Kritische Sharepoint-Sicherheitslücke: Erste Patches für "ToolShell" sind da
Microsoft hat mittlerweile einen Patch veröffentlicht, Angreifer waren am Wochenende jedoch nicht untätig. Dutzende Sharepoint-Installationen wurden Opfer.
Microsoft: Angriffe auf neue Sharepoint-Lücke – bislang kein Patch verfügbar
Microsoft warnt vor aktiven Angriffen auf eine bislang unbekannte Lücke in Sharepoint-Servern und benennt Erste-Hilfe-Maßnahmen für Verteidiger.
Gmail Message Exploit Triggers Code Execution in Claude, Bypassing Protections
https://gbhackers.com/gmail-message-exploit-triggers-code-execution-in-claude/
Jetzt aktualisieren! Chrome-Sicherheitslücke wird angegriffen
Google hat in der Nacht zum Mittwoch den Chrome-Webbrowser aktualisiert. Das Update schließt auch eine bereits attackierte Lücke.
#Today one of my colleagues put my attention on this article, and to be honest I do love the reporting style. Meme's and writing like this?
"The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence."
"China go brrr"
At least it's not dry
https://doublepulsar.com/citrixbleed-2-situation-update-everybody-already-got-owned-503c6d06da9f
Exploit verfügbar: FortiWeb-Sicherheitslücke jetzt patchen!
Am Donnerstag hat Fortinet ein Update für FortiWeb veröffentlicht. Exploits sind aufgetaucht, die die kritische Lücke missbrauchen.
Critical #CitrixBleed 2 #vulnerability has been under active #exploit for weeks
A critical vulnerability allowing #hackers to bypass #multifactor #authentication in network management devices made by #Citrix has been actively #exploited for more than a month, researchers said. The finding is at odds with advisories from the vendor saying there is no evidence of in-the-wild #exploitation.
#security #privacy
Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.
The PoC is available on GitHub. A full technical writeup will be published on my blog soon.
GitHub: https://github.com/morgenm/sudo-chroot-CVE-2025-32463
The Language Sloth Web Application 1.0 Cross Site Scripting https://packetstorm.news/files/206262 #exploit
#AMD warns of new #Meltdown, #Spectre-like bugs affecting #CPU
Four bugs do not appear too venomous – two have medium-severity ratings other two are rated "low." However, low-level nature of #exploit's impact has nonetheless led Trend Micro and CrowdStrike to assess them as "critical."
Rasons for low severity scores are high degree of complexity involved in successful attack – AMD said it could only be carried out by attacker able to run arbitrary code on a target machine
https://www.theregister.com/2025/07/09/amd_tsa_side_channel/
https://www.europesays.com/uk/244121/ China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year #China #CISA #CybersecurityAndInfrastructureSecurityAgency(cisa) #EU #Europe #exploit #exploitation #France #Ivanti #mandiant #vulnerabilities #ZeroDays
https://www.chinatalk.media/p/apple-in-china
If #US #corporations can #exploit #labor in places such as #China, they surely will salivate at doing the same with a large pool of #slaves domestically. That seems to be the plan.
A critical Linux vulnerability (CVE-2025-32463) in Sudo lets any local unprivileged user gain root via the --chroot (-R) option
Affects default configs on Ubuntu, Fedora & others — no Sudo rules needed
Fix: Update to Sudo 1.9.17p1+ (no workarounds)
CVSS: 9.8 (Critical)
Highlights persistent risks in open-source privilege handling
https://cybersecuritynews.com/linux-sudo-chroot-vulnerability/
#Linux #Sudo #FOSS #CyberSecurity #InfoSec #OpenSource #Vulnerability #Root #Exploit #SysAdmin #DevSecOps #Tech @TechNews