Read Time:26 Second

FEDORA-EPEL-2025-ae12e02519

Packages in this update:

rust-below-0.9.0-1.el8

Update description:

A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.

https://www.cve.org/CVERecord?id=CVE-2025-27591
https://github.com/facebookincubator/below/security/advisories/GHSA-9mc5-7qhg-fp3w

HNS-2025-10 – HN Security Advisory – Local privilege escalation in Zyxel uOS

Posted by Marco Ivaldi on Apr 23 Hi, Please find attached a security advisory that describes some vulnerabilities we discovered...

April 24, 2025

APPLE-SA-04-16-2025-4 visionOS 2.4.1

Posted by Apple Product Security via Fulldisclosure on Apr 23 APPLE-SA-04-16-2025-4 visionOS 2.4.1 visionOS 2.4.1 addresses the following issues. Information...

April 24, 2025

APPLE-SA-04-16-2025-3 tvOS 18.4.1

Posted by Apple Product Security via Fulldisclosure on Apr 23 APPLE-SA-04-16-2025-3 tvOS 18.4.1 tvOS 18.4.1 addresses the following issues. Information...

April 24, 2025

APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1

Posted by Apple Product Security via Fulldisclosure on Apr 23 APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1 macOS Sequoia 15.4.1 addresses the following...

April 24, 2025

APPLE-SA-04-16-2025-1 iOS 18.4.1 and iPadOS 18.4.1

Posted by Apple Product Security via Fulldisclosure on Apr 23 APPLE-SA-04-16-2025-1 iOS 18.4.1 and iPadOS 18.4.1 iOS 18.4.1 and iPadOS...

April 24, 2025

Business Logic Flaw: Price Manipulation – AlegroCartv1.2.9

Posted by Andrey Stoykov on Apr 23 # Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9 # Date: 04/2025...

April 24, 2025

Smashing Security podcast #414: Zoom.. just one click and your data goes boom!

DOGE Worker’s Code Supports NLRB Whistleblower

Regulating AI Behavior with a Hypervisor

Verizon’s DBIR Reveals 34% Jump in Vulnerability Exploitation

FBI Reveals “Staggering” $16.6bn Lost to Cybercrime in 2024

Vulnerability Exploitation and Credential Theft Now Top Initial Access Vectors

US Data Breach Victim Count Surges 26% Annually

M&S Grapples with Cyber Incident Affecting In-Store Services

Dutch Warn of “Whole of Society” Russian Cyber-Threat

rust-below-0.9.0-1.el8

FEDORA-EPEL-2025-ae12e02519

Packages in this update:

Update description:

HNS-2025-10 – HN Security Advisory – Local privilege escalation in Zyxel uOS

APPLE-SA-04-16-2025-4 visionOS 2.4.1

APPLE-SA-04-16-2025-3 tvOS 18.4.1

APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1

APPLE-SA-04-16-2025-1 iOS 18.4.1 and iPadOS 18.4.1

Business Logic Flaw: Price Manipulation – AlegroCartv1.2.9