,000 SIM cards. Various media outlets jumped on the idea that this was some state-sponsored sleeper cell waiting to destroy telecommunication services…
Meet LockBit 5.0: Faster ESXi drive encryption, better at evading detection

Sep 27, 2025 12:08 AM

Tags: access, api, attack, breach, business, control, cybersecurity, dark-web, data-breach, defense, detection, encryption, guide, infrastructure, Internet, law, linux, lockbit, login, malware, mfa, phishing, ransomware, risk, russia, service, threat, update, vcenter, vmware, vpn, windows

the Windows binary uses heavy obfuscation and packing: it loads its payload through DLL reflection while implementing anti-analysis techniques like Event Tracing for Windows (ETW) patching and terminating security services;the Linux variant maintains similar functionality with command-line options for targeting specific directories and file types;the ESXi variant specifically targets VMware virtualization environments, and is designed…
LockBit’s new variant is ‘most dangerous yet,’ hitting Windows, Linux and VMware ESXi

Sep 26, 2025 5:08 PM

Tags: linux, lockbit, vmware, windows

Operation Cronos didn’t kill LockBit it just came back meaner First seen on theregister.com Jump to article: www.theregister.com/2025/09/26/lockbits_new_variant_is_most/
LockBit’s new variant is ‘most dangerous yet,’ hitting Windows, Linux and VMware ESXi

Sep 26, 2025 5:08 PM

Tags: linux, lockbit, vmware, windows

Operation Cronos didn’t kill LockBit it just came back meaner First seen on theregister.com Jump to article: www.theregister.com/2025/09/26/lockbits_new_variant_is_most/
New Botnet ‘Loader-as-a-Service’ Turns Home Routers and IoT into Mirai Farms

Sep 26, 2025 1:08 PM

Tags: attack, botnet, control, credentials, cve, cyber, data-breach, exploit, iot, linux, router, service, threat, wordpress

CloudSEK has uncovered a sophisticated Loader-as-a-Service botnet campaign spanning the last six months, leveraging exposed command-and-control logs to orchestrate attacks against SOHO routers, embedded Linux devices, and enterprise applications. The threat actors exploit unsanitized POST parameters”, such as NTP, syslog, and hostname fields”, alongside default credentials and known CVEs in WebLogic, WordPress, and vBulletin systems…
LockBit 5.0 Ransomware Targets Windows, Linux, and VMware ESXi Systems

Sep 26, 2025 9:09 AM

Tags: attack, computing, cyber, cybersecurity, linux, lockbit, ransomware, strategy, threat, vmware, windows

Cybersecurity researchers at Trend Micro have discovered a new and dangerous variant of LockBit ransomware that targets Windows, Linux, and VMware ESXi systems, utilizing advanced obfuscation techniques and sophisticated cross-platform capabilities. Advanced Multi-Platform Attack Strategy LockBit 5.0 represents a significant evolution in ransomware threats, featuring dedicated variants for three critical computing platforms. All variants share…
Zorin OS 18 beta makes Linux look like anything but Linux

Sep 26, 2025 9:09 AM

Tags: linux, macOS, switch, windows

Windows, macOS, Cinnamon, even iPadOS all just a layout switch away First seen on theregister.com Jump to article: www.theregister.com/2025/09/24/zorin_os_18_beta/
Kali Linux 2025.3 released with 10 new tools, Wi-Fi enhancements

Sep 25, 2025 9:49 AM

Tags: kali, linux, tool, wifi

Kali Linux has released version 2025.3, the third version of 2025, featuring ten new tools, Nexmon support, and NetHunter improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kali-linux-20253-released-with-10-new-tools-wifi-enhancements/
Linux Kernel ksmbd Flaw Lets Remote Attackers Execute Arbitrary Code

Sep 25, 2025 9:49 AM

Tags: authentication, control, cve, cyber, exploit, flaw, linux, vulnerability

A critical vulnerability in the Linux Kernel’s ksmbd file sharing component allows remote attackers to execute code with kernel privileges. Tracked as CVE-2025-38561, this flaw affects Linux distributions that include the ksmbd SMB server implementation. Authentication is required, but a successful exploit can grant full control of the affected host. Vendors and administrators should apply…
Kali Linux 2025.3 released with 10 new tools, Wi-Fi enhancements

Sep 25, 2025 8:49 AM

Tags: kali, linux, tool, wifi

Kali Linux has released version 2025.3, the third version of 2025, featuring ten new tools, Nexmon support, and NetHunter improvements. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/kali-linux-20253-released-with-10-new-tools-wifi-enhancements/
Linux Kernel ksmbd Flaw Lets Remote Attackers Execute Arbitrary Code

Sep 25, 2025 8:49 AM

Tags: authentication, control, cve, cyber, exploit, flaw, linux, vulnerability

A critical vulnerability in the Linux Kernel’s ksmbd file sharing component allows remote attackers to execute code with kernel privileges. Tracked as CVE-2025-38561, this flaw affects Linux distributions that include the ksmbd SMB server implementation. Authentication is required, but a successful exploit can grant full control of the affected host. Vendors and administrators should apply…
Kali Linux 2025.3 brings improved virtual machine tooling, 10 new tools

Sep 24, 2025 11:16 AM

Tags: kali, linux, penetration-testing, tool

OffSec has released Kali Linux 2025.3, the most up-to-date version of its popular penetration testing and digital forensics platform. What’s new in Kali Linux 2025.3 Better … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/24/kali-linux-2025-3-released/
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Sep 24, 2025 10:15 AM

Tags: attack, cloud, credentials, cve, exploit, flaw, hacker, iam, linux, service, vulnerability

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS).The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery (SSRF) that…
Kali Linux 2025.3 Launches With Fresh Features and 10 New Pentesting Tools

Sep 24, 2025 10:15 AM

Tags: cyber, firmware, Hardware, kali, linux, mobile, penetration-testing, tool, update

Kali Linux 2025.3 has arrived, bringing a wave of improvements, updated firmware support, and a suite of ten new security tools. This release builds on the June 2025.2 update by refining core workflows, extending wireless capabilities, and preparing the distribution for emerging architectures. Whether you rely on virtual machines, Raspberry Pi devices, or mobile pentesting…
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Sep 24, 2025 10:15 AM

Tags: attack, cloud, credentials, cve, exploit, flaw, hacker, iam, linux, service, vulnerability

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS).The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery (SSRF) that…
Chrome High-severity Flaws Expose Sensitive Data, Trigger System Crashes

Sep 24, 2025 7:16 AM

Tags: browser, chrome, cyber, data, flaw, google, leak, linux, update, vulnerability, windows

Google has released an urgent security update for its Chrome browser, addressing three high-severity vulnerabilities that could allow attackers to leak sensitive information and cause system instability. The latest Chrome version 140.0.7339.207/.208 for Windows and Mac, and 140.0.7339.207 for Linux, patches critical flaws in the V8 JavaScript engine that powers the browser’s web content processing.…
Sichere Linux-Distributionen im Vergleich – Qubes OS Whonix und Tails im Vergleich der Sicherheitsstrategien

Sep 23, 2025 11:16 AM

Tags: linux

First seen on security-insider.de Jump to article: www.security-insider.de/qubes-os-whonix-tails-sicherheitsstrategien-a-052feaa3f75a4bbac9ad00f3dbc09f97/
Sysdig entdeckt -ZynorRAT- Neuer RemoteTrojaner steuert Opfer per Telegram

Sep 23, 2025 11:16 AM

Tags: access, cyberattack, linux

ZynorRAT zeigt, wie bekannte Kommunikationsplattformen zu verlässlichen C2-Kanälen für Angriffe werden können. Gerade Linux-Workloads geraten verstärkt ins Visier. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sysdig-entdeckt-zynorrat-neuer-remote-access-trojaner-steuert-opfer-per-telegram/a42094/
Flipper Blackhat: Wenn der Flipper Zero zum portablen LinuxTester wird

Sep 22, 2025 7:16 PM

Tags: conference, linux

Wer möchte, kann sein Flipper Zero zu einer Art Schweizer Taschenmesser verwandeln. Damit sind unzählige Penetrationstests möglich. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/flipper-blackhat-wenn-der-flipper-zero-zum-portablen-linux-pen-tester-wird-321012.html