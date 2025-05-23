news
Security Leftovers
-
PostgreSQL ☛ Pgpool-II 4.6.1, 4.5.7, 4.4.12, 4.3.15 and 4.2.22 released.
An authentication bypass vulnerability exists in the client authentication mechanism of Pgpool-II. In Pgpool-II, authentication may be bypassed even when it is supposed to be enforced. As a result, an attacker could log in as any user, potentially leading to information disclosure, data tampering, or even a complete shutdown of the database. (CVE-2025-46801)
This vulnerability affects systems where the authentication configuration matches one of the following patterns: [...]
-
LWN ☛ Security updates for Friday
Security updates have been issued by Fedora (dotnet9.0, dropbear, ghostscript, nbdkit, openssh, python-watchfiles, rpm-ostree, yelp, yelp-xsl, and zsync), Oracle (firefox and kernel), Red Hat (osbuild-composer), Slackware (aaa_glibc and mozilla), SUSE (chromedriver, open-vm-tools, postgresql14, python-cryptography, and thunderbird), and Ubuntu (linux-aws, linux-hwe-5.4, python, and sqlite3).
-
Security Week ☛ Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors
A Chinese espionage group has been chaining two recent Ivanti EPMM vulnerabilities in attacks against organizations in multiple critical sectors.
-
Security Week ☛ DanaBot Botnet Disrupted, 16 Suspects Charged
The DanaBot botnet ensnared over 300,000 devices and caused more than $50 million in damages before being disrupted.
-
Security Week ☛ Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks
A Chinese threat actor exploited a zero-day vulnerability in Trimble Cityworks to hack local government entities in the US.
-
Security Week ☛ Companies Warned of Commvault Vulnerability Exploitation
CISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Microsoft trap Azure environments.
-
RFERL ☛ Probe Says Russian Military Hackers Target Romanian Surveillance Cameras To Track Ukraine Aid
Russian military intelligence (GRU) has targeted thousands of surveillance cameras across Romania and other NATO countries bordering Ukraine in an attempt to monitor the flow of military and humanitarian aid to Kyiv, according to an investigation involving the US and several European nations.
-
Security Week ☛ Russian Qakbot Gang Leader Indicted in US
Russian national Rustam Gallyamov was indicted in the US for his leading role in the development and distribution of Qakbot malware.