Tag

Cyber Security News

All articles tagged with #cyber security news

cyber-security-news7 days ago•57 min saved

Public PoC Reveals Local Root Exploit for DirtyDecrypt Linux Kernel

A public proof‑of‑concept exploit for the DirtyDecrypt (DirtyCBC) Linux kernel local privilege escalation (CVE-2026-31635) has been released. It exploits a missing copy-on-write guard in rxgk_decrypt_skb() within the RxGK subsystem, enabling a local unprivileged user to overwrite privileged memory (including /etc/shadow, sudoers, and SUID binaries) and gain root. The upstream patch was merged on April 25, 2026, and affected kernels require RXGK to be enabled (CONFIG_RXGK=y/m). Rolling‑release distributions with unpatched kernels (e.g., Fedora Rawhide, Arch before patch, openSUSE Tumbleweed) are at risk, while distros that ship RXGK disabled (e.g., some Debian/RHEL/Ubuntu builds) are less affected. In containers and Kubernetes environments, the flaw can lead to container escapes and host compromise. Mitigations include upgrading the kernel package and rebooting; as a temporary workaround, blacklisting rxrpc, esp4, and esp6 can be used at the expense of IPsec/AFS functionality. Kubernetes operators should rebuild worker images with patched kernels and enforce strict pod security settings.

via CyberSecurityNews|

#cve-2026-31635 #cyber-security-news #dirtydecrypt

cyber-security-news9 days ago•57 min saved

Public PoC Unleashes Windows 'MiniPlasma' Privilege-Escalation to SYSTEM

A publicly released PoC for the Windows 'MiniPlasma' zero-day privilege-escalation flaw lets unprivileged users gain SYSTEM privileges by exploiting the Cloud Filter driver’s HsmOsBlockPlaceholderAccess race condition and writing to the .DEFAULT hive. The bug traces to CVE-2020-17103 (originally patched in 2020 by Microsoft) but the PoC shows the flaw remains exploitable; Nightmare-Eclipse released the exploit on GitHub on May 13, 2026, after May Patch Tuesday, increasing risk as weaponized code circulates and affects all Windows versions. Organizations should monitor Microsoft’s response and apply patches when available.

via CyberSecurityNews|

#cyber-security-news #miniplasma #nightmare-eclipse

cyber-security-news10 days ago•56 min saved

Claude Code CLI RCE via Malicious Deeplinks Prompted Quick Patch (2.1.118)

A critical remote code execution vulnerability in Anthropic’s Claude Code CLI allowed attackers to execute arbitrary commands through crafted deeplinks. The flaw came from a context-blind argument parser that treated --settings overrides found inside a deeplink’s q parameter as legitimate, enabling injection of a SessionStart hook at startup. Anthropic released a fix in Claude Code 2.1.118 and urged users to update; the issue highlights the risks of eager CLI parsing and deeplink handling.

via CyberSecurityNews|

#claude-code #cli #cyber-security-news

cyber-security-news22 days ago•58 min saved

Wild PAN-OS Flaw Exposes Palo Alto Firewalls to Root Access

A critical, unauthenticated buffer overflow in PAN-OS’s User-ID Authentication Portal (CVE-2026-0300) is being exploited in the wild to gain full root access on PA-Series and VM-Series firewalls. The flaw allows remote code execution with no credentials or user interaction over the network, affecting multiple PAN-OS versions (with some product exclusions). Patches are rolling out May 13–28, 2026; meanwhile, admins should restrict or disable internet-facing Authentication Portals and apply Threat Prevention signatures, and audit exposed configurations immediately.

via CyberSecurityNews|

#cve-2026-0300 #cyber-security-news #cybersecurity

cyber-security-news29 days ago•58 min saved

Windows 0-Click Flaw Bypasses SmartScreen; Patch Leaves NTLM Exposure

APT28 exploited a Windows Shell 0-click vulnerability chain (CVE-2026-21510 and CVE-2026-21513) via a weaponized LNK file to bypass Defender SmartScreen and load a CPL component without user interaction; Microsoft patched the RCE path in the April 2026 Patch Tuesday by adding ControlPanelLinkSite and a trust-verification flag, but a residual flaw (CVE-2026-32202) allows NTLM authentication to be triggered during UNC-path resolution when opening a folder containing the LNK, enabling credential exposure. Defenders should apply the April 2026 updates immediately, monitor outbound SMB traffic, enforce NTLMv2 or Kerberos, and perform regression testing to prevent patch regressions.

via CyberSecurityNews|

#apt28 #cve-2026-21510 #cve-2026-32202

cyber-security-news1 month ago•56 min saved

Threat Actors Weaponize Teams Messaging to Breach Enterprises

UNC6692 runs a multistage intrusion that begins with mass email bombardment and escalates via impersonation of IT staff in Microsoft Teams, guiding victims to a phishing landing page hosted on AWS S3. The campaign then harvests credentials, deploys a modular malware suite (SNOWBELT), and uses cloud-based C2 and data staging to exfiltrate data and compromise domain controllers, highlighting the need to restrict external Teams access and monitor cloud egress and browser extensions for anomalous activity.

via CyberSecurityNews|

#cyber-security-news #cybersecurity #microsoft-teams

cyber-security-news1 month ago•53 min saved

RedSun: Defender zero-day grants SYSTEM access on Windows

A newly disclosed zero-day in Microsoft Defender, dubbed RedSun, lets an unprivileged user escalate to SYSTEM on patched Windows 10/11 and Windows Server 2019+ by abusing Defender’s cloud file handling. The attack rewrites a malicious file back to a system path via cldapi.dll and oplocks, overwriting a system binary in System32 (e.g., TieringEngineService.exe) and gaining full code execution as SYSTEM. CVE-2026-33825 carries a CVSS of 7.8; there is currently no patch. Security teams should monitor Defender file-write activity to System32, look for cldapi.dll-issued redirects, and apply endpoint detection until Microsoft issues a fix.

via CyberSecurityNews|

#cve-2026-33825 #cyber-security-news #microsoft-defender

cyber-security-news1 month ago•54 min saved

Active Fortinet SQL Flaw Targets FortiClient EMS, CISA Warns

CISA added CVE-2026-21643, a critical unauthenticated SQL injection in Fortinet FortiClient EMS, to the Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. The flaw enables remote code execution without authentication, risking full database compromise on affected FortiClient EMS deployments. Fortinet has released patches; federal agencies must patch by April 16, 2026, and private-sector admins are urged to patch within three days, monitor for unusual HTTP requests targeting EMS, and take the server offline if patching isn’t possible.

via CyberSecurityNews|

#cisa-kev #cve-2026-21643 #cyber-security-news

cyber-security-news4 months ago•52 min saved

Windows 11 Shutdown Bug Emerges After January Patch

Microsoft’s January 13, 2026 security update KB5073455 for Windows 11 23H2 (OS Build 22621.6491) triggers a shutdown bug on Enterprise and IoT editions, causing devices to reboot instead of powering down or entering hibernation due to interference with Secure Launch (a virtualization-based security feature). IT teams report power-management issues and potential data loss; a workaround is to force shutdown via shutdown /s /t 0, while a fix is promised in a future update. Disabling Secure Launch via Group Policy can restore normal shutdown but weakens boot integrity.

via Cyber Security News|

#cyber-security-news #secure-launch #security-update

cyber-security-news4 months ago•52 min saved

Unauthenticated PAN-OS DoS Flaw Forces Quick GlobalProtect Patch

Palo Alto Networks patched a critical PAN-OS vulnerability (CVE-2026-0227) that lets unauthenticated attackers trigger a denial-of-service on GlobalProtect gateways/portals. The flaw, rated CVSS 7.7 (HIGH), stems from improper handling of unusual conditions and affects multiple PAN-OS versions (Cloud NGFW is spared). A PoC exists, exploitation is not yet observed, and no workarounds are available. Administrators should upgrade to the latest hotfixes (PAN-OS 12.1.4 or 11.2.10-h2) and verify configurations via Palo Alto’s support portal while monitoring for DoS attempts.

via Cyber Security News|

#cve-2026-0227 #cyber-security-news #denial-of-service