1. Local Privilege Escalation Vulnerability in Linux UDisks Daemon CVE-2025-8067, PoC Released
The UDisks daemon in Linux has a serious vulnerability (CVE-2025-8067, CVSS 8.5) that allows non-privileged users to exploit a negative index when creating loop devices via D-Bus, potentially leading to denial of service or local privilege escalation. It is recommended to update to the patched version udisks2 2.10.91 or 2.10.2 immediately. 【Read more: https://securityonline.info/cve-2025-8067-linux-privilege-escalation-flaw-found-in-udisks-daemon-poc-releases/】
2. High-Risk Vulnerabilities in MediaTek Chipsets Can Lead to Privilege Escalation or DoS Attacks, Affecting Phones, Tablets, and IoT Devices
MediaTek has disclosed several high-risk vulnerabilities in its chipsets, including three modem vulnerabilities that can be remotely exploited via malicious base stations, potentially leading to privilege escalation or denial of service. Medium-risk vulnerabilities require local system permissions. Users are advised to update their device firmware promptly to mitigate these vulnerabilities.
3. Prompt Injection Attacks: How to Bypass AI Agents Through User Input
Prompt injection attacks exploit the inability of AI systems to distinguish between commands and user input, manipulating AI behavior through carefully crafted inputs, posing a significant security threat. Attack types vary, including direct/indirect injection, obfuscation, and transformation, with varying detection difficulties. Defense requires a multi-layered strategy, such as input validation, multi-agent architecture, and adversarial training. Enterprises need to establish a comprehensive security framework to address this rapidly evolving threat.
4. Fleet Vulnerability CVE-2024-52284 Exposes Helm Sensitive Configurations in Plaintext
The Fleet tool from SUSE Rancher has a high-risk vulnerability CVE-2024-52284 (CVSS 7.7) that exposes sensitive Helm configurations in plaintext, potentially leaking credentials and keys. A patched version v0.14.0 has been released; it is recommended to upgrade immediately or adjust the Helm configuration file path to reduce risk.
5. Microsoft Clarifies: Windows 11 24H2 August Security Update Not Related to SSD/HDD Failures
Microsoft clarified that the Windows 11 24H2 security update is not related to hard drive failures, confirming no association through investigation, but still advises users to back up data and update cautiously.
6. Citrix Zero-Day Vulnerability Under Long-Term Exploitation, Exposing High-Risk to Global Government and Enterprise Systems
The critical zero-day vulnerability CVE-2025-6543 in Citrix NetScaler has been exploited since May 2025, allowing remote code execution and leading to large-scale intrusions in global organizations. Attackers exploit malicious certificates to overwrite memory and steal credentials to infiltrate internal networks. Experts recommend immediate checks for signs of intrusion and applying patches; CISA has listed it in the known exploited vulnerabilities directory.
7. Salesloft OAuth Vulnerability Scope Significantly Increased, Affecting All Integrated Applications
Google has warned that attacks on the Salesloft Drift platform affect all integrated applications, advising the revocation of related authentication tokens. Attackers stole OAuth tokens to access some Google Workspace emails but did not breach Google’s systems. Google has revoked tokens and disabled integrations, urging enterprises to check third-party applications. Salesforce has temporarily disabled related integrations, with no evidence of malicious activity found so far.
8. SilverFox APT Group Escalates Attacks, Using Legitimate Drivers to Bypass EDR and Antivirus Software
The SilverFox APT group is exploiting an undisclosed vulnerability driver (amsdk.sys) to attack Windows 10/11, bypassing EDR/AV protections. By releasing the driver through a loader, they terminate over 190 security processes and inject the ValleyRAT backdoor. Attackers modify the driver timestamp to bypass hash detection, highlighting the trend of legitimate signed drivers being abused.
9. NeuVector Critical Vulnerability Could Lead to Complete Takeover of Kubernetes Clusters
The NeuVector container security platform has a high-risk vulnerability CVE-2025-8077 (CVSS 9.8), where versions 5.4.5 and earlier have hardcoded default passwords that could allow complete control over Kubernetes clusters; immediate upgrade to version 5.4.6 or manual password modification is required.
10. Rancher Manager Denial of Service Vulnerability Allows Unauthorized Attackers to Crash Servers
The SUSE Rancher Manager has a high-risk vulnerability CVE-2024-58259 (CVSS 8.2), where both unauthorized and authorized attackers can cause a DoS by sending oversized requests. A patched version has been released, and a 1MiB request limit has been set; immediate upgrade or manual configuration for protection is recommended.