Hacker News with Generative AI: Vulnerabilities

Linux Patch Queued to Report Outdated Intel CPU Microcode as a Vulnerability (phoronix.com)
Last year a patch was raised for the Linux kernel that would report outdated CPU microcode versions as a security vulnerability.
Can We Trust CVE? (opensourcesecurity.io)
If you are a security nerd, and even if you’re not, you probably heard about the epic CVE mess that happened. It’s a very long story and was covered in many places, but the TL;DR was the funding for CVE fell through, panic ensued, then CISA found some temporary funds to keep the lights, so everything is fine and we can all go back to normal.
Cisco Webex bug lets hackers gain code execution via meeting links (bleepingcomputer.com)
Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links.
Cross-Site WebSocket Hijacking Exploitation in 2025 (includesecurity.com)
Some of my favorite findings discovered during our client assessments at Include Security have exploited Cross-Site Websocket Hijacking (CSWSH) vulnerabilities.
The CVE program for tracking security flaws is about to lose federal funding (theverge.com)
Financial support for the system that tracks publicly disclosed cybersecurity vulnerabilities expires on April 16th.
Uncovering a 0-Click RCE in the SuperNote Nomad E-Ink Tablet (prizmlabs.io)
Uncovering a 0-Click RCE in the SuperNote Nomad E-ink Tablet
MCP Security Notification: Tool Poisoning Attacks (invariantlabs.ai)
Invariant has discovered a critical vulnerability in the Model Context Protocol (MCP) that allows for what we term Tool Poisoning Attacks. This vulnerability can lead to sensitive data exfiltration and unauthorized actions by AI models. We explain the attack vector, its implications, and mitigation strategies. We urge users to exercise caution when connecting to third-party MCP servers and to implement security measures to protect sensitive information.
Zero Day in Microchip SAM Microcontrollers (recessim.com)
This write-up will cover analysis of the Microchip (ATMEL) SAM4C32 microcontroller vulnerability that allows an attacker to gain unlocked JTAG access to a previously locked device.
Microsoft reports several bootloader vulnerabilities (microsoft.com)
By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot as well as IoT devices.
Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX (wiz.io)
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover.  This attack vector has been assigned a CVSS v3.1 base score of 9.8. 
RCE Vulnerabilities in K8s Ingress Nginx (9.8 CVE for ingress-Nginx) (wiz.io)
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover.  This attack vector has been assigned a CVSS v3.1 base score of 9.8.
Leaking Passwords and more on macOS (wts.dev)
This article discusses a vulnerability, CVE-2024-54471, that was patched as part of the Apple security releases: macOS Sequoia 15.1, macOS Sonoma 14.7.1, and macOS Ventura 13.7.1 (all released on October 28th, 2024). If you use a macOS device and are not on one of these updated versions: update now!
Grease: An Open-Source Tool for Uncovering Hidden Vulnerabilities in Binary Code (galois.com)
Proactively and defensively ensuring the absence of vulnerabilities in binary code is crucial for deploying high-assurance systems. GREASE is an open-source tool leveraging under-constrained symbolic execution to help software reverse engineers analyze binaries and uncover hard-to-spot bugs, ultimately enhancing system security. This kind of binary analysis is especially important for systems that include COTS software that is only provided in binary form.
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials (github.blog)
Critical authentication bypass vulnerabilities (CVE-2025-25291 + CVE-2025-25292) were discovered in ruby-saml up to version 1.17.0. Attackers who are in possession of a single valid signature that was created with the key used to validate SAML responses or assertions of the targeted organization can use it to construct SAML assertions themselves and are in turn able to log in as any user.
Broadcom urges VMware customers to patch 'emergency' zero-day bugs (techcrunch.com)
U.S. technology giant Broadcom is warning that a trio of VMware vulnerabilities are being actively exploited by malicious hackers to compromise the networks of its corporate customers.
Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate (arstechnica.com)
Three critical vulnerabilities in multiple virtual-machine products from VMware can give hackers unusually broad access to some of the most sensitive environments inside multiple customers’ networks, the company and outside researchers warned Tuesday.
Hash Denial-of-Service Attack in Multiple QUIC Implementations (github.com/ncc-pbottine)
This technical advisory describes a class of vulnerabilities affecting several QUIC implementations.
Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China (gfw.report)
We present Wallbleed, a buffer over-read vulnerability that existed in the DNS injection subsystem of the Great Firewall of China.
An illustrated guide to the Kaminsky DNS vulnerability (2008) (unixwiz.net)
The big security news of Summer 2008 has been Dan Kaminsky's discovery of a serious vulnerability in DNS. This vulnerability could allow an attacker to redirect network clients to alternate servers of his own choosing, presumably for ill ends.
Critical PostgreSQL bug tied to zero-day attack on US Treasury (theregister.com)
A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.
7-Zip 0-day was exploited in Russia's ongoing invasion of Ukraine (arstechnica.com)
Researchers said they recently discovered a zero-day vulnerability in the 7-Zip archiving utility that was actively exploited as part of Russia's ongoing invasion of Ukraine.
7-Zip 0-day was exploited in Russia's ongoing invasion of Ukraine (arstechnica.com)
Researchers said they recently discovered a zero-day vulnerability in the 7-Zip archiving utility that was actively exploited as part of Russia's ongoing invasion of Ukraine.
A look at the recent rsync vulnerability (lwn.net)
Patient Monitor Contec CMS8000 Contains a Backdoor (cisa.gov)
This fact sheet details an analysis of three firmware package versions of the Contec CMS8000, a patient monitor used by the U.S. Healthcare and Public Health (HPH) sector. Analysts discovered that an embedded backdoor function with a hard-coded IP address, CWE – 912: Hidden Functionality (CVE-2025-0626), and functionality that enables patient data spillage, CWE – 359: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2025-0683), exists in all versions analyzed.
Apple fixes this year's first actively exploited zero-day bug (bleepingcomputer.com)
Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users.
Over 660k Rsync servers exposed to code execution attacks (bleepingcomputer.com)
Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers.
Rsync vulnerabilities (openwall.com)
Two independent groups of researchers have identified a total of 6 vulnerabilities in rsync. In the most severe CVE, an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on.
Rsync: Vulnerabilities (openwall.com)
Two independent groups of researchers have identified a total of 6 vulnerabilities in rsync. In the most severe CVE, an attacker only requires anonymous read access to a rsync server, such as a public mirror, to execute arbitrary code on the machine the server is running on.
Oasis Security Research Team Discovers Microsoft Azure MFA Bypass (oasis.security)
Oasis Security's research team uncovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Microsoft has more than 400 million paid Office 365 seats, making the consequences of this vulnerability far-reaching.
AMD's trusted execution environment blown wide open by new BadRAM attack (arstechnica.com)
One of the oldest maxims in hacking is that once an attacker has physical access to a device, it’s game over for its security.