Security
Headlines
HeadlinesLatestCVEs

Tag

#ssh

CVE-2025-27731: Microsoft OpenSSH for Windows Elevation of Privilege Vulnerability

Improper input validation in Microsoft Management Console allows an authorized attacker to elevate privileges locally.

Microsoft Security Response Center
Open in Source
#vulnerability#windows#microsoft#auth#ssh#OpenSSH for Windows#Security Vulnerability
B&R APROL

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: B&R Equipment: APROL Vulnerabilities: Inclusion of Functionality from Untrusted Control Sphere, Incomplete Filtering of Special Elements, Improper Control of Generation of Code ('Code Injection'), Improper Handling of Insufficient Permissions or Privileges , Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function, Exposure of Sensitive System Information to an Unauthorized Control Sphere, Exposure of Data Element to Wrong Session, Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), External Control of File Name or Path, Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute commands, elevate privileges, gather sensitive information, or alter the product. 3. TECHNICAL DETA...

Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers

Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain control over systems," Elastic Security Labs said in a new analysis

Hacker Claims Breach of Check Point Cybersecurity Firm, Sells Access

Hacker claims breach of Israeli cybersecurity firm Check Point, offering network access and sensitive data for sale; company denies any recent incident.

GHSA-gfhv-5rqh-7qx3: ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.

Ansible vs Terraform: Which is More Secure for Infrastructure Automation?

Gartner describes infrastructure as code (IaC) as a key way to unlock the potential of the cloud. However,…

New Phishing Scam Uses Fake Instagram Chatbot to Hijack Accounts

New phishing scam targets Instagram business accounts using fake chatbots and support emails, tricking users into handing over login credentials.

Semrush impersonation scam hits Google Ads

The phishing campaign for valuable Google accounts continues with a new twist, going after the customers of a Sass platform.

UAT-5918 targets critical infrastructure entities in Taiwan

UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim environments for information theft and credential harvesting.

Mitigating threats against telco networks in the cloud

In the telecommunication world, security is not just a necessity—it’s a foundation of trust. Telcos are the backbone for global communication, transporting sensitive data in real time across large networks. Any vulnerability in this critical infrastructure can lead to data breaches, exposing confidential information. With billions of connected devices, from mobile phones to IoT, the potential of misuse of data can seriously impact national security. Protecting the network from threats isn't merely a technical challenge, it's a vital part of the job.User management, hardening, network secur