1010.cx

1010.cx

/

Archive

/

Category: Cyber Security News

  • PoC Released for Linux-PAM Vulnerability Enabling Local Root Privilege Escalation

    A new proof-of-concept (PoC) has been released for a serious vulnerability tracked as CVE-2025-8941, affecting the Pluggable Authentication Modules (PAM) used across Linux distributions. The flaw, rated 7.8 (High) on the CVSS scale, allows local attack…

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Canva Down – Suffers Global Outage, Leaving Millions of Users Unable to Access Platform

    Canva, the popular graphic design platform, is reeling from a widespread outage that has rendered its services inaccessible to millions of users worldwide. As of 19:16 AEDT (02:46 IST), the platform’s status page reports “significantly increased error rates” impacting nearly all functionalities, with no clear timeline for restoration. The disruption, linked to a broader Amazon […] The post Canva Down – Suffers Global Outage, Leaving Millions of Users Unable to Access Platform appeared first on Cyber Security News.

    ·

    ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability

    A proof-of-concept (PoC) exploit has been released for a critical vulnerability in Microsoft’s Windows Server Update Services (WSUS), enabling unauthenticated attackers to execute remote code with SYSTEM privileges on affected servers. Dubbed CVE-2025-59287 and assigned a CVSS v3.1 score of 9.8, the flaw stems from unsafe deserialization of untrusted data in WSUS’s AuthorizationCookie handling. Disclosed […] The post PoC Exploit Released for Windows Server Update Services Remote Code Execution Vulnerability appeared first on Cyber Security News.

    ·

    ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • New DefenderWrite Tool Let Attackers Inject Malicious DLLs into AV Executable Folders

    A new tool called DefenderWrite exploits whitelisted Windows programs to bypass protections and write arbitrary files into antivirus executable folders, potentially enabling malware persistence and evasion. Developed by cybersecurity expert Two Seven One Three, the tool demonstrates a novel technique for penetration testers and red teams to drop payloads in highly protected locations without needing […] The post New DefenderWrite Tool Let Attackers Inject Malicious DLLs into AV Executable Folders appeared first on Cyber Security News.

    ·

    ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Windows 11 24H2/25H2 Update Breaks Mouse and Keyboard in Recovery Mode

    Microsoft’s latest cumulative update for Windows 11, KB5066835, is causing significant disruptions for users, most notably by rendering USB keyboards and mice useless within the Windows Recovery Environment (WinRE). The patch, released on October 14, 2…

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Volkswagen Allegedly Hacked in Ransomware Attack as 8Base Claims Data Leak

    Volkswagen Group is investigating claims from the 8Base ransomware group, which asserts it has stolen sensitive company data. While the German automaker has stated that its core IT systems are secure, its response leaves open the possibility of a breac…

    ·

    , , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • PoC Exploit Released for Linux-PAM Vulnerability Allowing Root Privilege Escalation

    A high-severity vulnerability in the Pluggable Authentication Modules (PAM) framework was assigned the identifier CVE-2025-8941. This vulnerability stems from the heart of Linux operating systems, enabling attackers with local access to exploit symlink attacks and race conditions for full root privilege escalation. Root access, the ideal of control in Unix-like environments, could open doors to […] The post PoC Exploit Released for Linux-PAM Vulnerability Allowing Root Privilege Escalation appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • WatchGuard VPN Vulnerability Let Remote Attacker Execute Arbitrary Code

    WatchGuard has disclosed a critical out-of-bounds write vulnerability in its Fireware OS, enabling remote unauthenticated attackers to execute arbitrary code via IKEv2 VPN connections. Designated CVE-2025-9242 under advisory WGSA-2025-00015, the flaw carries a CVSS 4.0 score of 9.3, highlighting its potential for high-impact exploitation on Firebox appliances. Published on September 17, 2025, and updated two […] The post WatchGuard VPN Vulnerability Let Remote Attacker Execute Arbitrary Code appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Volkswagen Allegedly Hit by Ransomware Attack as 8Base Claims Sensitive Data Theft

    Volkswagen Group has issued a statement addressing claims by the ransomware group 8Base, which alleges it has stolen and leaked sensitive data from the automaker. The German carmaker maintains that its core IT infrastructure remains unaffected; however, the company’s vague response leaves questions about the full scope of the incident and raises concerns about a […] The post Volkswagen Allegedly Hit by Ransomware Attack as 8Base Claims Sensitive Data Theft appeared first on Cyber Security News.

    ·

    , , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶

  • Windows 11 24H2/25H2 Update Blocks Mouse and Keyboard in Recovery Mode

    Microsoft’s latest security update has rendered USB keyboards and mice inoperable within the Windows Recovery Environment (WinRE). Released on October 14, 2025, as KB5066835 for OS Build 26100.6899, the patch affects Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025. The glitch emerged shortly after installation, leaving users unable to navigate recovery […] The post Windows 11 24H2/25H2 Update Blocks Mouse and Keyboard in Recovery Mode appeared first on Cyber Security News.

    ·

    , ,

    ¶¶¶¶¶

    ¶¶¶¶¶

    ¶¶¶¶¶