-
Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem. The extensions in question, which are still available for download, are listed below – ai-driven-dev.ai-driven-dev (3,402 downloads) adhamu.history-in-sublime-merge (4,057
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A surge in online casino spam is reshaping the dark corners of the internet, with threat actors increasingly hacking websites to embed malicious SEO-boosting links. This evolving tactic aims to promote online gambling sites by hijacking the authority of legitimate websites putting site owners and unsuspecting users alike at risk. Historically, blackhat SEO spam campaigns […]
The post Hackers Exploit Websites to Inject Malicious Links for SEO Manipulation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Three critical vulnerabilities in runc, the container runtime powering Docker, Kubernetes, and other containerization platforms.
These flaws could allow attackers to escape container isolation and gain root access to host systems. However, no active exploits have been detected yet.
The vulnerabilities leverage race mount conditions and procfs write redirects to break out of container boundaries.
Attackers need the ability to start containers with custom mount configurations, making malicious container images and Dockerfiles the primary attack vectors.
The Sysdig Threat Research Team analyzed all three vulnerabilities and provided detailed mitigation recommendations for affected organizations worldwide.
runc Vulnerabilities Lead to Container Isolation
CVE-2025-31133 exploits weaknesses in runc’s maskedPaths feature, which protects sensitive host files from container access.
By replacing /dev/null with a symlink during container creation, attackers can trick runc into mounting arbitrary host paths and writing to critical system files, such as /proc/sys/kernel/core_pattern, thereby enabling container escape.
CVE-2025-52565 targets the /dev/console mount operation during container initialization.
multiple vulnerabilities in runc Insufficient validation allows attackers to redirect mounts and gain write access to protected procfs files.
The attack succeeds because the mount happens before maskedPaths and readonlyPaths protections are correctly applied.
CVE-2025-52881 enables attackers to bypass Linux Security Module protections through race conditions with shared mounts.
Attackers can redirect runc writes to fake procfs files and manipulate dangerous system files such as/proc/sysrq-trigger or /proc/sys/kernel/core_pattern, potentially crashing systems or escaping from containers.
CVE ID Vulnerability Type Affected Versions Fixed Versions CVE-2025-31133 Container escape via maskedPaths abuse All known versions 1.2.8, 1.3.3, 1.4.0-rc.3+ CVE-2025-52565 Container escape via /dev/console mount races 1.0.0-rc3 and later 1.2.8, 1.3.3, 1.4.0-rc.3+ CVE-2025-52881 LSM bypass and arbitrary write gadgets All known versions 1.2.8, 1.3.3, 1.4.0-rc.3+ Affected Versions and Patches
CVE-2025-31133 and CVE-2025-52881 impact all known runc versions, while CVE-2025-52565 affects versions 1.0.0-rc3 and later.
All three vulnerabilities are patched in runc versions 1.2.8, 1.3.3, and 1.4.0-rc.3 or later.
Organizations using containerized environments should immediately update Runc to patched versions.
The Sysdig Threat Research Team recommends enabling user namespaces for all containers, which blocks critical attack vectors by restricting access to the procfs file system.
Using rootless containers further limits the scope of vulnerability. Cloud providers, including AWS, ECS, and EKS, released security updates on November 5, 2025.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical runc Vulnerabilities Put Docker and Kubernetes Container Isolation at Risk appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An extract from “The Enemy Inside, the Paragon Case, Spies and Regime Methods in Giorgia Meloni’s Italy” by Francesco Cancellato, published by Rizzoli on November 11, 2025. This surveillance system continues to expand its reach into opposition figures and political operatives. The discovery marks another chapter in what appears to be an increasingly systematic targeting […]
The post Italian Adviser Becomes Latest Target in Expanding Paragon Graphite Spyware Surveillance Case appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical remote code execution vulnerability in Monsta FTP, a popular web-based FTP client used by financial institutions and enterprises worldwide.
The flaw, now tracked as CVE-2025-34299, affects multiple versions of the software and has been exploited in the wild.
Monsta FTP is a browser-based file transfer client that allows users to manage files on remote servers without dedicated FTP software.
With at least 5,000 instances exposed on the internet, the platform serves a diverse user base, including financial organizations and large enterprises.
The Vulnerability and Patch Available
The security flaw enables attackers to achieve pre-authenticated remote code execution on vulnerable Monsta FTP servers.
WatchTowr Labs researchers discovered that despite developers adding extensive input validation functions in recent updates, critical vulnerabilities remained unpatched across multiple versions.
The attack works through a simple three-step process: An attacker tricks Monsta FTP into connecting to a malicious SFTP server. Downloads a crafted payload file.
Writes that file to an arbitrary path on the target server. This grants complete control over the vulnerable system.
CVE ID Vulnerability Type Affected Version Status Exploitation CVE-2025-34299 Remote Code Execution (RCE) Monsta FTP ≤ 2.11.2 Patched in v2.11.3 (Aug 26, 2025) Active exploitation in the wild The vulnerability affects versions 2.10.3 through 2.11, and researchers found that previously reported security flaws were never properly fixed.
WatchTower Labs Analysis revealed minimal code changes between versions 2.10.3 and 2.10.4, leaving known vulnerabilities intact with version updates.
Monsta FTP released version 2.11.3 on August 26, 2025, which addresses this critical vulnerability.
Organizations running Monsta FTP should immediately upgrade to the latest version to protect their systems.
The discovery highlights ongoing security challenges in web-based file management systems, particularly when legacy vulnerabilities persist despite multiple software updates.
The post Monsta web-based FTP Remote Code Execution Vulnerability Exploited appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security […]
The post APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Intel is pursuing legal action against a former software engineer who the company claims downloaded thousands of confidential files shortly after being fired in July. The incident highlights growing concerns about data security during workforce reductions and employee departures. The Incident Jinfeng Luo, who worked as a software developer at Intel since 2014, lived in […]
The post Ex-Intel Employee Hid 18,000 Sensitive Documents Prior to Leaving the Company appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical remote code execution vulnerability has been discovered in LangGraph’s checkpoint serialization library, affecting versions before 3.0. The flaw resides in the JsonPlusSerializer component, which is the default serialization protocol used for all checkpointing operations. This vulnerability (CVE-2025-64439) allows attackers to execute arbitrary Python code during the deserialization of malicious payloads. Attribute Details CVE […]
The post LangGraph Deserialization Flaw Enables Execution of Malicious Python Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Elastic has released a security advisory addressing a significant vulnerability in Elastic Defend that could allow attackers to escalate their privileges on Windows systems. The vulnerability, tracked as CVE-2025-37735, stems from improper preservation of file permissions in the Defend service and poses a serious risk to organizations relying on this endpoint protection platform. Field Details […]
The post Elastic Defend for Windows Vulnerability Allows Threat Actors to Gain Elevated Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Three critical vulnerabilities in runc, the widely-used container runtime that powers Docker and Kubernetes, have been disclosed, allowing attackers to break out of container isolation and gain root access to host systems. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, were revealed by a SUSE researcher on November 5, 2025. CVE ID Affected Versions Fixed […]
The post Hackers Abuse runc Tool to Escape Containers and Compromise Hosts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
