As an avid daily reader of TLDR Information Security I benefit twofold. First, I gain interesting insights and recommendations regarding launches and tools, where I first learned about OctoSQL. Second, concerning vulnerability details inevitably land in my inbox on a near daily basis. Aside from my recommendation to join the TLDR InfoSec mailing list, diary readers also benefit twofold…
The Qualys Threat Research Unit (TRU) has discovered two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities. The first (CVE-2025-5054) affects Ubuntu’s core-dump handler, Apport, and the second (CVE-2025-4598) targets systemd-coredump, which is the default core-dump handler on Red Hat Enterprise Linux 9 and the recently released 10, as well as on Fedora….
Compliance isn’t optional. But it’s never been more complex. The rise of containers has revolutionized modern infrastructure—enabling faster innovation and greater scalability. But with this transformation comes a new wave of compliance challenges. PCI DSS 4.0 introduces stricter requirements for both vulnerability management and file integrity monitoring (FIM) in dynamic environments like Kubernetes and containerized…
Changes and updates Update Tor Browser to 14.5.3. Update the Linux kernel to 6.1.140. For more details, read our changelog. Get Tails 6.16 To upgrade your Tails USB stick and keep your Persistent Storage Automatic upgrades are available from Tails 6.0 or later to 6.16. If you cannot do an automatic upgrade or if Tails…
#!/usr/bin/env python3 # Exploit Title: Laravel Pulse 1.3.1 – Arbitrary Code Injection # Author: Mohammed Idrees Banyamer (@banyamer_security) # GitHub: https://github.com/mbanyamer # Date: 2025-06-06 # Tested on: Laravel Pulse v1.2.0 / Ubuntu 22.04 / Apache2 # CVE: CVE-2024-55661 # Type: Remote Code Execution (via Arbitrary Code Injection) # Platform: PHP (Laravel Livewire) # Author Country:…
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. Source link
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. Source link
Last updated at Fri, 06 Jun 2025 20:17:22 GMT At Rapid7, we’re pushing the boundaries on what a cybersecurity company can be as we work to build a more secure digital future. In a field where the threat landscape continues to evolve, continuous learning and the development of our people becomes an engine for company…
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. Source link
Research by: Jaromír Hořejší (@JaromirHorejsi) Key Points AI media generation is a significant trend in how we use the Internet in 2025. Kling AI is a widely used platform, with 6 million users since its launch in June 2024. A threat actor mimicked Kling AI and drove traffic to a convincing fake website via counterfeit Facebook pages…
