Thursday , April 24 2025

infosecbulletin

OPA Gatekeeper Bypass Unveils Risks in Kubernetes Policy Engines

OPA Gatekeeper

A recent Aqua Security report highlights major security risks in Kubernetes policy enforcement, especially with Open Policy Agent (OPA) Gatekeeper. Although OPA Gatekeeper is commonly used for security policies in Kubernetes, researchers found methods to bypass its controls due to frequent misconfigurations and weak policies. According to the report, “Implementing …

Read More »

(CVE-2025-23419)
F5 Warns of TLS Session Resumption Vulnerability in NGINX

F5 has warned of a vulnerability in NGINX, a widely used web server software. The issue, known as CVE-2025-23419, could let attackers bypass client certificate authentication and gain unauthorized access to sensitive resources. When name-based virtual hosts are configured to share the same IP address and port combination, with TLS …

Read More »

CISA Adds 4 Actively Exploited Vuls to KEV Catalog

KEV

CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, noting they are actively being exploited. The list of vulnerabilities is as follows: CVE-2024-45195 (CVSS score: 7.5/9.8) – (A vulnerability in Apache OFBiz that lets a remote attacker gain unauthorized access and run code on the server, fixed …

Read More »

AMD Patches CPU Vulnerability

AMD

AMD announced patches on Monday for a microprocessor vulnerability that risks the loss of Secure Encrypted Virtualization (SEV) protection, potentially allowing attackers to load harmful microcode. CVE-2024-56161, with a CVSS score of 7.2, is a bug involving improper signature verification in the AMD CPU microcode patch loader’s read-only memory. The …

Read More »

Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts

Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants have been targeted by attacks, showing the changing tactics of threat actors. HTTP client tools are software that allows users to send HTTP requests and receive responses from web servers. …

Read More »

Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104

Google

Google has released patches for 47 security flaws in Android, including one that is actively being exploited. CVE-2024-53104 (CVSS score: 7.8) is a vulnerability that allows privilege escalation in the USB Video Class (UVC) driver kernel component. Successful exploitation of the flaw could lead to physical escalation of privilege, Google said, …

Read More »

CVE-2025-21415
Microsoft Patches Critical Azure AI Face Service Vulnerability

Azure AI Face

Microsoft has released patches for two critical security flaws in Azure AI Face Service and Microsoft Account that could allow an attacker to escalate their privileges. The flaws are listed below: CVE-2025-21396 (CVSS score: 7.5) – Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) – Azure AI Face …

Read More »