Security Leftovers

posted by Roy Schestowitz on Jul 03, 2025

• LWN ☛ Security updates for Wednesday

  Security updates have been issued by AlmaLinux (apache-commons-beanutils, firefox, kea, kernel, kernel-rt, libblockdev, libvpx, pam, python-setuptools, python3, python3.11, python3.12, python3.9, and sudo), Debian (chromium), Gentoo (sudo), Oracle (.NET 8.0, buildah, firefox, freerdp, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, gvisor-tap-vsock, libsoup3, mod_proxy_cluster, perl-FCGI, podman, python-setuptools, qt6-qtbase, skopeo, sudo, and thunderbird), Slackware (mozilla), SUSE (redis, runc, xorg-x11-server, and xwayland), and Ubuntu (composer, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke,

  linux-gkeop, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia,

  linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle,

  linux-oracle-6.8, linux-raspi, linux, linux-aws, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop,

  linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency,

  linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oracle,

  linux-raspi, linux-realtime, linux, linux-aws, linux-lts-xenial, linux, linux-gcp, linux-raspi, linux-realtime, linux-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-realtime, and linux-realtime, linux-raspi-realtime).

• Hackaday ☛ Hack Swaps Keys For Gang Signs, Everyone Gets In

  How many times do you have to forget your keys before you start hacking on the problem? For [Binh], the answer was 5 in the last month, and his hack was to make a gesture-based door unlocker. Which leads to the amusing image of [Binh] in a hallway throwing gang signs until he is let in.

• Internet Society ☛ Dangerous US Supreme Court Decision for Online Privacy and Security

  Texas’ mandatory age verification law, ruled constitutional by the US Supreme Court last week, risks the privacy, security, and open nature of the Internet.  

• Security Week ☛ Kelly Benefits Data Breach Impacts 550,000 People

  As Kelly Benefits’s investigation into a recent data breach progressed, the number of impacted individuals continued to grow. 

• Security Week ☛ Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover

  A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites.

• Security Week ☛ CISA Warns of Two Exploited TeleMessage Vulnerabilities

  CISA says two more vulnerabilities in the messaging application TeleMessage TM SGNL have been exploited in the wild.

• Security Week ☛ Cyberattack Targets International Criminal Court

  The International Criminal Court (ICC) has detected and contained a sophisticated and targeted cyberattack.

• Tom's Hardware ☛ German charity refuses to comply with Bitcoin ransomware demand — hackers attempt to extort hunger-fighting group for over $2 million

  A German hunger-fighting charity is on the hook for some $2 million after being extorted by cybercriminals.

• Linux Pwned! Privilege Escalation on SUDO in 5 seconds. HackerHood tests the CVE-2025-32463 exploit

  Yesterday, Red Hot Cyber published an in-depth analysis of a gserious vulnerability discovered in SUDO (CVE-2025-32463), which allows escalation of privileges to root in Linux environments by exploiting an abuse of the chroot function.