news
Security Leftovers
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (apache-commons-beanutils, firefox, kea, kernel, kernel-rt, libblockdev, libvpx, pam, python-setuptools, python3, python3.11, python3.12, python3.9, and sudo), Debian (chromium), Gentoo (sudo), Oracle (.NET 8.0, buildah, firefox, freerdp, golang-github-openprinting-ipp-usb, grafana, grafana-pcp, gvisor-tap-vsock, libsoup3, mod_proxy_cluster, perl-FCGI, podman, python-setuptools, qt6-qtbase, skopeo, sudo, and thunderbird), Slackware (mozilla), SUSE (redis, runc, xorg-x11-server, and xwayland), and Ubuntu (composer, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke,
linux-gkeop, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia,
linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle,
linux-oracle-6.8, linux-raspi, linux, linux-aws, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop,
linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency,
linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oracle,
linux-raspi, linux-realtime, linux, linux-aws, linux-lts-xenial, linux, linux-gcp, linux-raspi, linux-realtime, linux-fips, linux-fips, linux-aws-fips, linux-gcp-fips, linux-realtime, and linux-realtime, linux-raspi-realtime).
-
Hackaday ☛ Hack Swaps Keys For Gang Signs, Everyone Gets In
How many times do you have to forget your keys before you start hacking on the problem? For [Binh], the answer was 5 in the last month, and his hack was to make a gesture-based door unlocker. Which leads to the amusing image of [Binh] in a hallway throwing gang signs until he is let in.
-
Internet Society ☛ Dangerous US Supreme Court Decision for Online Privacy and Security
Texas’ mandatory age verification law, ruled constitutional by the US Supreme Court last week, risks the privacy, security, and open nature of the Internet.
-
Security Week ☛ Kelly Benefits Data Breach Impacts 550,000 People
As Kelly Benefits’s investigation into a recent data breach progressed, the number of impacted individuals continued to grow.
-
Security Week ☛ Forminator WordPress Plugin Vulnerability Exposes 400,000 Websites to Takeover
A vulnerability in the Forminator WordPress plugin allows attackers to delete arbitrary files and take over impacted websites.
-
Security Week ☛ CISA Warns of Two Exploited TeleMessage Vulnerabilities
CISA says two more vulnerabilities in the messaging application TeleMessage TM SGNL have been exploited in the wild.
-
Security Week ☛ Cyberattack Targets International Criminal Court
The International Criminal Court (ICC) has detected and contained a sophisticated and targeted cyberattack.
-
Tom's Hardware ☛ German charity refuses to comply with Bitcoin ransomware demand — hackers attempt to extort hunger-fighting group for over $2 million
A German hunger-fighting charity is on the hook for some $2 million after being extorted by cybercriminals.
-
Linux Pwned! Privilege Escalation on SUDO in 5 seconds. HackerHood tests the CVE-2025-32463 exploit
Yesterday, Red Hot Cyber published an in-depth analysis of a gserious vulnerability discovered in SUDO (CVE-2025-32463), which allows escalation of privileges to root in Linux environments by exploiting an abuse of the chroot function.