Tag: cve

Researchers Uncover Critical runC Bugs Allowing Full Container Escape

Nov 11, 2025 9:20 AM

Tags: container, control, cve, docker, exploit, flaw, kubernetes, vulnerability

Security researchers have revealed three serious vulnerabilities in runC, the Open Container Initiative (OCI)-compliant runtime that powers platforms such as Docker and Kubernetes, which could allow attackers to break container isolation and gain control of the host system. The flaws, tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, stem from weaknesses in how runC manages temporary bind…
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks

Nov 11, 2025 8:19 AM

Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, mobile, rce, remote-code-execution, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Tracked as CVE-2025-21042, this zero-day flaw resides in Samsung’s libimagecodec library. It could allow attackers to bypass security protections and execute arbitrary code…
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks

Nov 11, 2025 8:19 AM

Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, mobile, rce, remote-code-execution, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Tracked as CVE-2025-21042, this zero-day flaw resides in Samsung’s libimagecodec library. It could allow attackers to bypass security protections and execute arbitrary code…
Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature

Nov 10, 2025 11:19 PM

Tags: access, antivirus, authentication, cve, defense, exploit, flaw, google, hacker, mandiant, threat, tool, vulnerability

Google’s Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet’s Triofox file-sharing and remote access platform.The critical vulnerability, tracked as CVE-2025-12480 (CVSS score: 9.1), allows an attacker to bypass authentication and access the configuration pages, resulting in the upload and execution of arbitrary payloads. The First seen…
Popular npm Library Used in AI and NLP Projects Exposes Systems to RCE

Nov 10, 2025 2:19 PM

Tags: ai, cve, cyber, rce, remote-code-execution, risk, vulnerability

A critical remote code execution vulnerability has been discovered in the widely used JavaScript library expr-eval, affecting thousands of projects that rely on it for mathematical expression evaluation and natural language processing. The vulnerability, tracked as CVE-2025-12735, poses significant risks to server environments and to AI-powered applications that process user input. Identifier Value CVE ID…
Runtime bugs break container walls, enabling root on Docker hosts

Nov 10, 2025 1:19 PM

Tags: access, attack, container, cve, detection, docker, exploit, flaw, linux, monitoring, vulnerability

Console and Write-Gadget Lurkers: CVE-2025-52565 & CVE-2025-52881: The second vulnerability, tracked as CVE-2025-52565, targets “/dev/console” bind-mount handling. An attacker can replace the target path with a symlink, which will cause runc to bind-mount the wrong target, allowing the attacker to gain write access to procfs paths.”As with CVE-2025-31133, this happens after pivot_root(2) and so cannot…
Runtime bugs break container walls, enabling root on Docker hosts

Nov 10, 2025 1:19 PM

Tags: access, attack, container, cve, detection, docker, exploit, flaw, linux, monitoring, vulnerability

Console and Write-Gadget Lurkers: CVE-2025-52565 & CVE-2025-52881: The second vulnerability, tracked as CVE-2025-52565, targets “/dev/console” bind-mount handling. An attacker can replace the target path with a symlink, which will cause runc to bind-mount the wrong target, allowing the attacker to gain write access to procfs paths.”As with CVE-2025-31133, this happens after pivot_root(2) and so cannot…
Runtime bugs break container walls, enabling root on Docker hosts

Nov 10, 2025 1:19 PM

Tags: access, attack, container, cve, detection, docker, exploit, flaw, linux, monitoring, vulnerability

Console and Write-Gadget Lurkers: CVE-2025-52565 & CVE-2025-52881: The second vulnerability, tracked as CVE-2025-52565, targets “/dev/console” bind-mount handling. An attacker can replace the target path with a symlink, which will cause runc to bind-mount the wrong target, allowing the attacker to gain write access to procfs paths.”As with CVE-2025-31133, this happens after pivot_root(2) and so cannot…
CISOs must prove the business value of cyber, the right metrics can help

Nov 10, 2025 9:19 AM

Tags: attack, business, ceo, cio, ciso, control, corporate, cve, cyber, cybersecurity, data, finance, framework, guide, identity, intelligence, metric, mfa, mitre, nist, office, okta, risk, service, strategy, supply-chain, technology, threat, update, usa, vulnerability

Cybersecurity as a business function: “The challenge has been that security is put in the wrong organizational structure, with the CISO reporting to the CIO or CTO or chief digital officer,” Oberlaender says. “Security is not foremost a technology problem. Maybe ten or twenty percent is technology. But the rest is people, process and the…
CISOs must prove the business value of cyber, the right metrics can help

Nov 10, 2025 9:19 AM

Tags: attack, business, ceo, cio, ciso, control, corporate, cve, cyber, cybersecurity, data, finance, framework, guide, identity, intelligence, metric, mfa, mitre, nist, office, okta, risk, service, strategy, supply-chain, technology, threat, update, usa, vulnerability

Cybersecurity as a business function: “The challenge has been that security is put in the wrong organizational structure, with the CISO reporting to the CIO or CTO or chief digital officer,” Oberlaender says. “Security is not foremost a technology problem. Maybe ten or twenty percent is technology. But the rest is people, process and the…
CISOs must prove the business value of cyber, the right metrics can help

Nov 10, 2025 9:19 AM

Tags: attack, business, ceo, cio, ciso, control, corporate, cve, cyber, cybersecurity, data, finance, framework, guide, identity, intelligence, metric, mfa, mitre, nist, office, okta, risk, service, strategy, supply-chain, technology, threat, update, usa, vulnerability

Cybersecurity as a business function: “The challenge has been that security is put in the wrong organizational structure, with the CISO reporting to the CIO or CTO or chief digital officer,” Oberlaender says. “Security is not foremost a technology problem. Maybe ten or twenty percent is technology. But the rest is people, process and the…
LangGraph Deserialization Flaw Enables Execution of Malicious Python Code

Nov 10, 2025 8:19 AM

Tags: cve, cyber, flaw, malicious, remote-code-execution, vulnerability

A critical remote code execution vulnerability has been discovered in LangGraph’s checkpoint serialization library, affecting versions before 3.0. The flaw resides in the JsonPlusSerializer component, which is the default serialization protocol used for all checkpointing operations. This vulnerability (CVE-2025-64439) allows attackers to execute arbitrary Python code during the deserialization of malicious payloads. Attribute Details CVE…
Elastic Defend for Windows Vulnerability Allows Threat Actors to Gain Elevated Access

Nov 10, 2025 8:19 AM

Tags: access, advisory, cve, cyber, endpoint, risk, service, threat, vulnerability, windows

Elastic has released a security advisory addressing a significant vulnerability in Elastic Defend that could allow attackers to escalate their privileges on Windows systems. The vulnerability, tracked as CVE-2025-37735, stems from improper preservation of file permissions in the Defend service and poses a serious risk to organizations relying on this endpoint protection platform. Field Details…
LangGraph Deserialization Flaw Enables Execution of Malicious Python Code

Nov 10, 2025 8:19 AM

Tags: cve, cyber, flaw, malicious, remote-code-execution, vulnerability

A critical remote code execution vulnerability has been discovered in LangGraph’s checkpoint serialization library, affecting versions before 3.0. The flaw resides in the JsonPlusSerializer component, which is the default serialization protocol used for all checkpointing operations. This vulnerability (CVE-2025-64439) allows attackers to execute arbitrary Python code during the deserialization of malicious payloads. Attribute Details CVE…
Hackers Abuse runc Tool to Escape Containers and Compromise Hosts

Nov 10, 2025 8:19 AM

Tags: access, container, cve, cyber, docker, flaw, hacker, kubernetes, tool, vulnerability

Three critical vulnerabilities in runc, the widely-used container runtime that powers Docker and Kubernetes, have been disclosed, allowing attackers to break out of container isolation and gain root access to host systems. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, were revealed by a SUSE researcher on November 5, 2025. CVE ID Affected Versions Fixed…
Hackers Abuse runc Tool to Escape Containers and Compromise Hosts

Nov 10, 2025 8:19 AM

Tags: access, container, cve, cyber, docker, flaw, hacker, kubernetes, tool, vulnerability

Three critical vulnerabilities in runc, the widely-used container runtime that powers Docker and Kubernetes, have been disclosed, allowing attackers to break out of container isolation and gain root access to host systems. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, were revealed by a SUSE researcher on November 5, 2025. CVE ID Affected Versions Fixed…
Hackers Abuse runc Tool to Escape Containers and Compromise Hosts

Nov 10, 2025 8:19 AM

Tags: access, container, cve, cyber, docker, flaw, hacker, kubernetes, tool, vulnerability

Three critical vulnerabilities in runc, the widely-used container runtime that powers Docker and Kubernetes, have been disclosed, allowing attackers to break out of container isolation and gain root access to host systems. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, were revealed by a SUSE researcher on November 5, 2025. CVE ID Affected Versions Fixed…
Monsta FTP Remote Code Execution Flaw Being Exploited in the Wild

Nov 10, 2025 6:20 AM

Tags: cve, cyber, exploit, finance, flaw, remote-code-execution, vulnerability

Security researchers have discovered an actively exploited remote code execution vulnerability in Monsta FTP, a web-based FTP client used by financial institutions, enterprises, and individual users worldwide. The flaw, now tracked as CVE-2025-34299, affects versions up to 2.11.2 and allows attackers to execute arbitrary code on vulnerable servers without authentication. CVE ID Vulnerability Type Affected…
Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware

Nov 8, 2025 7:19 AM

Tags: android, attack, cve, exploit, flaw, mobile, spyware, zero-day

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary First…
New “LANDFALL” Android Malware Uses Samsung 0-Day Vulnerability Hidden in WhatsApp Images

Nov 8, 2025 7:19 AM

Tags: android, cve, cyber, cybersecurity, exploit, malware, spyware, vulnerability, zero-day

Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices. The malware, dubbed LANDFALL, leveraged a critical vulnerability in Samsung’s image processing library to deliver commercial-grade surveillance capabilities through maliciously crafted image files sent via WhatsApp. The LANDFALL campaign exploited CVE-2025-21042, a…
Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware

Nov 8, 2025 7:19 AM

Tags: android, attack, cve, exploit, flaw, mobile, spyware, zero-day

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary First…
New “LANDFALL” Android Malware Uses Samsung 0-Day Vulnerability Hidden in WhatsApp Images

Nov 8, 2025 7:19 AM

Tags: android, cve, cyber, cybersecurity, exploit, malware, spyware, vulnerability, zero-day

Cybersecurity researchers at Unit 42 have uncovered a sophisticated Android spyware campaign that exploited a previously unknown zero-day vulnerability in Samsung Galaxy devices. The malware, dubbed LANDFALL, leveraged a critical vulnerability in Samsung’s image processing library to deliver commercial-grade surveillance capabilities through maliciously crafted image files sent via WhatsApp. The LANDFALL campaign exploited CVE-2025-21042, a…
LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

Nov 8, 2025 12:19 AM

Tags: attack, cve, exploit, flaw, middle-east, spyware, zero-day

A now-patched Samsung Galaxy flaw, tracked as CVE-2025-21042, was exploited as a zero-day to deploy LANDFALL spyware in targeted attacks in Middle East. Samsung patched a flaw exploited as a zero-day, tracked as CVE-2025-21042 (CVSS score of 8.8), to deploy LANDFALL spyware on Galaxy devices in Middle East attacks. >>Unit 42 researchers have uncovered a…
Cisco Unified CCX Remote Code Execution Vulnerabilities (CVE-2025-20354, CVE-2025-20358)

Nov 7, 2025 8:20 PM

Tags: authentication, cisco, cve, data, remote-code-execution, service, vulnerability

Technical details The problem comes from weak authentication in two different CCX components. CVE-2025-20354 targets the Java RMI service. CCX exposes this service to accept remote data, but it does not properly check who is sending it. That means an attacker can upload a specially crafted file and run commands on the underlying operating system.”¦…
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework

Nov 7, 2025 8:20 PM

Tags: access, ai, android, antivirus, api, apple, attack, authentication, business, cio, cisa, ciso, cloud, communications, container, control, credentials, cryptography, cve, cyber, cybercrime, cybersecurity, data, defense, detection, docker, endpoint, exploit, firewall, flaw, framework, google, governance, group, guide, hacker, identity, infrastructure, injection, Internet, kubernetes, leak, least-privilege, linux, malicious, malware, mfa, microsoft, mitigation, mitre, mobile, network, offense, oracle, programming, resilience, risk, risk-management, service, skills, soc, social-engineering, software, sophos, spam, strategy, supply-chain, switch, tactics, technology, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE’s major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks. Key takeaways Google is forecasting that AI will kick…
Cisco Unified CCX Remote Code Execution Vulnerabilities (CVE-2025-20354, CVE-2025-20358)

Nov 7, 2025 8:20 PM

Tags: authentication, cisco, cve, data, remote-code-execution, service, vulnerability

Technical details The problem comes from weak authentication in two different CCX components. CVE-2025-20354 targets the Java RMI service. CCX exposes this service to accept remote data, but it does not properly check who is sending it. That means an attacker can upload a specially crafted file and run commands on the underlying operating system.”¦…
Cisco Unified CCX Remote Code Execution Vulnerabilities (CVE-2025-20354, CVE-2025-20358)

Nov 7, 2025 8:20 PM

Tags: authentication, cisco, cve, data, remote-code-execution, service, vulnerability

Technical details The problem comes from weak authentication in two different CCX components. CVE-2025-20354 targets the Java RMI service. CCX exposes this service to accept remote data, but it does not properly check who is sending it. That means an attacker can upload a specially crafted file and run commands on the underlying operating system.”¦…
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework

Nov 7, 2025 8:20 PM

Tags: access, ai, android, antivirus, api, apple, attack, authentication, business, cio, cisa, ciso, cloud, communications, container, control, credentials, cryptography, cve, cyber, cybercrime, cybersecurity, data, defense, detection, docker, endpoint, exploit, firewall, flaw, framework, google, governance, group, guide, hacker, identity, infrastructure, injection, Internet, kubernetes, leak, least-privilege, linux, malicious, malware, mfa, microsoft, mitigation, mitre, mobile, network, offense, oracle, programming, resilience, risk, risk-management, service, skills, soc, social-engineering, software, sophos, spam, strategy, supply-chain, switch, tactics, technology, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE’s major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks. Key takeaways Google is forecasting that AI will kick…
Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp

Nov 7, 2025 7:20 PM

Tags: android, attack, cve, exploit, flaw, spyware, zero-day

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary First…
Critical CVE-2025-12779 Vulnerability Exposes Amazon WorkSpaces for Linux Users to Token Theft

Nov 7, 2025 3:19 PM

Tags: access, authentication, cve, flaw, linux, theft, unauthorized, vulnerability

A newly disclosed security flaw in the Amazon WorkSpaces client for Linux has raised serious concerns across organizations relying on AWS virtual desktop infrastructure. The vulnerability, identified as CVE-2025-12779, enables local attackers to extract valid authentication tokens and gain unauthorized access to other users’ WorkSpace sessions. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/amazon-workspaces-cve-2025-12779/