CyberSecurity news
FlagThis
Field Effect@Blog
//
Multiple security vulnerabilities are being actively exploited across various systems, posing significant risks to organizations and individuals. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Linux Kernel vulnerability to its Known Exploited Vulnerabilities catalog, emphasizing the urgency of addressing this flaw. Furthermore, researchers have uncovered a vulnerability chain affecting a wide range of Linux distributions that could allow an unprivileged user to gain full root access. These vulnerabilities, CVE-2025-6018 and CVE-2025-6019, reside in the Pluggable Authentication Modules (PAM) configuration and libblockdev, respectively.
Proof-of-concept (POC) code has been published for the Linux vulnerability chain, raising the potential for widespread exploitation. The libblockdev flaw is exploitable through the udisks daemon, a tool commonly deployed in Linux distributions such as Ubuntu, Debian, Fedora, openSUSE, Arch Linux, and Red Hat Enterprise Linux (RHEL). In addition to Linux vulnerabilities, there is also an increase in infostealer malware such as Lumma Stealer with new rules being added to detect associated command and control (CnC) domains. This highlights the diverse and evolving nature of cyber threats.
The constant discovery and exploitation of vulnerabilities underscore the critical importance of timely patching and robust security awareness. Organizations are advised to prioritize patching the Linux Kernel flaw added to CISA's Known Exploited Vulnerabilities catalog, as well as the vulnerability chain affecting multiple Linux distributions. In addition to addressing Linux flaws, organizations need to also protect themselves from a range of malware, including the Lumma Stealer. The Cybersecurity community continues to identify and address many more vulnerabilities in a range of products including Apple products, TP-Link routers and Zyxel products. Regular security audits and proactive threat hunting are also essential for mitigating risks and maintaining a strong security posture.
References :
Proof-of-concept (POC) code has been published for the Linux vulnerability chain, raising the potential for widespread exploitation. The libblockdev flaw is exploitable through the udisks daemon, a tool commonly deployed in Linux distributions such as Ubuntu, Debian, Fedora, openSUSE, Arch Linux, and Red Hat Enterprise Linux (RHEL). In addition to Linux vulnerabilities, there is also an increase in infostealer malware such as Lumma Stealer with new rules being added to detect associated command and control (CnC) domains. This highlights the diverse and evolving nature of cyber threats.
The constant discovery and exploitation of vulnerabilities underscore the critical importance of timely patching and robust security awareness. Organizations are advised to prioritize patching the Linux Kernel flaw added to CISA's Known Exploited Vulnerabilities catalog, as well as the vulnerability chain affecting multiple Linux distributions. In addition to addressing Linux flaws, organizations need to also protect themselves from a range of malware, including the Lumma Stealer. The Cybersecurity community continues to identify and address many more vulnerabilities in a range of products including Apple products, TP-Link routers and Zyxel products. Regular security audits and proactive threat hunting are also essential for mitigating risks and maintaining a strong security posture.
Share:
References :
- Blog: Researchers published proof-of-concept (POC) code for an attack chaining two local privilege escalation (LPE) vulnerabilities affecting a wide range of Linux distributions.
- securityaffairs.com: U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel vulnerability to its Known Exploited Vulnerabilities catalog.
Classification:
- HashTags: #activeexploitation #vulnerabilities #cybersecurity
- Feature: active exploitation
- Malware: Lumma Stealer
- Type: Vulnerability
- Severity: Major