Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

Red Hat Advanced Cluster Security 4.9: Security built with your workflows in mind

We’ve been dedicated to advancing Red Hat Advanced Cluster Security for Kubernetes in line with the rapid evolution of Kubernetes security. With version 4.9, we’re introducing key integrations and updates designed to help streamline your workflows. To that end, we’ve improved our ability to integrate with other tools and services, enhanced visibility into operations, and begun the work of bringing virtual machines (VMs) into our scope of reporting and scanning. Red Hat Advanced Cluster Security Integration with ServiceNowA significant highlight of Red Hat Advanced Cluster Security 4.9 is

Red Hat Blog
Open in Source
#vulnerability#mac#linux#red_hat#kubernetes#auth#ssl
GHSA-8wj8-cfxr-9374: AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance

### Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. AWS recommends that customers upgrade to the following version: AWS NodeJS Wrapper to v2.0.1. ### Source of Vulnerability Report: Allistair Ishmael Hakim [allistair.hakim@gmail.com](mailto:allistair.hakim@gmail.com) ### Affected products & versions: AWS NodeJS Wrapper < 2.0.1. ### Platforms: MacOS/Windows/Linux

GHSA-7wq2-32h4-9hc9: AWS Advanced Go Wrapper: Privilege Escalation in Aurora PostgreSQL Instance

### Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. AWS recommends customers upgrade to the following versions: AWS Go Wrapper to 2025-10-17. ### Source of Vulnerability Report: Allistair Ishmael Hakim [allistair.hakim@gmail.com](mailto:allistair.hakim@gmail.com) ### Affected products & versions: AWS Go Wrapper < 2025-10-17. ### Platforms: MacOS/Windows/Linux

GHSA-7xw4-g7mm-r4hh: Amazon Web Services Advanced JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance

### Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. AWS recommends for customers to upgrade to the following versions: AWS JDBC Wrapper to v2.6.5 or greater. ### Source of Vulnerability Report: Allistair Ishmael Hakim [allistair.hakim@gmail.com](mailto:allistair.hakim@gmail.com) ### Affected products & versions: AWS JDBC Wrapper < 2.6.5 ### Platforms: MacOS/Windows/Linux

GHSA-4jvf-wx3f-2x8q: AWS Advanced Python Wrapper: Privilege Escalation in Aurora PostgreSQL instance

### Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. AWS recommends customers upgrade to the following versions: AWS Python Wrapper to v1.4.0 ### Source of Vulnerability Report: Allistair Ishmael Hakim <allistair.hakim@gmail.com> ### Affected products & versions: AWS Python Wrapper < 1.4.0 ### Platforms: MacOS/Windows/Linux

Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injections

The EVE X1/X5 server suffers from multiple authenticated OS command injection vulnerabilities. This can be exploited to inject and execute arbitrary shell commands through multiple scripts affecting multiple parameters.

Unleashing the Kraken ransomware group

In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel.

ThreatsDay Bulletin: Cisco 0-Days, AI Bug Bounties, Crypto Heists, State-Linked Leaks and 20 More Stories

Behind every click, there’s a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted systems against us. But security teams are fighting back. They’re building faster defenses, better ways to spot attacks, and stronger systems to keep people safe. It’s a constant race — every

Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack

Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three

Prepare for a post-quantum future with RHEL 9.7

Are you excited to try out post-quantum cryptography in Red Hat Enterprise Linux (RHEL), but you haven't yet upgraded to RHEL 10? Our efforts to ensure that you're ready to make the switch, and to prepare your organization for "Q-Day", now start with RHEL 9.7. By getting started now, you can proactively begin strengthening your security posture and preparing for a seamless transition to RHEL 10.RHEL 9 was released in 2022 and was an important step forward from a security perspective. It was the first version of RHEL that received FIPS 140-3 certification, matching current security requirement