Sudo versions 1.9.14 to 1.9.17 (inclusive) have two critical vulnerabilities:

• local privilege escalation via chroot option (CVE-2025-32463) https://www.openwall.com/lists/oss-security/2025/06/30/3
• local privilege escalation via host option (CVE-2025-32462) https://www.openwall.com/lists/oss-security/2025/06/30/2

#cve_2025_32463 #cve_2025_32462 #infosec #cybersecurity

In case you missed it — June brought major milestones across the Linux Foundation community.
Global recognition was earned, impactful research was released, and new collaborations were launched across open source.

📬 Read the newsletter: https://www.linuxfoundation.org/blog/linux-foundation-newsletter-june-2025
🎥 Watch the full recap

#LinuxFoundation #OpenSource #OSSNA #CyberSecurity #AI

A prolific hacking group known as Scattered Spider is targeting the transportation sector, including airlines, the FBI and cybersecurity firms say. Read about it @Techcrunch:

https://flip.it/HBIQRq

#Tech #CyberSecurity #Hacking #Internet

#HawaiianAirlines discloses #cyberattack, flights not affected

https://www.bleepingcomputer.com/news/security/hawaiian-airlines-discloses-cyberattack-flights-not-affected/

#travel #cybersecurity

Ex-student charged over hacking university for cheap parking, data breaches

https://www.bleepingcomputer.com/news/security/ex-student-charged-over-hacking-university-for-cheap-parking-data-breaches/

#cybersecurity #Australia #WSU #DataBreach #cybercrime

#CitrixBleed2 flaw now believed to be exploited in attacks

https://www.bleepingcomputer.com/news/security/citrix-bleed-2-flaw-now-believed-to-be-exploited-in-attacks/

#cybersecurity #Citrix #NetScaler

The Age of Integrity

https://www.schneier.com/blog/archives/2025/06/the-age-of-integrity.html

#cybersecurity #AI

Man pleads guilty to hacking networks to pitch security services

https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-networks-to-pitch-security-services/

#cybercrime #cybersecurity

#ScatteredSpider hackers shift focus to #aviation, #transportation firms

https://www.bleepingcomputer.com/news/security/scattered-spider-hackers-shift-focus-to-aviation-transportation-firms/

#cybersecurity

Store passports, #WiFi codes, #SSH keys and more in #ProtonPass

https://proton.me/blog/password-manager-custom-item-management

#Proton #cybersecurity #FOSS #PasswordManager

#WholeFoods supplier #UNFI restores core systems after #cyberattack

https://www.bleepingcomputer.com/news/security/whole-foods-supplier-unfi-restores-core-systems-after-cyberattack/

#cybersecurity #food #groceries

#Brother #printer bug in 689 models exposes default admin passwords

https://www.bleepingcomputer.com/news/security/brother-printer-bug-in-689-models-exposes-default-admin-passwords/

#cybersecurity

#Cisco warns of max severity RCE flaws in Identity #ServicesEngine

https://www.bleepingcomputer.com/news/security/cisco-warns-of-max-severity-rce-flaws-in-identity-services-engine/

#cybersecurity

What is #smishing?

https://proton.me/blog/smishing

#cybersecurity #privacy #phishing

⏳ The countdown is on!

Only a few days left to get 25% off Cryptomator (one-time purchase) and 25% off Cryptomator Hub (first year).

☀️ Offer ends June 30!

Secure your data now – for yourself or your entire team.

🔗 https://cryptomator.org/blog/2025/06/01/summer-sale/?utm_source=mastodon&utm_medium=social&utm_campaign=summer-sale-2025-reminder-2

#SummerSale #Cryptomator #CyberSecurity #DataPrivacy #Encryption #SecureYourCloud #LastChance

#Microsoft365 'Direct Send' abused to send #phishing as internal users

https://www.bleepingcomputer.com/news/security/microsoft-365-direct-send-abused-to-send-phishing-as-internal-users/

#Microsoft #cybersecurity

#CISA: #AMI #MegaRAC bug enabling server hijacks exploited in attacks

https://www.bleepingcomputer.com/news/security/cisa-ami-megarac-bug-that-lets-hackers-brick-servers-now-actively-exploited/

#cybersecurity

#FBI Warning on #IoT Devices: How to Tell If You Are Impacted

https://www.eff.org/deeplinks/2025/06/fbi-warning-iot-devices-how-tell-if-you-are-impacted

#cybersecurity

Hackers turn #ScreenConnect into #malware using #Authenticode stuffing

https://www.bleepingcomputer.com/news/security/hackers-turn-screenconnect-into-malware-using-authenticode-stuffing/

#cybersecurity #ConnectWise

Hackers abuse #Microsoft #ClickOnce and #AWS services for stealthy attacks

https://www.bleepingcomputer.com/news/security/oneclik-attacks-use-microsoft-clickonce-and-aws-to-target-energy-sector/

#cybersecurity #Amazon

New wave of ‘fake interviews’ use 35 #npm packages to spread #malware

https://www.bleepingcomputer.com/news/security/new-wave-of-fake-interviews-use-35-npm-packages-to-spread-malware/

#cybersecurity #NorthKorea #JobHunting

"The FBI listed some indicators of compromise (IoCs) in the PSA for consumers to tell if they were impacted. But the average person isn’t running network detection infrastructure in their homes, and cannot hope to understand what IoCs can be used to determine if their devices generate “unexplained or suspicious Internet traffic.” Here, we will attempt to help give more comprehensive background information about these IoCs. If you find any of these on devices you own, then we encourage you to follow through by contacting the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov.

The FBI lists these IoC:

• The presence of suspicious marketplaces where apps are downloaded.

• Requiring Google Play Protect settings to be disabled.

• Generic TV streaming devices advertised as unlocked or capable of accessing free content.

• IoT devices advertised from unrecognizable brands.

• Android devices that are not Play Protect certified.

• Unexplained or suspicious Internet traffic.

The following adds context to above, as well as some added IoCs we have seen from our research."

https://www.eff.org/deeplinks/2025/06/fbi-warning-iot-devices-how-tell-if-you-are-impacted

#CyberSecurity #Privacy #IoT #SmartObjects #InternetOfThings

#Citrix warns of #NetScaler vulnerability exploited in DoS attacks

https://www.bleepingcomputer.com/news/security/citrix-warns-of-netscaler-vulnerability-exploited-in-dos-attacks/

#cybersecurity

#WinRAR patches bug letting #malware launch from extracted archives

https://www.bleepingcomputer.com/news/security/winrar-patches-bug-letting-malware-launch-from-extracted-archives/

#cybersecurity

New '#CitrixBleed 2' #NetScaler flaw let hackers hijack sessions

https://www.bleepingcomputer.com/news/security/new-citrixbleed-2-netscaler-flaw-let-hackers-hijack-sessions/

#cybersecurity #Citrix #NetScaler