Mastodawn

A serious Ubuntu vulnerability (CVE-2026-3888) allows local users to gain full root access. If you run Ubuntu 24.04 or later, you should update your system right now.

More details here: https://ostechnix.com/ubuntu-snapd-privilege-escalation-cve-2026-3888-fix/

#Ubuntu #Snapd #CVE20263888 #Security #Qualys #Linux

Critical Ubuntu Snapd Bug (CVE-2026-3888) Lets Users Get Root Access – Patch Now! - OSTechNix

Protect your Ubuntu system from CVE-2026-3888. Learn how this snapd privilege escalation flaw allows root access and apply the fix for Ubuntu 24.04 LTS.

OSTechNix

Skunnyk Mar 12

CrackArmor: Multiple vulnerabilities in #AppArmor "Bypassing Ubuntu's user-namespace restrictions
AppArmor + Sudo + Postfix = root
Kernel vulnerabilities". https://seclists.org/oss-sec/2026/q1/303 #infosec #qualys

oss-sec: Re: Multiple vulnerabilities in AppArmor

Harry Sintonen Mar 12

#CrackArmor: Multiple vulnerabilities in #AppArmor

Blogpost: https://blog.qualys.com/vulnerabilities-threat-research/2026/03/12/crackarmor-critical-apparmor-flaws-enable-local-privilege-escalation-to-root

Advisory: https://cdn2.qualys.com/advisory/2026/03/10/crack-armor.txt

These vulnerabilities allow a local attacker to bypass the security normally provided by AppArmor. Also, in some situations, it allows privilege escalation to root by selectively blocking specific syscalls.

#infosec #cybersecurity #qualys

CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root | Qualys

Qualys TRU has discovered confused deputy vulnerabilities in AppArmor (named “CrackArmor”) that allow unprivileged users to bypass kernel protections, escalate to root, and break container isolation. The flaw has existed since 2010, and compromises 20 million+ systems globally. Immediate kernel patching is recommended to neutralize these vulnerabilities.

Qualys

bno Jan 26

Currently doing a course on #Qualys and they have a subject called "Cyber Security Asset Management" with the... unfortunate... abbreviation CSAM.

Seems like someone didn't do their homework 😂

Tycoon World Oct 17

Qualys ETM Expands with Agentic AI: Identity Security, TruLens, and Exploit Validation

#TycoonWorld #Qualys #QualysETM #TruRisk #EnterpriseTruRiskManagement #QualysSecurity #QualysPlatform #CyberRiskManagement

https://tycoonworld.in/qualys-etm-expands-with-agentic-ai-identity-security-trulens-and-exploit-validation/

Qualys ETM Expands with Agentic AI: Identity Security, TruLens, and Exploit Validation – Tycoon World

Qualys ETM meets this challenge by integrating Identity Risk Posture Management, contextual threat intelligence, and exposure exploitability validation within

Tycoon World

News Upturn Oct 17

Qualys ETM: New TruLens for Threat Prioritization & TruConfirm for Exploit Proof

#NewsUpturn #Qualys #QualysETM #TruRisk #EnterpriseTruRiskManagement #QualysSecurity #QualysPlatform #CyberRiskManagement

https://newsupturn.com/qualys-etm-new-trulens-for-threat-prioritization-truconfirm-for-exploit-proof/

Qualys ETM: New TruLens For Threat Prioritization & TruConfirm For Exploit Proof - News Upturn

The rapid rise of agentic AI has dramatically increased both the scale and complexity of cyberattacks, creating new challenges for already-stretched security

News Upturn

Mark Stosberg Aug 7, 2025

Instead of building navigation with icons, Qualys thought it'd be a great idea to use boxes, each containing an acronym which can stand for any number of things.

If you are thinking that CSAM is for Child Sexual Abuse Material, that PM is for Project Management and PS is for Photoshop, well, you'd be wrong on all counts.

Can you guess why some buttons are different colors but the different colors are not all grouped together? Me neither.

#qualys #infosec #cybersecurity #design #softwaregore

Fringed Crow

Aug 4, 2025

Seems the Qualys US realms are struggling this morning. Outages across the board for the US platforms.

#Qualys #MondayMorningBlues

sekurak News Jul 16, 2025

Kolejne podatności w sudo, tym razem moduły uwierzytelniania PAM

O tym, że sudo (czytane su-du) to krytyczny komponent systemu operacyjnego, z punktu widzenia nie tylko użyteczności ale przede wszystkim – bezpieczeństwa, przekonywaliśmy nie raz. Ostatnio opisywaliśmy ciekawe podatności dotyczące przełączników –host oraz –chroot. Tym razem, przyjrzymy się dwóm podatnościom z kategorii błędów logicznych – CVE-2025-6018 oraz CVE-2025-6019. Luki zostały...

#WBiegu #Linux #Opensuse #Qualys #Security #Sudo

https://sekurak.pl/kolejne-podatnosci-w-sudo-tym-razem-moduly-uwierzytelniania-pam/

Kolejne podatności w sudo, tym razem moduły uwierzytelniania PAM

Sekurak

[email protected]Jun 19, 2025

#Patches kommen:

Zwei Lücken verleihen #Angreifern #Root-Rechte unter #Linux

Durch Verkettung der beiden Lücken lassen sich #Linux-Systeme vollständig kompromittieren. Admins sollten so bald wie möglich patchen.

#Sicherheitsforscher von #Qualys haben zwei gefährliche #Sicherheitslücken aufgedeckt, mit denen Angreifer auf #Linux-Systemen einen #Root-Zugriff erlangen können.

https://www.golem.de/news/patches-kommen-zwei-luecken-verleihen-angreifern-root-rechte-unter-linux-2506-197246.html

Patches kommen: Zwei Lücken verleihen Angreifern Root-Rechte unter Linux - Golem.de

Durch Verkettung der beiden Lücken lassen sich Linux-Systeme vollständig kompromittieren. Admins sollten so bald wie möglich patchen.

Golem.de