Deepthi Talasila’s Post

A publicly available proof-of-concept (PoC) exploit has been released for CVE-2025-32463, a local privilege escalation (LPE) flaw in the Sudo utility that can grant root access under specific configurations. Security researcher Rich Mirch is credited with identifying the weakness, while a functional PoC and usage guide have been published in an open GitHub repository, accelerating the urgency for patching across Linux environments that rely on Sudo’s chroot functionality. Stay connected to Aashay Gupta, CISM, GCP for content related to Cybersecurity.   #LinkedIn #Cybersecurity #Cloudsecurity #AWS #Cyberthreats https://lnkd.in/e-N8-ymg

A publicly available proof-of-concept (PoC) exploit has been released for CVE-2025-32463, a local privilege escalation (LPE) flaw in the Sudo utility that can grant root access under specific configurations. Security researcher Rich Mirch is credited with identifying the weakness, while a functional PoC and usage guide have been published in an open GitHub repository, accelerating the urgency for patching across Linux environments that rely on Sudo’s chroot functionality. Please follow Abhishek Chatrath  for such content. #LinkedIn #Cybersecurity #Cloudsecurity #AWS #GoogleCloud #Trends #informationprotection #Cyberthreats #cloudsecurity #SiteReliabilityEngineer #cybersecurity #appsec #devsecops #CI_CD #IaC #KubernetesSecurity #Zerotrust #Securitybydesign #Azure #Datasecurity #DevSecOps #DevOps #Development #CloudEngineering #Observability #SitereliabilityEngineering #SRE https://lnkd.in/esXY2WpD

A publicly available proof-of-concept (PoC) exploit has been released for CVE-2025-32463, a local privilege escalation (LPE) flaw in the Sudo utility that can grant root access under specific configurations. Security researcher Rich Mirch is credited with identifying the weakness, while a functional PoC and usage guide have been published in an open GitHub repository, accelerating the urgency for patching across Linux environments that rely on Sudo’s chroot functionality. Please follow Abhishek Chatrath  for such content. #LinkedIn #Cybersecurity #Cloudsecurity #AWS #GoogleCloud #Trends #informationprotection #Cyberthreats #cloudsecurity #SiteReliabilityEngineer #cybersecurity #appsec #devsecops #CI_CD #IaC #KubernetesSecurity #Zerotrust #Securitybydesign #Azure #Datasecurity #DevSecOps #DevOps #Development #CloudEngineering #Observability #SitereliabilityEngineering #SRE https://lnkd.in/esXY2WpD

🚨 Critical security risks in GitHub Actions exposed The Orca Research Pod has uncovered critical security risks across several high-profile open source repositories that relied on GitHub Actions. Due to misconfigured 𝗽𝘂𝗹𝗹_𝗿𝗲𝗾𝘂𝗲𝘀𝘁_𝘁𝗮𝗿𝗴𝗲𝘁 workflows, adversaries could escalate from an untrusted forked pull request to remote code execution (RCE) on both GitHub-hosted and self-hosted runners. During our investigation, we were able to exploit workflows maintained by Fortune 500 companies. All findings were responsibly disclosed to the affected organizations. Dive into Roi Nisimi's technical breakdown to see how these attacks can unfold in the real world. https://lnkd.in/gceWhyf8

🚨 Critical security risks in GitHub Actions exposed The Orca Research Pod has uncovered critical security risks across several high-profile open source repositories that relied on GitHub Actions. Due to misconfigured 𝗽𝘂𝗹𝗹_𝗿𝗲𝗾𝘂𝗲𝘀𝘁_𝘁𝗮𝗿𝗴𝗲𝘁 workflows, adversaries could escalate from an untrusted forked pull request to remote code execution (RCE) on both GitHub-hosted and self-hosted runners. During our investigation, we were able to exploit workflows maintained by Fortune 500 companies. All findings were responsibly disclosed to the affected organizations. Dive into Roi Nisimi's technical breakdown to see how these attacks can unfold in the real world. https://lnkd.in/gceWhyf8

☠️CRITICAL : Critical Sudo Flaw (CVE-2025-32463) Added to CISA KEV — Active Exploitation Reported (CVSS:9.3) CISA has added a high‑severity vulnerability in the ubiquitous sudo utility to its Known Exploited Vulnerabilities (KEV) catalog after receiving evidence of in‑the‑wild exploitation. The issue, tracked as CVE‑2025‑32463 and scored CVSS 9.3, was disclosed by Stratascale researcher Rich Mirch in July 2025. According to the agency’s entry, the flaw stems from an “inclusion of functionality from an untrusted control sphere” and can be abused via sudo’s -R / --chroot option. CISA warns this could allow a local adversary to run arbitrary commands as root, even when the attacker isn’t listed in sudoers. Details about exact exploitation techniques and attribution remain unclear as of the KEV listing. Key facts: • CVE: CVE‑2025‑32463 • Severity: CVSS 9.3 (Critical) • Discovery / Disclosure: Reported by Rich Mirch (Stratascale), disclosed July 2025 • KEV listing: Added by CISA in late September 2025 (CISA notes active exploitation) • Affected baseline: Sudo versions prior to the maintainer’s patched release (1.9.17p1 referenced in advisories) CISA’s KEV entry places immediate operational urgency on organizations that rely on affected Sudo installs; U.S. Federal Civilian Executive Branch agencies were given a firm cadence in guidance tied to the KEV timeline. The advisory also appears alongside several other recent KEV additions — a reminder that a cluster of high‑impact flaws is currently occupying defenders’ attention. What’s unusual here is the attack surface: sudo is one of the most widely deployed privilege‑delegation tools on Linux/*nix systems. A local elevation that bypasses standard sudoers checks touches a broad class of hosts and use cases — from developer workstations to multi‑tenant servers. Attribution and exploitation mechanics are still being analyzed by vendors and incident responders. Public advisories emphasize that investigations are ongoing and IDS/telemetry signals are being collected to map how this vulnerability is weaponized in active campaigns.

GitHub acts on npm security after Shai-Hulud worm attack: Enhanced trusted publishing to limit ongoing supply chain attacks. #Technology #ITNews

Authenticated SMB users can turn a ksmbd extended-attribute write into local root, CVE-2025-37947, check controls and patch now, do your teams monitor SMB xattr activity? ksmbd local root exploit, CVE-2025-37947 A recent write-up shows how a bug in ksmbd_vfs_stream_write() lets an authenticated user cause an out-of-bounds write past XATTR_SIZE_MAX, corrupt 16-page allocations, and ultimately escalate to root on Ubuntu 22.04 LTS. ⚠️ In plain terms, an attacker who can authenticate to a writable SMB share that uses streams_xattr can trigger a controlled 8-byte OOB write, shape the page allocator, collide with msg_msg and other kernel objects, create a use-after-free, leak kernel addresses, bypass KASLR and SMAP/SMEP, then run a ROP chain to get root. Remote exploitation is harder, but local escalation is demonstrated and reliable enough to be dangerous. Key takeaways: ▪️ Patch and reduce attack surface, now: apply kernel updates, disable streams_xattr or remove writable public SMB shares, and restrict authenticated SMB access to trusted accounts only. ▪️ Harden and monitor, practical steps: enable kernel hardening options where possible, instrument pagetype and kernel heap metrics, alert on unusual authenticated SMB activity, and include SMB paths in your vulnerability scans. 🛡️ At Passeca we help organisations turn findings like this into defensible outcomes, combining VMaaS and AppSec to find the risky paths, penetration testing to validate exploitability, Managed SOC and tuned detection to spot suspicious SMB activity, and Incident Response plus vCISO and GRC support to remediate and follow compliance best practices. Schedule a free consultation with us at: https://lnkd.in/eqSFKVig Sources: Doyensec detailed write-up on ksmbd CVE-2025-37947. #LinuxSecurity #VulnerabilityManagement #IncidentResponse #SMB

🎯A publicly available proof-of-concept (PoC) exploit has been released for CVE-2025-32463, a local privilege escalation (LPE) flaw in the Sudo utility that can grant root access under specific configurations. Security researcher Rich Mirch is credited with identifying the weakness, while a functional PoC and usage guide have been published in an open GitHub repository, accelerating the urgency for patching across Linux environments that rely on Sudo’s chroot functionality. According to the project documentation, versions 1.9.14 through 1.9.17 are vulnerable, with fixes available in 1.9.17p1 and later. Systems running legacy builds prior to 1.9.14 are not impacted because the chroot feature did not exist in those releases. 🔔 Stay connected for industry’s latest content – Follow Dr. Anil Lamba, CISSP #linkedin #teamamex #JPMorganChase #cybersecurity #technologycontrols #infosec #informationsecurity #GenAi #linkedintopvoices #cybersecurityawareness #innovation #techindustry #cyber #birminghamtech #cybersecurity #fintech #careerintech #handsworth #communitysupport #womenintech #technology #security #cloud #infosec #riskassessment #informationsecurity #auditmanagement #informationprotection #securityaudit #cyberrisks #cybersecurity #security #cloudsecurity #trends #grc #leadership #socialmedia #digitization #cyberrisk #education #Hacking #privacy #datasecurity #passwordmanagement #identitytheft #phishingemails #holidayseason #bankfraud #personalinformation #creditfraud https://lnkd.in/eXy3vwy9

AppSec in Motion — Highlights from OWASP AppSec Days France 2025 Last week in Paris, over 150 developers, security engineers, and OWASP community members gathered to dive into the heart of supply chain, identity, and pipeline security. Here’s what stood out: • Dependencies are attack surfaces — NPX tricks, unclaimed packages, cache poisoning, and maintainer hijacks all show how weak links upstream can break you. • Your CI/CD is your frontier — pipelines running with high privileges, unfiltered PRs, “pwn request” abuse, and bot-mediated trust bypasses demand we treat pipelines like production systems. • Passkeys = identity, reimagined — no secret leaves the device, WebAuthn challenges protect you from phishing, and cross-device flows simplify login securely. • Security is a team sport — nothing works in isolation. Developers, platform teams, identity owners, and operations must coordinate guardrails, policies, and culture. https://lnkd.in/e2bZ7ERk