news
Security Leftovers
-
Security Week ☛ ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Rockwell
The industrial giants fixed dozens of vulnerabilities across their ICS products, with advisories also released by CISA and VDE CERT.
-
XSAs released on 2026-07-14
The Xen Project has released one or more Xen security advisories (XSAs).
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (cifs-utils, corosync, cups, freerdp, git-lfs, go-fdo-client and go-fdo-server, go-toolset:rhel8, kernel, kernel-rt, libinput, libxml2, nginx:1.24, openssl, pacemaker, perl-DBI:1.641, php8.4, python-pillow, python3, and python3.12), Debian (grub2, libxfont, opam, and wolfssl), Fedora (freerdp, kernel, and prometheus), Mageia (imagemagick), Oracle (buildah, freerdp, gimp, kernel, nginx, openexr, openssl, perl-DBI, podman, vim, xorg-x11-server, and xorg-x11-server-Xwayland), Red Hat (python3.12), SUSE (afterburn, buildah, busybox, enc, freetype2-devel, go1.25, go1.25-openssl, go1.26-openssl, gosec, grafana, helm, krb5, kubernetes-old, libopenbabel8, libxml2, libxml2-16, nasm, openssl-3, patch, python-Authlib, python-mistune, python-soupsieve, python-sqlparse, python3-dulwich, python313-Pillow, rootlesskit, sbootutil-1, tomcat, and tomcat11), and Ubuntu (alsa-lib, dnsmasq, gnutls28, libheif, linux-aws, linux-fips, linux-lts-xenial, linux-gcp-5.15, linux-intel-iotg-5.15, linux-hwe-6.17, linux-raspi, mariadb, openvpn, python-httplib2, vim, and wget).
-
SELinux Userspace Utilities: Local Denial-of-Service Attack Vectors in seunshare in release 3.10
The
seunshareprogram is part of the SELinux “sandbox” feature, which is used to confine untrusted programs using Linux mount namespaces and restrictive SELinux policies. The program is designed to be installed with setuid-root privileges, accessible to all users in theWe have been asked to review the program’s security with the intention of assigning the setuid bit to it on SUSE distributions in the future. Fedora GNU/Linux already ships this program with setuid-root enabled; other SELinux-enabled GNU/Linux distributions may do so as well.
-
LWN ☛ Local DoS attack vectors in seunshare 3.10 (SUSE Security Team Blog)
The SUSE Security Team Blog has a post with an analysis of seunshare, which is used by SELinux to confine untrusted programs. During a review of version 3.10 of the program, the team identified two local Denial-of-Service (DoS) vectors.
-
Security Week ☛ Progress Confirms Zero-Day Vulnerability Behind ShareFile Disruption
The company has rolled out a fix and is restoring access for Storage Zones Controller customers who apply it.
-
Security Week ☛ Vulnerabilities Patched by Fortinet, Ivanti, ServiceNow
A critical security defect in the ServiceNow Hey Hi (AI) platform could allow remote attackers to execute arbitrary code.
-
Security Week ☛ Unpatched Cursor Vulnerability Exposes Users to Code Execution
An attacker can create a malicious repository containing a git.exe in the project root, and Cursor executes it automatically.
-
Security Week ☛ Critical Vulnerabilities Patched With Fresh Chrome 150, Firefox 152 Updates
Public exploit code targeting the Firefox flaws exists, but no in-the-wild exploitation has been observed.
-
Windows TCO / Windows Bot Nets
-
Security Week ☛ Windows Bind Link Attacks Can Hide Malware From EDR Tools
Bitdefender researchers show how backdoored Windows bind links can create conflicting filesystem views to hide malware from endpoint security products.
-
It's FOSS ☛ Cursor AI's Silence on a Critical Flaw Jeopardizes Millions of Users
The flaw lets any repository auto-execute code on Cursor for Windows, and researchers say the company ignored it.
-
Security Week ☛ CISA Urges Immediate Patching of Exploited SharePoint Vulnerabilities
Three vulnerabilities are actively exploited in attacks, including two that have been targeted as zero-days.
-