CVE-2024-22036

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher...

Siemens RUGGEDCOM APE1808 Multiple Vulnerabilities in Fortigate NGFW

The RUGGEDCOM APE1808 is a powerful utility-grade application hosting platform that allows you to deploy a range of commercial applications for edge computing and network security in harsh industrial environments. Siemens RUGGEDCOM APE1808 Fortigate NGFW has multiple vulnerabilities that can be...

ARCeR: an Agentic RAG for the Automated Definition of Cyber Ranges

The growing and evolving landscape of cybersecurity threats necessitates the development of supporting tools and platforms that allow for the creation of realistic IT environments operating within virtual, controlled settings as Cyber Ranges CRs. CRs can be exploited for analyzing vulnerabilities...

The Evolution of Zero Trust Architecture (ZTA) from Concept to Implementation

Zero Trust Architecture ZTA is one of the paradigm changes in cybersecurity, from the traditional perimeter-based model to perimeterless. This article studies the core concepts of ZTA, its beginning, a few use cases and future trends. Emphasising the always verify and least privilege access, some...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware

Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...

Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and IBM Java may affect IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V

Summary IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and IBM Java. The flaws can lead to denial of service, sensitive information exposure, memory resource...

Incomplete Patch Leaves NVIDIA and Docker Users at Risk

NVIDIA's incomplete security patch, combined with a Docker vulnerability, creates a serious threat for organizations using containerized environments. This article explains the risks and mitigation strategies...

CVE-2025-32728

In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding...

Azure Linux 3.0 Security Update: cifs-utils (CVE-2025-2312)

The version of cifs-utils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2312 advisory. - A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from...

USN-7429-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Drivers core; - HID subsystem; - Network drivers; - SCSI subsystem; - SuperH / SH-Mobile drivers; - File systems...

CBL Mariner 2.0 Security Update: cifs-utils (CVE-2025-2312)

The version of cifs-utils installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-2312 advisory. - A flaw was found in cifs-utils. When trying to obtain Kerberos credentials, the cifs.upcall program from...

cifs.upcall makes an upcall to the wrong namespace in containerized environments

...

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2025-24514, CVE-2025-1097, CVE-2025-1098)

Summary IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities where a user that can create or update Ingress objects can use the nginx.ingress.kubernetes.io/auth-url annotation CVE-2025-24514 or the nginx.ingress.kubernetes.io/auth-tls-match-cn...

Dell Unity OS Command Injection Vulnerability (CNVD-2025-06616)

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...

USN-7406-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Network namespace; - Networking core; CVE-2024-26928, CVE-2024-56658,...

What’s New in Rapid7 Products & Services: Q1 2025 in Review

At Rapid7, we started off the year focused on delivering new features and advancements across our products and services to bring you the context needed to prioritize exposures, visualize your attack surface, and accelerate incident response. Read on for Q1 2025 release highlights across the Comma...

CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims

Cloud environments at risk: Attackers target weak PostgreSQL instances with fileless cryptominer payloads...

Citrix Director: Infrastructure Monitoring - Incorrect PVS Site Name displayed

Wen admin checks Director Infrastructure Monitoring Provisioning Service; incorrect PVS Site Name maight be displayed in multi-site environemnts. Director displays the same Site Name and Site ID for all servers from the same PVS Farm and different PVS Sites. You cannot select other correct PVS...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

Testing any tomcat version to see whether that version is vuln...

Dell Unity 操作系统命令注入漏洞

Dell Unity is a set of virtual Unity storage environments from Dell USA. An OS command injection vulnerability exists in Dell Unity 5.4 and earlier versions, which can be exploited by an attacker to execute arbitrary operating system commands on the system...