Froxlor has Incomplete Symlink Validation in DataDump.add() Allows Arbitrary Directory Ownership Takeover via Cron

Summary DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other customer-facing path operations likely as the fix for CVE-2023-6069. When the...

BadSuccessor Exploits Windows Server 2025 Flaw for Full AD Takeover

Akamai researchers reveal a critical flaw in Windows Server 2025 dMSA feature that allows attackers to compromise any…...