#linux

### Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. AWS recommends for customers to upgrade to the following versions: AWS JDBC Wrapper to v2.6.5 or greater. ### Source of Vulnerability Report: Allistair Ishmael Hakim [allistair.hakim@gmail.com](mailto:allistair.hakim@gmail.com) ### Affected products & versions: AWS JDBC Wrapper < 2.6.5 ### Platforms: MacOS/Windows/Linux

### Description of Vulnerability: An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. AWS recommends customers upgrade to the following versions: AWS Python Wrapper to v1.4.0 ### Source of Vulnerability Report: Allistair Ishmael Hakim <allistair.hakim@gmail.com> ### Affected products & versions: AWS Python Wrapper < 1.4.0 ### Platforms: MacOS/Windows/Linux

The EVE X1/X5 server suffers from multiple authenticated OS command injection vulnerabilities. This can be exploited to inject and execute arbitrary shell commands through multiple scripts affecting multiple parameters.

In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel.

Behind every click, there’s a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers are getting smarter, using new tools to sneak past filters and turn trusted systems against us. But security teams are fighting back. They’re building faster defenses, better ways to spot attacks, and stronger systems to keep people safe. It’s a constant race — every

Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild. Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three

Are you excited to try out post-quantum cryptography in Red Hat Enterprise Linux (RHEL), but you haven't yet upgraded to RHEL 10? Our efforts to ensure that you're ready to make the switch, and to prepare your organization for "Q-Day", now start with RHEL 9.7. By getting started now, you can proactively begin strengthening your security posture and preparing for a seamless transition to RHEL 10.RHEL 9 was released in 2022 and was an important step forward from a security perspective. It was the first version of RHEL that received FIPS 140-3 certification, matching current security requirement

The age of quantum computing is on the horizon, and with its immense processing power comes a significant threat to the cryptographic foundations of our digital world. In this article, we'll explore the emerging support for post-quantum cryptography (PQC) in Red Hat OpenShift 4.20, focusing on how it enhances the core components of the Kubernetes control plane: the apiserver, kubelet, scheduler, and controller-manager. Missing is etcd, using an older version of Go.The quantum threatToday's widely used public-key cryptosystems, such as RSA and elliptic curve cryptography (ECC), form the foundat

Unit 42 discovered LANDFALL, commercial-grade Android spyware, which used a hidden image vulnerability (CVE-2025-21042) to remotely spy on Samsung Galaxy users via WhatsApp. Update your phone now.