Red Hat
-
BIND flaws could enable DNS cache poisoning; patches issued
BIND developers warned of two vulnerabilities, CVE-2025-40778 and CVE-2025-40780, that can enable DNS cache poisoning by allowing forged responses to be accepted; patches were released and operators are urged to apply them.
-
Crimson Collective targets AWS cloud instances to steal data and extort firms
Researchers at Rapid7 said the Crimson Collective has been exploiting exposed AWS credentials to create privileged IAM users, export database and storage snapshots for exfiltration, and issue extortion demands; AWS recommended using short‑term, least‑privileged credentials and provided remediation guidance.
-
High-severity flaw in Red Hat OpenShift AI could allow full cluster takeover, vendor warns
Red Hat warned that a CVE-2025-10725 flaw in OpenShift AI, scored 9.9 by CVSS, could let a low-privileged authenticated user escalate to cluster administrator, enabling data theft, service disruption and full platform takeover; Red Hat and a Bugzilla report provided mitigation steps and urged urgent patching and investigation.
