Privilege Escalation

New Chrome Flaw Allows Malicious Extensions to Gain Elevated Access Through Gemini Panel

Cybersecurity researchers have revealed technical details about a recently patched Google Chrome vulnerability that could have enabled malicious browser extensions to escalate privileges and access sensitive system resources. The flaw, identified as CVE-2026-0628 with a CVSS score of 8.8, stemmed from insufficient policy enforcement in Chrome’s WebView tag. Google addressed the issue in early January […]

New Chrome Flaw Allows Malicious Extensions to Gain Elevated Access Through Gemini Panel Read More »

Microsoft Fixes CVE-2026-26119 Privilege Escalation Flaw in Windows Admin Center

Microsoft has addressed a high-severity security vulnerability in Windows Admin Center that could allow attackers to escalate privileges on affected systems. The flaw, tracked as CVE-2026-26119, carried a CVSS score of 8.8 out of 10, highlighting its potential risk to enterprise environments. About the Vulnerability Windows Admin Center is a locally deployed, browser-based management suite enabling administrators

Microsoft Fixes CVE-2026-26119 Privilege Escalation Flaw in Windows Admin Center Read More »

Critical Azure Bastion Flaw Allowed Attackers to Bypass Authentication and Escalate Privileges

A newly identified flaw in Azure Bastion, tracked as CVE 2025 49752, presents a serious security risk for organizations depending on the service for secure remote access. The vulnerability allows remote attackers to bypass authentication controls and escalate privileges to the administrative level. Since Azure Bastion is widely used to manage cloud based virtual machines,

Critical Azure Bastion Flaw Allowed Attackers to Bypass Authentication and Escalate Privileges Read More »

LinkPro Linux Rootkit Uses eBPF to Hide, Activates via Magic TCP Packets

An investigation into a compromise of Amazon Web Services, AWS, hosted infrastructure uncovered a new GNU/Linux rootkit named LinkPro, according to Synacktiv. The backdoor relies on two eBPF, extended Berkeley Packet Filter, modules for stealth and remote activation. The initial access vector was an exposed Jenkins server exploited via CVE-2024-23897, after which a malicious Docker

LinkPro Linux Rootkit Uses eBPF to Hide, Activates via Magic TCP Packets Read More »

Windows BitLocker Flaws Allow Attackers to Bypass Encryption Security

Microsoft has revealed two major security vulnerabilities in its Windows BitLocker encryption system that could let attackers with physical access bypass data protection and read encrypted files. The flaws, listed as CVE-2025-55338 and CVE-2025-55333, were disclosed on October 14, 2025, as part of Microsoft’s Patch Tuesday updates. Both issues are rated Important with a CVSS

Windows BitLocker Flaws Allow Attackers to Bypass Encryption Security Read More »

Attackers Exploit ICTBroadcast Cookie Flaw to Obtain Remote Shell Access

Cybersecurity researchers have reported an active exploitation of a serious security flaw in ICTBroadcast, the autodialer software developed by ICT Innovations. The vulnerability, tracked as CVE-2025-2611 and assigned a CVSS score of 9.3, arises from insufficient input validation. This flaw allows unauthenticated remote code execution, as the call center application improperly passes session cookie data

Attackers Exploit ICTBroadcast Cookie Flaw to Obtain Remote Shell Access Read More »

Researchers Reveal Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Windows RPC Vulnerability CVE-2025-49760 Enables EPM Poisoning and Privilege Escalation Attacks Cybersecurity experts have revealed fresh details about a now-patched flaw in Microsoft Windows Remote Procedure Call (RPC) that could allow attackers to spoof legitimate services and impersonate trusted servers. The issue, tracked as CVE-2025-49760 with a CVSS score of 3.5, was described by Microsoft as a Windows

Researchers Reveal Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation Read More »