Development

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security

As applications become more distributed, traditional monitoring and security tools are failing to keep pace. This article explores how eBPF, when utilized by the graduated CNCF Cilium and its sub-proj …
Read more

Published Date:
Jun 18, 2025 (4 hours, 33 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2021-44228

Critical Linux Privilege Escalation Vulnerabilities Let Attackers Gain Full Root Access

Two critical, interconnected flaws, CVE-2025-6018 and CVE-2025-6019, enable unprivileged attackers to achieve root access on major Linux distributions.
Affecting millions worldwide, these vulnerabilit …
Read more

Published Date:
Jun 18, 2025 (4 hours, 1 minute ago)

Vulnerabilities has been mentioned in this article.

CSG waarschuwt voor kritiek beveiligingslek in NetScaler Gateway en ADC

De Cloud Software Group (CSG) waarschuwt voor een kritieke kwetsbaarheid in NetScaler ADC en NetScaler Gateway die tot een “memory overread” kan leiden. Een aanvaller zou zo vertrouwelijke informatie …
Read more

Published Date:
Jun 18, 2025 (2 hours, 58 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5777

CISA Warns of Linux Kernel Improper Ownership Management Vulnerability Exploited in Attacks

CISA has added a critical Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that CVE-2023-0386 is being actively exploited in real-world attacks.
This improper o …
Read more

Published Date:
Jun 18, 2025 (2 hours, 57 minutes ago)

Vulnerabilities has been mentioned in this article.

Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now!

Google has released an urgent security update for Chrome browsers across all desktop platforms, addressing critical vulnerabilities that could allow attackers to execute arbitrary code on users’ syste …
Read more

Published Date:
Jun 18, 2025 (2 hours, 54 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE ID : CVE-2025-1562

Published : June 18, 2025, 8:15 a.m. | 1 hour, 14 minutes ago

Description : The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_plugins() function and a weak nonce hash in all versions up to, and including, 3.5.3. This makes it possible for unauthenticated attackers to install arbitrary plugins on the site that can be leveraged to further infect a vulnerable site.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5981

Published : June 18, 2025, 9:15 a.m. | 14 minutes ago

Description : Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR’s unpack() function for container images. Particularly, when using the CLI flag –remote-image on untrusted container images.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The “Infinite Workday” is Here: Microsoft Warns of Never-Ending Work Driven by Hybrid Models & AI

Microsoft recently released a new study titled “2025 Work Trend Index Annual Report,” in which it issues a warning about the rise of the “infinite workday.” The report describes this phenomenon as a p …
Read more

Published Date:
Jun 18, 2025 (3 hours, 30 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-24787

CVE-2023-34966

Mastodon Cracks Down: New Terms Ban Unauthorized AI Data Scraping

The decentralized social networking platform Mastodon has recently issued an email to its users, notifying them of an update to its Terms of Service. The most significant change introduced is a formal …
Read more

Published Date:
Jun 18, 2025 (3 hours, 14 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-23832

CVE-2023-36460

Linux Kernel Flaw (CVE-2023-0386) Actively Exploited for Root Privilege Escalation, PoC Available

A dangerous Linux privilege escalation vulnerability, CVE-2023-0386, has officially entered the CISA Known Exploited Vulnerabilities (KEV) Catalog amid confirmed reports of active exploitation in the …
Read more

Published Date:
Jun 18, 2025 (3 hours, 51 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-0386

Trinper Backdoor Exploiting Chrome Zero-Day CVE-2025-2783

A critical vulnerability in Google Chrome, tracked as CVE-2025-2783, has been exploited in cyberattacks deploying the Trinper backdoor. The flaw, a sandbox escape vulnerability, enables attackers to e …
Read more

Published Date:
Jun 18, 2025 (3 hours, 13 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-26685

CVE-2025-2783

KimJongRAT Returns: New PE & PowerShell Variants Steal Crypto and Browser Data via CDNs

Unit 42 has uncovered two newly evolved variants of the KimJongRAT malware, one using traditional PE (Portable Executable) files and the other employing PowerShell-based scripts to infiltrate systems, …
Read more

Published Date:
Jun 18, 2025 (2 hours, 21 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2023-2530

Critical Linux Root Exploit Chain Discovered in PAM & UDisks, Affecting Major Distros

The Qualys Threat Research Unit (TRU) has unveiled two interconnected privilege escalation vulnerabilities—CVE-2025-6018 and CVE-2025-6019—that can allow any local attacker to gain full root access on …
Read more

Published Date:
Jun 18, 2025 (2 hours, 8 minutes ago)

Vulnerabilities has been mentioned in this article.

SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem

Full Disclosure
mailing list archives
SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem
From: SEC Consult Vulnerability Lab via Fulldisclosure
Read more

Published Date:
Jun 18, 2025 (1 hour, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-26412

SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)

Full Disclosure
mailing list archives
SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
From: SEC Consult Vulnerability Lab via Fulldisclosure
Read more

Published Date:
Jun 18, 2025 (1 hour, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-5301

: “Glass Cage” – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)

Full Disclosure
mailing list archives
From: josephgoyd via Fulldisclosure
Date: Tue, 10 Jun 2025 14:48:51 +0000
“Glass Cage” – Sophisticated Zero-Click iMessage Exploi …
Read more

Published Date:
Jun 18, 2025 (1 hour, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-24201

CVE-2025-24085

CVE ID : CVE-2025-23252

Published : June 18, 2025, 1:15 a.m. | 5 hours, 15 minutes ago

Description : The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure.

Severity: 4.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4413

Published : June 18, 2025, 3:15 a.m. | 3 hours, 15 minutes ago

Description : The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50202

Published : June 18, 2025, 5:15 a.m. | 1 hour, 14 minutes ago

Description : Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user’s uploaded images, and configuration secrets due to a path traversal exploit in SecurePathController.php. This issue has been patched in version 6.6.10.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…