Exploit Published for Sudo CVE-2025-32463 Urgent Patch Needed
A public PoC exploit for CVE-2025-32463 in Sudo has been released, enabling local privilege escalation to root. Linux users are urged to update to Sudo 1.9.16p1.
Category: LATEST
Read More
Signal Urges Germany Not to “Capitulate” to Client-Side Scanning
Signal has called on Germany to reject the EU’s chat control proposal, warning that client-side scanning would break encryption, facilitate surveillance, and undermine trust in private communication.
CVE-2025-61882: Oracle’s Emergency Patch After Cl0p Exploits
A zero-day vulnerability in Oracle E-Business Suite, CVE-2025-61882, has been actively exploited by Cl0p in data theft campaigns. Oracle’s emergency patch addresses unauthenticated remote code execution in the BI Publisher integration component.
Sora Update: Creator Control and Revenue Models for Characters
OpenAI plans to give content owners greater control over how their characters appear in Sora, moving toward an opt-in model and instituting revenue-sharing for participating rights holders.
ICS Calendar XSS Risk: New Zimbra Zero-Day Exploit Revealed
Researchers discovered a zero-day in Zimbra webmail where malicious JavaScript injected into .ICS calendar files executes within session context — allowing attackers to steal emails, credentials, and forward mail.
CometJacking Turns Browser Sessions into Covert Proxy Channels
CometJacking abuses browser WebSockets to hijack user connections, turning them into proxy nodes with a single click. The exploit marks a new wave of malware-less attacks that rely on web technologies rather than traditional payloads.
How Detour Dog Exploits DNS TXT for Advanced Malware Delivery
Detour Dog has transitioned into DNS-powered malware operations. Its latest campaign distributes Strela Stealer through TXT-encoded commands and modular backdoors. This evolution marks a new wave of protocol abuse challenging traditional network defense.
CVE-2025-10547: DrayOS WebUI Flaw Allows Hackers Full Control
CVE-2025-10547, a vulnerability in DrayOS routers, can lead to remote code execution via the WebUI. Administrators should patch and disable external access immediately.
Signal Warns It’ll Withdraw From EU Under Chat Control
Signal has stated it may quit the European market if the EU forces apps to scan private messages under Chat Control, citing encryption and privacy concerns.
Microsoft Outlook Disables Inline SVG Support Amid Security Risks
Microsoft Outlook has disabled inline SVG image rendering after attackers exploited the feature in phishing campaigns, marking another step in tightening email security.