Privilege Escalation

DeepLoad Malware

DeepLoad Malware Leverages ClickFix and WMI Persistence to Steal Browser Credentials

Cybersecurity researchers have identified a newly emerging malware campaign distributing a previously undocumented loader called DeepLoad, leveraging ClickFix social engineering techniques to infect systems and steal sensitive data. ClickFix Lure Initiates the Attack Chain The infection begins with a deceptive ClickFix prompt that convinces users to execute a PowerShell command manually. Victims are instructed to […]

DeepLoad Malware Leverages ClickFix and WMI Persistence to Steal Browser Credentials Read More »

Interlock Ransomware Exploits Cisco FMC Zero Day CVE-2026-20131 to Gain Root Access

Amazon Threat Intelligence has issued a warning regarding an active Interlock ransomware campaign exploiting a critical zero-day in Cisco Secure Firewall Management Center (FMC) software. The vulnerability, CVE-2026-20131 (CVSS 10.0), stems from insecure deserialization of user-supplied Java byte streams, enabling unauthenticated attackers to execute arbitrary Java code as root. According to Amazon’s MadPot global sensor

Interlock Ransomware Exploits Cisco FMC Zero Day CVE-2026-20131 to Gain Root Access Read More »

Nine Critical IP KVM Vulnerabilities Allow Unauthenticated Root Access Across Four Vendors

Cybersecurity researchers have revealed nine severe vulnerabilities in low-cost IP KVM devices, highlighting the risks posed by these networked remote management tools. The flaws were discovered by Eclypsium and affect products from GL-iNet Comet RM-1, Angeet/Yeeso ES3 KVM, Sipeed NanoKVM, and JetKVM. IP KVM devices provide remote access to a system’s keyboard, video output, and

Nine Critical IP KVM Vulnerabilities Allow Unauthenticated Root Access Across Four Vendors Read More »

Ubuntu CVE-2026-3888 Vulnerability Allows Root Access Through systemd Cleanup Timing Exploit

Cybersecurity researchers have disclosed a serious vulnerability in Ubuntu Desktop that could allow attackers to escalate privileges to root on affected systems. Tracked as CVE-2026-3888, the flaw carries a CVSS score of 7.8 and affects default installations of Ubuntu 24.04 LTS and later versions. According to the Qualys  Threat Research Unit (TRU), the vulnerability arises

Ubuntu CVE-2026-3888 Vulnerability Allows Root Access Through systemd Cleanup Timing Exploit Read More »

Linux-AppArmor

Nine CrackArmor Vulnerabilities in Linux AppArmor Allow Root Privilege Escalation and Container Isolation Bypass

Cybersecurity researchers have uncovered a group of critical security weaknesses in the Linux kernel’s AppArmor Linux security module that could allow attackers with limited privileges to bypass system protections, gain root access, and weaken container isolation mechanisms. The collection of nine vulnerabilities has been collectively named CrackArmor vulnerabilities by the Qualys Threat Research Unit (TRU).

Nine CrackArmor Vulnerabilities in Linux AppArmor Allow Root Privilege Escalation and Container Isolation Bypass Read More »

New Chrome Flaw Allows Malicious Extensions to Gain Elevated Access Through Gemini Panel

Cybersecurity researchers have revealed technical details about a recently patched Google Chrome vulnerability that could have enabled malicious browser extensions to escalate privileges and access sensitive system resources. The flaw, identified as CVE-2026-0628 with a CVSS score of 8.8, stemmed from insufficient policy enforcement in Chrome’s WebView tag. Google addressed the issue in early January

New Chrome Flaw Allows Malicious Extensions to Gain Elevated Access Through Gemini Panel Read More »

Microsoft Fixes CVE-2026-26119 Privilege Escalation Flaw in Windows Admin Center

Microsoft has addressed a high-severity security vulnerability in Windows Admin Center that could allow attackers to escalate privileges on affected systems. The flaw, tracked as CVE-2026-26119, carried a CVSS score of 8.8 out of 10, highlighting its potential risk to enterprise environments. About the Vulnerability Windows Admin Center is a locally deployed, browser-based management suite enabling administrators

Microsoft Fixes CVE-2026-26119 Privilege Escalation Flaw in Windows Admin Center Read More »

Critical Azure Bastion Flaw Allowed Attackers to Bypass Authentication and Escalate Privileges

A newly identified flaw in Azure Bastion, tracked as CVE 2025 49752, presents a serious security risk for organizations depending on the service for secure remote access. The vulnerability allows remote attackers to bypass authentication controls and escalate privileges to the administrative level. Since Azure Bastion is widely used to manage cloud based virtual machines,

Critical Azure Bastion Flaw Allowed Attackers to Bypass Authentication and Escalate Privileges Read More »

LinkPro Linux Rootkit Uses eBPF to Hide, Activates via Magic TCP Packets

An investigation into a compromise of Amazon Web Services, AWS, hosted infrastructure uncovered a new GNU/Linux rootkit named LinkPro, according to Synacktiv. The backdoor relies on two eBPF, extended Berkeley Packet Filter, modules for stealth and remote activation. The initial access vector was an exposed Jenkins server exploited via CVE-2024-23897, after which a malicious Docker

LinkPro Linux Rootkit Uses eBPF to Hide, Activates via Magic TCP Packets Read More »

Windows BitLocker Flaws Allow Attackers to Bypass Encryption Security

Microsoft has revealed two major security vulnerabilities in its Windows BitLocker encryption system that could let attackers with physical access bypass data protection and read encrypted files. The flaws, listed as CVE-2025-55338 and CVE-2025-55333, were disclosed on October 14, 2025, as part of Microsoft’s Patch Tuesday updates. Both issues are rated Important with a CVSS

Windows BitLocker Flaws Allow Attackers to Bypass Encryption Security Read More »