news
Security Leftovers
-
LWN ☛ Security updates for Tuesday
Security updates have been issued by AlmaLinux (delve, emacs, gimp, gimp:2.8, glibc, idm:DL1, ipa, iputils, kernel, krb5, libarchive, libblockdev, libxml2, mod_proxy_cluster, osbuild-composer, pam, perl-File-Find-Rule, perl-YAML-LibYAML, qt5-qtbase, weldr-client, xorg-x11-server and xorg-x11-server-Xwayland, and xorg-x11-server-Xwayland), Debian (mbedtls and sudo), Oracle (.NET 8.0, delve, delve, golang, firefox, ghostscript, glibc, golang, grafana, iputils, kernel, krb5, libarchive, libblockdev, nodejs22, ruby, thunderbird, tomcat, tomcat9, unbound, and wireshark), Red Hat (glibc and mod_auth_openidc), Slackware (sudo), SUSE (gpg2, ImageMagick, iputils, jakarta-commons-fileupload, kernel, libblockdev, libsoup, open-vm-tools, pam, python-tornado6, screen, sudo, and xwayland), and Ubuntu (linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-oracle, linux-raspi, linux-realtime, linux-gcp, linux-gcp-6.8, linux-hwe-5.4, linux-oem-6.11, and sudo).
-
Tom's Hardware ☛ Rogue IT worker gets seven months in prison over $200,000 digital rampage — technician changed all of his company's passwords after getting suspended
A suspended IT worker who caused at least $200,000 of damage in an act of revenge upon his employer has been sentenced.
-
XSAs released on 2025-07-01
The Xen Project has released one or more Xen security advisories (XSAs).
-
Scoop News Group ☛ US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations
Russia-based Aeza Group allegedly provided infrastructure to BianLian ransomware and the Meduza, RedLine and Lumma infostealer operators.
-
Security Week ☛ Critical Microsens Product Flaws Allow Hackers to Go ‘From Zero to Hero’
CISA has informed organizations about critical authentication bypass and remote code execution vulnerabilities in Microsens NMP Web+.
-
Security Week ☛ 263,000 Impacted by Esse Health Data Breach
Esse Health says the personal information of over 263,000 individuals was stolen in an April 2025 cyberattack.
The post 263,000 Impacted by Esse Health Data Breach appeared first on SecurityWeek.
-
Security Week ☛ Thousands of Citrix NetScaler Instances Unpatched Against Exploited Vulnerabilities
Many Citrix NetScaler systems are exposed to attacks exploiting the vulnerabilities tracked as CVE-2025-5777 and CVE-2025-6543.
-
Security Week ☛ Iranian Hackers’ Preferred ICS Targets Left Open Amid Fresh US Attack Warning
The US government is again warning about potential Iranian cyberattacks as researchers find that hackers’ favorite ICS targets remain exposed.
-
Help Net Security ☛ Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)
If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been disclosed on Monday.