escalation
-
Amazon EKS Flaws Expose AWS Credentials and Enable Privilege Escalation
Recent research has uncovered critical security flaws in Amazon Elastic Kubernetes Service (EKS) that could expose sensitive AWS credentials and…
Read More » -
Over 100,000 WordPress Sites Exposed to Privilege Escalation via MCP AI Engine
The Wordfence Threat Intelligence team identified a severe security flaw in the AI Engine plugin, a widely used tool installed…
Read More » -
Veeam Vulnerabilities Expose Backup Servers to Remote Attacks
Veeam, a leading provider of data protection and backup solutions, disclosed three critical vulnerabilities affecting its widely deployed backup software.…
Read More » -
Apache Tomcat Flaws Allow Auth Bypass and DoS Attacks
The Apache Software Foundation has released critical security updates to address four newly discovered vulnerabilities in Apache Tomcat, one of…
Read More » -
HashiCorp Nomad ACL Lookup Flaw Allows Privilege Escalation
HashiCorp disclosed a critical security flaw (CVE-2025-4922) in its Nomad workload orchestration tool on June 11, 2025, exposing clusters to…
Read More » -
Acer Control Center Flaw Lets Attackers Run Malicious Code as Elevated User
A critical security flaw (CVE-2025-5491) in Acer ControlCenter allows remote attackers to execute arbitrary code with NT AUTHORITY\SYSTEM privileges via…
Read More » -
Microsoft Defender Spoofing Flaw Enables Privilege Escalation and AD Access
A newly disclosed spoofing vulnerability (CVE-2025-26685) in Microsoft Defender for Identity (MDI) enables unauthenticated attackers to capture Net-NTLM hashes of…
Read More » -
Privilege Escalation in PAN-OS Web Interface Allows Admin Users to Perform Root Actions
Palo Alto Networks disclosed a medium-severity command injection vulnerability on June 11, 2025, designated as CVE-2025-4231, affecting the management web…
Read More » -
Windows Authentication Coercion Attacks Present Major Risks to Enterprise Networks
Authentication coercion remains a potent attack vector in Windows environments, enabling attackers with even low-privileged domain accounts to force targeted…
Read More » -
Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges
A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security gap in Microsoft Entra ID…
Read More » -
Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments
A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID and Azure environments, where attackers…
Read More » -
GenAI Assistant DIANNA Uncovers New Obfuscated Malware
Deep Instinct’s GenAI-powered assistant, DIANNA, has identified a sophisticated new malware strain dubbed BypassERWDirectSyscallShellcodeLoader. This malware, reportedly crafted with the…
Read More » -
Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication
Security researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network security and SD-WAN orchestration platform used…
Read More » -
DPRK IT Workers Impersonate Polish and US Nationals to Secure Full-Stack Developer Positions
A alarming cybersecurity report by Nisos has uncovered a sophisticated employment scam network potentially affiliated with the Democratic People’s Republic…
Read More » -
Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack
A serious security flaw affecting the Eventin plugin, a popular event management solution for WordPress, was recently discovered by Denver…
Read More » -
Inside Turla’s Uroboros Infrastructure and Tactics Revealed
In a nation-state cyber espionage, a recent static analysis of the Uroboros rootkit, attributed to the infamous APT group Turla,…
Read More » -
Detecting Backdoors in Enterprise Networks
In today’s rapidly evolving cybersecurity landscape, enterprise networks face a particularly insidious threat: backdoors, making detecting backdoors crucial. These clandestine…
Read More » -
Critical Azure and Power Apps Vulnerabilities Allow Privilege Escalation for Attackers
Microsoft has patched four critical security vulnerabilities affecting its Azure cloud services and Power Apps platform that could allow attackers…
Read More » -
Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER
The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks in the first quarter of…
Read More »