Elevation of Privileges
Microsoft: Windows ‘inetpub’ folder created by security fix, don’t delete
Microsoft has now confirmed that an April 2025 Windows security update is creating a new empty “inetpub” folder and warned users not to delete it. This folder is typically used by Microsoft’s Internet Information Services (IIS), a web server platform that can be enabled via the Windows Features dialog to host websites and web apps. […]
Google fixes Android zero-days exploited in attacks, 60 other flaws
Google has released patches for 62 vulnerabilities in Android’s April 2025 security update, including two zero-days exploited in targeted attacks. One of the zero-days, a high-severity privilege escalation security vulnerability (CVE-2024-53197) in the Linux kernel’s USB-audio driver for ALSA Devices, was reportedly exploited by Serbian authorities to unlock confiscated Android devices as part of a zero-day exploit chain developed […]
Google fixes Android zero-day exploited by Serbian authorities
Google has released patches for 43 vulnerabilities in Android’s March 2025 security update, including two zero-days exploited in targeted attacks. Serbian authorities have used one of the zero-days, a high-severity information disclosure security vulnerability (CVE-2024-50302) in the Linux kernel’s driver for Human Interface Devices, to unlock confiscated devices. The flaw was reportedly exploited as part of an Android zero-day exploit […]
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks
Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows. The vulnerable drivers were exploited in ‘Bring Your Own Vulnerable Driver’ (BYOVD) attacks where threat actors drop the kernel driver on a targeted system to elevate privileges. “An attacker with local access to a […]
Exploits for unpatched Parallels Desktop flaw give root on Macs
Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices. Parallels Desktop is a virtualization software that allows Mac users to run Windows, Linux, and other operating systems alongside macOS. It is very popular among developers, businesses, and casual users […]
Microsoft fixes Power Pages zero-day bug exploited in attacks
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-24989, is an improper access control problem impacting Power Pages, allowing unauthorized actors to elevate their privileges over a network and bypass user registration controls. Microsoft says it […]
Google fixes Android kernel zero-day exploited in attacks
The January 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability tagged as exploited in the wild. This high-severity zero-day (tracked as CVE-2024-53104) is a privilege escalation security flaw in the Android Kernel’s USB Video Class driver that allows authenticated local threat actors to elevate privileges in low-complexity attacks. The issue occurs because the driver […]
Hackers use Windows RID hijacking to create hidden admin account
A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions. The hackers used a custom malicious file and an open source tool for the hijacking attack. Both utilities can perform the attack but researchers at South Korean cybersecurity company AhnLab say that […]
Windows kernel bug now exploited in attacks to gain SYSTEM privileges
CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. Tracked as CVE-2024-35250, this security flaw is due to an untrusted pointer dereference weakness that allows local attackers to gain SYSTEM privileges in low-complexity attacks that don’t require user interaction. While Microsoft didn’t share more details in a security […]
Palo Alto Networks patches two firewall zero-days used in attacks
Palo Alto Networks has finally released security updates for two actively exploited zero-day vulnerabilities in its Next-Generation Firewalls (NGFW). The first flaw, tracked as CVE-2024-0012, is an authentication bypass found in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges without requiring authentication or user interaction. The second one (CVE-2024-9474) is a PAN-OS privilege escalation […]