Security News

SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
2025-05-08 13:56

SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution. The...

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
2025-05-08 04:57

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a...

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
2025-04-04 12:28

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back...

WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback
2025-03-13 07:08

Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. "On...

Exploits for unpatched Parallels Desktop flaw give root on Macs
2025-02-24 15:48

Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices. [...]

Palo Alto firewalls under attack as miscreants chain flaws for root access
2025-02-19 00:15

If you want to avoid urgent patches, stop exposing management consoles to the public internet A flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two...

Critical Cisco ISE bug can let attackers run commands as root
2025-02-06 16:40

Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root. [...]

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
2025-02-06 07:40

Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on...

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
2024-11-20 19:04

Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. [...]

Cisco bug lets hackers run commands as root on UWRB access points
2024-11-06 19:34

Cisco has fixed a maximum severity vulnerability that allows attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points that provide...