VulnHub

Real-time Cybersecurity News

Raspberry Pi OS 6.2 disables passwordless sudo by default

Help Net Security

Overview

Raspberry Pi OS 6.2, which is based on the Trixie version, has made a significant change by disabling passwordless sudo for new installations. This adjustment aims to enhance security and reduce the risk of unauthorized access. While passwordless sudo can be convenient for users, it also poses a security risk that can be exploited by attackers. The Raspberry Pi Foundation continues to review the operating system's security measures to strike a balance between usability and protection. Users installing the latest version will now be required to enter a password when using sudo commands, which adds a layer of security against potential threats.

Key Takeaways

  • Affected Systems: Raspberry Pi OS 6.2
  • Action Required: New installations of Raspberry Pi OS 6.
  • Timeline: Newly disclosed

Original Article Summary

Raspberry Pi OS 6.2, based on the Trixie version, introduces small changes, bug fixes, and disables passwordless sudo by default for new installations. Screenshot of password prompt (Source: Raspberry Pi) “We continually review the security of Raspberry Pi OS to ensure it is sufficiently robust to withstand potential attacks. This is always a balance, as anything that makes the operating system more secure can inconvenience legitimate users to some extent, so we try to keep … More → The post Raspberry Pi OS 6.2 disables passwordless sudo by default appeared first on Help Net Security.

Impact

Raspberry Pi OS 6.2

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Newly disclosed

Remediation

New installations of Raspberry Pi OS 6.2 will have passwordless sudo disabled by default.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Cursor AI Agent Wipes PocketOS Database and Backups in 9 Seconds

Hackread – Cybersecurity News, Data Breaches, AI and More

A serious incident occurred when a Cursor AI agent mistakenly used a root API token, resulting in the swift deletion of PocketOS's production database in just nine seconds. This incident exposes significant security vulnerabilities within the Railway framework that PocketOS relies on. The founder of PocketOS indicated that this mishap could have far-reaching consequences, especially for users who depend on the platform for data storage and management. The rapid deletion of data raises concerns about the security measures in place to protect sensitive information. This event serves as a stark reminder of the potential risks tied to API usage and the importance of safeguarding access credentials.

Apr 29, 2026

Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining

BleepingComputer

Hackers are taking advantage of two vulnerabilities in the Qinglong task scheduler, which is an open-source tool used by developers. These vulnerabilities allow attackers to bypass authentication, leading to unauthorized access. Once inside, the hackers deploy cryptominers on the affected servers, which can significantly drain resources and potentially compromise sensitive data. This situation poses a severe risk to developers and organizations using Qinglong, as it not only affects system performance but also raises concerns about data security. Users of this tool should take immediate action to secure their systems to prevent exploitation.

Apr 29, 2026

CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure

Security Affairs

A newly discovered vulnerability in the LiteLLM Python package, identified as CVE-2026-42208, has been exploited by attackers just 36 hours after its disclosure. This flaw allows for SQL injection through the proxy API key verification process, enabling unauthorized access and modification of sensitive database information. The rapid exploitation of this vulnerability raises concerns for developers and organizations using LiteLLM, as it could lead to significant data breaches and compromise of user data. Users and organizations need to take immediate action to secure their systems against this threat, as the vulnerability is already being actively targeted in the wild.

Apr 29, 2026

AI Finds 38 Security Flaws in Electronic Health Record Platform

darkreading

Researchers have identified 38 security flaws in OpenEMR, an electronic health record platform used by over 100,000 healthcare providers. These vulnerabilities could allow attackers to compromise databases, execute remote code, and steal sensitive data. Given that OpenEMR is widely used in the healthcare sector, the implications are significant, as patient information could be at risk. Healthcare providers need to take these findings seriously and assess their systems for potential exposure. Immediate action is necessary to protect sensitive health data from potential breaches.

Apr 29, 2026

Congress, industry ponder government posture for protecting data centers

CyberScoop

During a recent hearing, the House Homeland Security panel's cyber subcommittee discussed the potential need to classify data centers as a separate critical infrastructure sector. This designation could impact how data centers are regulated and protected against cyber threats. Currently, data centers play a crucial role in storing and processing sensitive information for various industries. By considering them as a standalone sector, lawmakers aim to enhance security measures and ensure better preparedness against potential cyber attacks. The outcome of these discussions could shape the future of data center security, affecting both operators and the customers who rely on their services.

Apr 29, 2026

Hackers arrested for hijacking and selling 610,000 Roblox accounts

BleepingComputer

Ukrainian police have apprehended three hackers accused of accessing and stealing over 610,000 Roblox accounts. The attackers allegedly sold these accounts for a total of $225,000, taking advantage of the popular online gaming platform's user base. Roblox, which is especially popular among children and teenagers, has been a target for cybercriminals due to its vast number of users. This incident raises concerns about account security and the potential risks for young gamers who may not be aware of the dangers of account theft. The arrests serve as a reminder for users to strengthen their online security practices, such as using unique passwords and enabling two-factor authentication.

Apr 29, 2026