privilege escalation attack

From Cyber Security News – 2-year-old Windows Kernel 0-day Vulnerability Exploited in the Wild

Microsoft has patched a critical Windows Kernel vulnerability that has been actively exploited for nearly two years. The vulnerability, tracked as CVE-2025-24983, was included in the company’s March 2025 Patch…

shaikh Saqib March 13, 2025

News

From Cyber Security News – AMD Microcode Signature Verification Vulnerability Let Attackers Load Malicious Patches

Security researchers have uncovered a critical vulnerability in AMD Zen CPUs that allows attackers with elevated privileges to load malicious microcode patches, bypassing cryptographic signature checks. Dubbed “EntrySign,” this flaw…

shaikh Saqib March 7, 2025

News

From Cyber Security News – HiveOS Vulnerabilities Let Attackers Execute Arbitrary Commands

Security researchers have uncovered three critical vulnerabilities in Extreme Networks’ IQ Engine (HiveOS) that collectively enable authenticated attackers to escalate privileges, decrypt passwords, and execute arbitrary commands on affected systems. …

shaikh Saqib March 3, 2025

News

From Cyber Security News – Windows Hyper-V NT Kernel Vulnerability Let Attackers Gain SYSTEM Privileges – PoC Released

Threat actors have actively exploited CVE-2025-21333, a critical vulnerability in Microsoft’s Windows Hyper-V NT Kernel Integration Virtual Service Provider (VSP). This heap-based buffer overflow vulnerability allows local attackers to escalate…

shaikh Saqib March 3, 2025

News

From Cyber Security News – Parallels Desktop 0-Day Vulnerability Gain Root Privileges – PoC Released

A critical 0-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed, enabling local attackers to escalate privileges to root-level access on macOS systems. All versions of Parallels Desktop,…

shaikh Saqib February 24, 2025

News

From Cyber Security News – PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability

Security researchers have released proof-of-concept (PoC) exploit code for CVE-2025-20029, a high-severity command injection vulnerability affecting F5’s BIG-IP application delivery controllers. The flaw, which carries a CVSS v3.1 score of…

shaikh Saqib February 24, 2025

News

From Cyber Security News – 90,000 WordPress Sites Vulnerable to Local File Inclusion Attacks

A severe security flaw in the Jupiter X Core plugin for WordPress exposed over 90,000 websites to Local File Inclusion (LFI) and Remote Code Execution (RCE) attacks. The vulnerability tracked as CVE-2025-0366…

shaikh Saqib February 19, 2025

News

From Cyber Security News – AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code

A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen™ Master Utility, a software tool designed to optimize the performance of AMD Ryzen™ processors. The vulnerability,…

shaikh Saqib February 14, 2025

News

From Cyber Security News – ZeroLogon Ransomware Exploit Active Directory Vulnerability To Gain Domain Controller Access

A significant threat has emerged in the form of the ZeroLogon ransomware exploit. This exploit targets a critical vulnerability in Microsoft’s Active Directory, specifically affecting domain controllers. The vulnerability, known…

shaikh Saqib February 12, 2025

News

From Security Week – Ivanti, Fortinet Patch Remote Code Execution Vulnerabilities

[[{"value":"Ivanti and Fortinet on Tuesday released patches for multiple critical- and high-severity vulnerabilities in their products. The post Ivanti, Fortinet Patch Remote Code Execution Vulnerabilities appeared first on SecurityWeek."}]] Read More

shaikh Saqib February 12, 2025