privilege escalation Archives • Page 9 of 15 • Daily CyberSecurity

CVE-2025-7493: Critical Flaw in FreeIPA Allows Host Users to Escalate to Domain Administrator

Do Son October 1, 2025

The FreeIPA Team has released a security advisory addressing a critical privilege escalation vulnerability (CVE-2025-7493) that could...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Zero-Day PoC Published: Privilege Escalation Flaw in VMware Tools Used by Chinese APT

Do Son September 30, 2025

A newly disclosed local privilege escalation vulnerability, CVE-2025-41244, has been exploited as a zero-day in the wild,...

Broadcom Patches VMware Flaws: Privilege Escalation and Info Disclosure Vulnerabilities Affect VMware Tools and Aria Operations VMware Fusion Privilege Escalation CVE-2026-41702 TOCTOU VMware Vulnerabilities, Broadcom Security CVE-2024-38814 - VMware HCX CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226

VMware Fusion Privilege Escalation CVE-2026-41702 TOCTOU VMware Vulnerabilities, Broadcom Security CVE-2024-38814 - VMware HCX CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226

Broadcom Patches VMware Flaws: Privilege Escalation and Info Disclosure Vulnerabilities Affect VMware Tools and Aria Operations

Do Son September 30, 2025

Broadcom has released patches addressing three vulnerabilities in VMware Aria Operations and VMware Tools, with severities ranging...

PoC Exploit Details for Actively Exploited iOS Zero-Day Flaw Now Public Coruna Exploit Kit iOS Security Update Apple Zero-Day CVE-2026-20700 Apple Data Privacy Day 2026, iPhone privacy features guide iOS Privilege Escalation, CVE-2025-24085 PoC Apple Manufacturing Academy, US Investment CVE-2024-44258 - symlink vulnerability

Coruna Exploit Kit iOS Security Update Apple Zero-Day CVE-2026-20700 Apple Data Privacy Day 2026, iPhone privacy features guide iOS Privilege Escalation, CVE-2025-24085 PoC Apple Manufacturing Academy, US Investment CVE-2024-44258 - symlink vulnerability

PoC Exploit Details for Actively Exploited iOS Zero-Day Flaw Now Public

Do Son September 29, 2025

Proof-of-concept exploit code is now publicly available online for a zero-day flaw in iOS/iPadOS, macOS, tvOS, watchOS,...

The Database Was the Door: A Ransomware Attack Began with an Exposed Oracle Serve Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

The Database Was the Door: A Ransomware Attack Began with an Exposed Oracle Serve

Do Son September 22, 2025

Yarix’s Incident Response Team (YIR) has published an in-depth analysis of a targeted intrusion that leveraged an...

Phoenix (CVE-2025-6202): A New Rowhammer Attack Bypasses DDR5 Protections

Do Son September 18, 2025

Researchers from ETH Zurich have unveiled Phoenix, a new Rowhammer attack that successfully bypasses in-DRAM mitigations in...

PyInstaller Flaw : Are Your Python Apps Vulnerable to Hijacking? PyInstaller, security CVE-2025-59042

PyInstaller Flaw : Are Your Python Apps Vulnerable to Hijacking?

Do Son September 12, 2025

The PyInstaller project has released fixes for a local privilege escalation vulnerability that affected applications packaged with...

High-Severity Flaws in Sunshine for Windows Allow Privilege Escalation Sunshine for Windows, vulnerability

High-Severity Flaws in Sunshine for Windows Allow Privilege Escalation

Do Son September 11, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of two critical local security flaws...

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

NVIDIA Patches High-Severity Vulnerabilities in NVDebug Tool

Do Son September 11, 2025

NVIDIA has released a software update for its NVDebug tool, addressing three high-severity vulnerabilities (CVE-2025-23342, CVE-2025-23343, and...

MostereRAT: The New RAT That Is Bypassing Antivirus and EDR Solutions MostereRAT, defense evasion

MostereRAT: The New RAT That Is Bypassing Antivirus and EDR Solutions

Do Son September 9, 2025

FortiGuard Labs has uncovered a sophisticated phishing campaign that deploys a new Remote Access Trojan (RAT) dubbed...

PoC Available: macOS Sequoia Flaw Allows Keychain Dump and TCC Bypass (CVSS 9.8) macOS Sequoia, gcore vulnerability

PoC Available: macOS Sequoia Flaw Allows Keychain Dump and TCC Bypass (CVSS 9.8)

Do Son September 5, 2025

Apple has patched a critical security vulnerability in macOS Sequoia, tracked as CVE-2025-24204 (CVSS 9.8), that could...

GNU Guix Issues Advisory for a Critical Privilege Escalation Flaw GNU Guix, privilege escalation guix-daemon vulnerability

GNU Guix Issues Advisory for a Critical Privilege Escalation Flaw

Do Son September 4, 2025

The GNU Guix team has issued a critical security advisory warning users to immediately update their systems...

Ubuntu Is Swapping Out Sudo for a More Secure, Rust-Based Version Ubuntu 26.04 sudo-rs Ubuntu 26.04 LTS, Release Schedule Ubuntu update bug, Rust coreutils Ubuntu, sudo-rs NVIDIA CUDA, Ubuntu

Ubuntu 26.04 sudo-rs Ubuntu 26.04 LTS, Release Schedule Ubuntu update bug, Rust coreutils Ubuntu, sudo-rs NVIDIA CUDA, Ubuntu

Ubuntu Is Swapping Out Sudo for a More Secure, Rust-Based Version

Do Son September 3, 2025

Renowned operating system developer Canonical has announced that the upcoming Ubuntu 25.10 release will replace the long-standing...

MediaTek September 2025 Security Bulletin: High-Severity Modem Flaws Could Enable Remote Attacks MediaTek Chipset Flaws, WLAN Buffer Overflow MediaTek Vulnerabilities, Chipset Security

MediaTek Chipset Flaws, WLAN Buffer Overflow MediaTek Vulnerabilities, Chipset Security

MediaTek September 2025 Security Bulletin: High-Severity Modem Flaws Could Enable Remote Attacks

Do Son September 1, 2025

MediaTek has published its September 2025 Product Security Bulletin, disclosing several high- and medium-severity vulnerabilities affecting a...

CVE-2025-8067: Linux Privilege Escalation Flaw Found in UDisks Daemon, PoC Releases UDisks daemon, Linux vulnerability

CVE-2025-8067: Linux Privilege Escalation Flaw Found in UDisks Daemon, PoC Releases

Do Son September 1, 2025

A security researcher has disclosed a serious flaw in the UDisks daemon, a widely used component for...

BadSuccessor (CVE-2025-53779) Technique Persists Despite Microsoft Patch BadSuccessor, Active Directory

BadSuccessor (CVE-2025-53779) Technique Persists Despite Microsoft Patch

Do Son August 30, 2025

At DEF CON 2025, Akamai security researcher Yuval Gordon revealed the story of BadSuccessor (CVE-2025-53779), an Active...

Multi Flaws Found in HikCentral, Including a Bypass for Admin Access (CVE-2025-39247) Hikvision Vulnerability CVE-2026-0709 Hikvision Vulnerability CVE-2025-66176 Hikvision, vulnerability Canada Hikvision Ban, National Security Hikvision firmware updates

Hikvision Vulnerability CVE-2026-0709 Hikvision Vulnerability CVE-2025-66176 Hikvision, vulnerability Canada Hikvision Ban, National Security Hikvision firmware updates

Multi Flaws Found in HikCentral, Including a Bypass for Admin Access (CVE-2025-39247)

Do Son August 29, 2025

The Hikvision Security Response Center (HSRC) has released a new advisory detailing three vulnerabilities affecting different versions...

A CVSS 9.6 Remote Flaw Allows Unauthenticated Attackers to Bypass Dell ThinOS Dell ThinOS, remote access

A CVSS 9.6 Remote Flaw Allows Unauthenticated Attackers to Bypass Dell ThinOS

Do Son August 28, 2025

Dell Technologies has issued a security advisory addressing several high-severity vulnerabilities in its ThinOS 10 platform, widely...

Langflow Hit by Privilege Escalation Flaw: CVE-2025-57760 Langflow, Privilege escalation

Langflow Hit by Privilege Escalation Flaw: CVE-2025-57760

Do Son August 26, 2025

The Langflow project has issued an important security advisory regarding a newly discovered vulnerability that poses a...

Researcher Details CVE-2025-29824 – A Windows CLFS 0-Day Exploited by Ransomware Gang Windows vulnerability, Ransomware

Researcher Details CVE-2025-29824 – A Windows CLFS 0-Day Exploited by Ransomware Gang

Do Son August 20, 2025

In April, Microsoft has patched a high-severity, zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System...

Critical Alert