local privilege escalation
-
Critical Kirki flaw lets attackers take over WordPress admin accounts
Hackers are exploiting a critical flaw in the Kirki WordPress plugin to hijack user accounts, including admins, with more than 222 attack attempts blocked in 24 hours, according to Wordfence.
-
WordPress WP Maps Pro flaw under active attack, 2,858 attempts blocked
A critical WP Maps Pro flaw is being actively exploited to create WordPress administrator accounts, with Wordfence blocking 2,858 attacks in 24 hours. The issue affects versions through 6.1.0 and was fixed in 6.1.1.
-
Microsoft says two Defender flaws are under active exploitation
Microsoft said two Defender vulnerabilities, including one that could lead to SYSTEM privileges, are under active exploitation. CISA has added both flaws to its known exploited list and set a June 3 deadline for federal agencies.
-
Nine-year-old Linux kernel flaw can expose credentials and enable root access
Researchers disclosed a Linux kernel flaw that went unnoticed for nine years and could let a local attacker steal sensitive files or gain root access on some major distributions. Patches are available and a temporary workaround has also been outlined.
-
Linux kernel flaw gets proof of concept as distributions move on security fixes
Proof-of-concept code has been released for DirtyDecrypt, a Linux kernel flaw tied to CVE-2026-31635. The issue can allow local privilege escalation on systems with CONFIG_RXGK enabled, including some Fedora, Arch Linux, and openSUSE builds.
-
Linux flaw could let local users gain root on many systems
Researchers disclosed a Linux local privilege escalation flaw, called Copy Fail, that could let a local unprivileged user gain root on systems shipped since 2017. The issue affects multiple major distributions and has been assigned CVE-2026-31431.
-
Microsoft fixes Entra ID role flaw that could let users take over service principals
Microsoft fixed an Entra ID role flaw that could let users with the Agent ID Administrator role take over non-agent service principals, add credentials and potentially escalate privileges, according to a Silverfort technical analysis.
-
Microsoft patches critical ASP.NET Core flaw that could enable privilege escalation
Microsoft has issued an out-of-band fix for a critical ASP.NET Core vulnerability, CVE-2026-40372, that could let attackers elevate privileges and forge protected payloads under specific conditions.
-
Nine CrackArmor Flaws in Linux AppArmor Could Enable Local Root Escalation
Qualys disclosed nine confused deputy vulnerabilities in the Linux kernel AppArmor module that can allow unprivileged users to bypass protections, escalate to root, and undermine container isolation. Vendors and administrators should prioritise kernel patches.
-
Critical ACF Extended bug lets attackers gain admin on about 50,000 WordPress sites
A flaw in ACF Extended allows unauthenticated attackers to gain administrator privileges. The bug, CVE-2025-14533, affects versions 0.9.2.1 and earlier. About 50,000 sites may still be exposed. Update to 0.9.2.2.
