433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019)

Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most Linux distributions “with minimal effort.” About the vulnerabilities (CVE-2025-6018, CVE-2025-6019) CVE-2025-6018 affects the Pluggable Authentication Modules (PAM) configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15, and allows an unprivileged local attacker – for example, an attacker who logs in via a remote SSH session – to gain the “allow_active” privileges … More → The post Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) appeared first on Help Net Security.
http://news.poseidon-us.com/TLQcnN

Jumio Liveness Premium combats deepfakes and injection attacks

Jumio launched Jumio Liveness Premium with advanced deepfake detection, the company’s most advanced biometric liveness detection solution to date. Jumio’s premium solution leverages a patented Jumio technology, combining randomized color sequences and AI-driven analysis to confirm human presence in real time, effectively stopping spoofing attacks before they impact businesses. With this release, Jumio adds another layer of security to the recently launched Jumio Liveness, an advanced, in-house liveness detection technology that expands beyond traditional presentation … More → The post Jumio Liveness Premium combats deepfakes and injection attacks appeared first on Help Net Security.
http://news.poseidon-us.com/TLQcmT

IBM integrations target security, governance for agents

“When these autonomous systems aren’t properly governed or secured, they can carry steep consequences,” said Ritika Gunnar, general manager of data and AI. 
http://news.poseidon-us.com/TLQZNJ

New NIST 5G Cybersecurity White Paper – Network Security Design Principles

The National Cybersecurity Center of Excellence (NCCoE) has published the sixth white paper in its series Applying 5G Cybersecurity and Privacy Capabilities . The series targets technology, cybersecurity, and privacy program managers within
http://news.poseidon-us.com/TLQT1y

Dashlane’s AI model alerts businesses to phishing risks

Dashlane introduced AI phishing alerts, an advancement to the Dashlane Omnix platform that protects enterprises and users against threats targeting user credentials. Trained by Dashlane on both legitimate and phishing sources, the new innovation detects and alerts users to phishing risks the moment they visit a suspicious website, while giving admins the insights to secure employees against phishing domains. AI has made it even easier for threat actors to continually evolve their tactics to evade … More → The post Dashlane’s AI model alerts businesses to phishing risks appeared first on Help Net Security.
http://news.poseidon-us.com/TLQLmt

Kusari Inspector improves supply chain security

Kusari unveiled Kusari Inspector, an AI-based pull request security tool that brings cutting-edge security risk analysis directly into developers’ daily workflows. In Kusari Inspector, Kusari has brought together a powerful combination of industry standards, AI, and dependency graph analysis, to help organizations detect software supply chain risks early during the pull request process, and address them before code integration. The tool finds security weaknesses and supply chain risks in order to maintain secure development throughout … More → The post Kusari Inspector improves supply chain security appeared first on Help Net Security.
http://news.poseidon-us.com/TLQG1X

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security

As applications become more distributed, traditional monitoring and security tools are failing to keep pace. This article explores how eBPF, when utilized by the graduated CNCF Cilium and its sub-project Tetragon, combined with Software Bills of Materials (SBOMs), can provide insights and a security feedback loop for modern systems. We’ll create a container image and its SBOM. We’ll then launch it, simulate a breach, and see how our eBPF-based setup with Tetragon captures the issue. … More → The post Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security appeared first on Help Net Security.
http://news.poseidon-us.com/TLQG1W

35 open-source security tools to power your red team, SOC, and cloud security

This article showcases free, open-source security tools that support your organization’s teams in red teaming, threat hunting, incident response, vulnerability scanning, and cloud security. Autorize: Burp Suite extension for automatic authorization enforcement detection Autorize is an open-source Burp Suite extension that checks if users can access things they shouldn’t. It runs automatic tests to help security testers find authorization problems. BadDNS: Open-source tool checks for subdomain takeovers BadDNS is an open-source Python DNS auditing tool … More → The post 35 open-source security tools to power your red team, SOC, and cloud security appeared first on Help Net Security.
http://news.poseidon-us.com/TLQG0F