news
Security Leftovers
-
LWN ☛ Security updates for Monday
Security updates have been issued by AlmaLinux (kernel), Debian (dovecot, git, log4cxx, and openssl), Fedora (containernetworking-plugins, firebird, firefox, jupyterlab, mupdf, and thunderbird), Oracle (ipa), Red Hat (container-tools:rhel8, firefox, gnutls, kernel, kernel-rt, multiple packages, mysql, mysql:8.0, nginx, podman, and thunderbird), Slackware (fetchmail), SUSE (afterburn, chromium, firefox, haproxy, libvmtools-devel, logback, python311-Django, python311-Django4, and redis), and Ubuntu (linux-gcp, linux-gcp-6.14, linux-oem-6.14, linux-nvidia-tegra-igx, linux-oracle, mysql-8.0, poppler, and squid).
-
CVE-2025-61594: URI Credential Leakage Bypass previous fixes
We published security advisory for CVE-2025-61594.
-
Tom's Hardware ☛ Cyberattacks hit 91% of universities and 43% of businesses in last 12 months in the UK — survey suggests more than 600,000 businesses, 61,000 charities affected
UK businesses, universities, and secondary schools have come under unprecedented hacking attacks over the past year, with 9/10 of polled universities claiming to have suffered at least one breach attempt in the past 12 months.
-
Security Week ☛ Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks
Oracle has informed customers that it has patched a critical remote code execution vulnerability tracked as CVE-2025-61882.
-
SANS ☛ Quick and Dirty Analysis of Possible Oracle E-Business Suite Exploit Script (CVE-2025-61882)
-
Security Week ☛ Data Breach at Doctors Imaging Group Impacts 171,000 People
Doctors Imaging Group is informing customers about a cybersecurity incident nearly a year after it occurred.
-
Security Week ☛ Hackers Extorting Salesfarce After Stealing Data From Dozens of Customers
Salesfarce says the extortion attempts are related to past or unsubstantiated incidents, and not to fresh intrusions.