Two Bugs in Sudo Let Regular Users Gain Root Access
A Routine Tool Under the Microscope Sudo is one of those command-line helpers that most Linux and Unix administrators install and forget. It lets anyone with the right entry in the /etc/sudoers file perform system tasks that normally need super-user rights, all while keeping a clear audit trail.…
0 Comments6 Minutes
“NightEagle” Hackers Exploit Fresh Microsoft Exchange Weakness
Researchers spot fast-moving group at CYDES 2025 Security investigators from the RedDrip Team at Chinese cybersecurity giant QiAnXin have unmasked a previously unreported advanced-persistent-threat (APT) crew they have dubbed “NightEagle,” also tracked as APT-Q-95. The team laid out its findings…
0 Comments5 Minutes
North Korean Hackers Write Nim-Based Malware to Breach Web3 Companies
A Fresh Mac Threat: NimDoor Security researchers at SentinelOne have uncovered a new malware toolkit, nicknamed NimDoor, that highlights how North Korean hacking crews keep reinventing themselves. Unlike many Mac threats, the malicious code is written in the Nim programming language and relies on…
0 Comments6 Minutes
nOAuth: A Two-Year-Old Entra ID Loophole Still Lets Attackers Take Over
New survey shows nearly one in ten Microsoft-linked SaaS apps can be hijacked A fresh investigation by identity-security firm Semperis has reignited concern about a weakness first publicised in mid-2023 and nicknamed nOAuth. The company examined 104 cloud software products that let customers sign…
0 Comments5 Minutes
Cisco Rushes to Fix Two “Perfect-Score” Flaws in Identity Services Engine
What Makes ISE So Important Cisco Identity Services Engine, better known as ISE, sits at the heart of many company networks. It decides who or what can log in, which devices may join the Wi-Fi, and whether a user can reach a sensitive server. If ISE goes down or is taken over, an attacker…
0 Comments5 Minutes
Critical flaw in Open VSX Registry patched after researchers warn of supply-chain danger
Attack vector could have handed over the whole extension market An Israeli security outfit has revealed that an error buried deep in the automation scripts of the Open VSX Registry might have let criminals hijack every Visual Studio Code extension distributed through the popular open-source…
0 Comments6 Minutes
New Linux Privilege-Escalation Chain Gives Attackers Instant Root Access
Two Bugs, One Exploit Chain Security specialists at Qualys have revealed a pair of vulnerabilities that—when combined—let any logged-in user jump from a normal account to full administrator rights on many mainstream Linux distributions. The first flaw, CVE-2025-6018, sits inside the Pluggable…
0 Comments5 Minutes
Fake GitHub Projects Hides Malicious Code, Researchers Warn
Banana Squad Returns With a Fresh Batch of Booby-Trapped Repositories Security analysts at ReversingLabs say they have uncovered a new surge of activity by a group they call Banana Squad. The actors have opened and maintained more than 67 GitHub projects that pretend to contain handy Python hacking…
0 Comments6 Minutes
The Web’s Biggest Password Leak Puts Billions at Risk
A Record-Breaking Trove of Stolen Credentials Comes to Light A data cache containing roughly 16 billion usernames and passwords has surfaced on dark-web forums, according to investigative work led by researcher Vilius Petkauskas and the Cybernews team. Spread across 30 colossal files—each one…
0 Comments6 Minutes
Anubis Ransomware Emerges With a Destructive Twist
Dual Threat: Scrambling and Erasing Data A newly observed strain of ransomware called Anubis has attracted the attention of security researchers for its ability not only to lock files but also to wipe them out completely. According to a recent study by Trend Micro, the malware carries a “wipe…
0 Comments6 Minutes