VulnHub

Docker has addressed a significant vulnerability that allowed attackers to bypass authorization controls and create containers with excessive privileges. This issue arose from a crafted HTTP request that could make restricted containers invisible to authentication and authorization plugins. As a result, unauthorized users could gain elevated access, potentially allowing them to execute harmful actions within the system. This vulnerability affects users of Docker's containerization platform, and it is crucial for organizations to apply the latest patches to safeguard their environments. Docker has released updates to fix this flaw, emphasizing the importance of maintaining security best practices in container management.

Researchers have discovered a long-hidden vulnerability in Apache ActiveMQ Classic, a widely-used messaging server. This bug was identified with the help of Anthropic's Claude AI, marking a significant find after 13 years. The vulnerability could allow attackers to manipulate message queues, potentially leading to data leaks or service disruptions. Companies that rely on ActiveMQ for their messaging infrastructure should take this discovery seriously, as it affects their systems' security. Users are urged to review their configurations and apply any available updates to mitigate risks associated with this flaw.

Voxbeam Telecommunications, a major U.S. voice service provider, has been fined $4.5 million by the Federal Communications Commission (FCC) for mishandling call traffic. The FCC found that Voxbeam accepted suspicious call traffic from a foreign provider without proper authorization. This incident raises concerns about the integrity of telecommunications networks and the potential for abuse through unauthorized call traffic. The fine serves as a reminder for voice service providers to ensure compliance with regulations designed to combat robocalls and protect consumers. As the issue of robocalls continues to plague many Americans, this action by the FCC aims to strengthen enforcement against companies that contribute to the problem.

Researchers have discovered two vulnerabilities in the Common Unix Printing System (CUPS), which is widely used in Linux and other Unix-like systems. These vulnerabilities could allow attackers to execute remote code and overwrite root files on affected networks without needing authentication. This poses a significant risk, as it could enable unauthorized access and control over systems that rely on CUPS for printing tasks. Organizations using CUPS should be particularly vigilant, as these flaws could lead to severe network breaches. The vulnerabilities have raised concerns about the security of systems that utilize this printing service, making immediate attention and action essential.

Researchers have identified several vulnerabilities in AI agents that could expose them to attacks through malicious web content. These attacks can lead to command injection and cause the AI to behave unexpectedly. This issue is particularly concerning as it may affect various AI systems across different sectors, potentially leading to unauthorized access or manipulation of data. Users and organizations that rely on AI technology need to be aware of these risks and take appropriate measures to safeguard their systems. The findings emphasize the importance of securing AI agents against evolving web-based threats.

According to the FBI, Americans lost nearly $21 billion to cyber-enabled crimes in the past year. The report identifies investment scams, business email compromise, tech support fraud, and data breaches as the primary drivers of these losses. This staggering amount reflects the growing sophistication of cybercriminals and the vulnerabilities that individuals and businesses face. Victims range from everyday citizens to large organizations, all of whom are at risk of falling prey to these types of scams. The increasing financial impact of cybercrime emphasizes the need for better awareness and protective measures to safeguard against such threats.

Grafana has patched a significant vulnerability that could have allowed attackers to exploit artificial intelligence features on their platform. By embedding harmful instructions in a webpage controlled by the attacker, the AI could interpret these commands as legitimate requests, potentially leading to the exposure of sensitive user data. This issue raises concerns for organizations using Grafana, as it highlights the risks associated with AI integrations in web applications. Users are advised to update their Grafana installations to safeguard against this vulnerability, which could have serious implications for data security if left unaddressed.

Cybercrime is becoming an increasingly costly issue, with losses from online crime surpassing $20 billion in 2025, according to the FBI’s Internet Crime Complaint Center (IC3). This marks a significant 26% increase from the previous year, driven largely by fraud, which accounted for about 85% of the total losses. The report indicates that over one million complaints were filed, with cyber-enabled fraud alone resulting in nearly $17.7 billion in damages. The rise in these financial losses points to a growing vulnerability among individuals and businesses, emphasizing the urgent need for improved cybersecurity measures. As online crime continues to evolve, both users and organizations must remain vigilant to protect themselves from these threats.