Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life.
Cisco has released patches for a high-severity Integrated Management Controller (IMC) vulnerability with public exploit code that can let local attackers escalate privileges to root.
Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day.
Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).
The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system.
Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices.
A new Linux NetFilter kernel flaw has been discovered, allowing unprivileged local users to escalate their privileges to root level, allowing complete control over a system.
Citrix Systems has released security updates for vulnerabilities in its Virtual Apps and Desktops, and Workspace Apps products.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen vulnerabilities to its catalog of Known Exploited Vulnerabilities and is ordering federal agencies to follow vendor's instructions to fix them.
CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild.
Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges.
Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations.
VMware warned customers today to immediately patch a critical authentication bypass vulnerability "affecting local domain users" in multiple products that can be exploited to obtain admin privileges.
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new security flaws to its list of actively exploited bugs, including a local privilege escalation bug in the Windows Print Spooler.
The Cybersecurity and Infrastructure Security Agency (CISA) has added ten new security bugs to its list of actively exploited vulnerabilities, including a high severity local privilege escalation bug in the Windows Common Log File System Driver.
A Windows local privilege escalation zero-day vulnerability that Microsoft has failed to fully address for several months now, allows users to gain administrative privileges in Windows 10, Windows 11, and Windows Server.
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch their systems against an actively exploited Windows vulnerability that enables attackers to gain SYSTEM privileges.
Slovak internet security firm ESET released security fixes to address a high severity local privilege escalation vulnerability affecting multiple products on systems running Windows 10 and later or Windows Server 2016 and above.
Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains.
A local privilege escalation security vulnerability could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component.