Stratascale
Stratascale

Vulnerability Advisory: Sudo Host Option Elevation of Privilege

Vulnerability Advisory: Sudo Host Option Elevation of Privilege

Jun 30, 2025

Stratascale's Cybersecurity Research Unit (CRU) uncovered a local privilege escalation vulnerability in Sudo (CVE-2025-32462). By exploiting the host option, attackers can gain root access on affected Linux systems. A patch is available, review your systems to stay secure.

Vulnerability Advisory: Sudo chroot Elevation of Privilege

Vulnerability Advisory: Sudo chroot Elevation of Privilege

Jun 30, 2025

Stratascale’s Cybersecurity Research Unit (CRU) has identified a critical local privilege escalation vulnerability in Sudo (CVE-2025-32463). This flaw, tied to the chroot feature, allows any local unprivileged user to gain root access even without specific Sudo rules. Affected systems should be reviewed immediately to ensure a patched version is installed.

The Power of CTEM & How to Take Advantage of It

The Power of CTEM & How to Take Advantage of It

Jun 26, 2025

Traditional security tools and annual pentests can’t keep up. Continuous Threat Exposure Management (CTEM) delivers real-time visibility and risk-based prioritization to outpace attackers. Learn how CTEM turns reactive security into proactive protection.

Vulnerability Advisory: Ubuntu Apport Insecure File Permissions

Vulnerability Advisory: Ubuntu Apport Insecure File Permissions

Jun 12, 2025

Stratascale’s Cybersecurity Research Unit (CRU) discovered an information disclosure vulnerability in Ubuntu’s Apport crash reporting system (CVE-2025-5467). Improper file permissions allowed users in the same group to access sensitive crash data. Ubuntu has released a fix, update now to stay secure.

Keys to Achieving Continuous Cloud Security | Part Three

Keys to Achieving Continuous Cloud Security | Part Three

May 29, 2025

The final blog in our three-part series on continuous cloud security offers actionable ways to shift cloud security to the left to increase collaboration between security and DevOps teams, identify misconfigurations sooner, and minimize risk.

Vulnerability Advisory: Osquery Component Bundled with Microsoft Defender for Endpoint on Linux

Vulnerability Advisory: Osquery Component Bundled with Microsoft Defender for Endpoint on Linux

May 27, 2025

Stratascale's Cybersecurity Research Unit (CRU) discovered a local privilege escalation flaw in Microsoft Defender for Endpoint on Linux (CVE-2025-47161). The Osquery component allowed unprivileged users to gain root access. Microsoft has issued a patch—learn more to stay protected.

Vulnerability Advisory: Microsoft Defender for Endpoint on Linux Elevation of Privilege

Vulnerability Advisory: Microsoft Defender for Endpoint on Linux Elevation of Privilege

May 13, 2025

Stratascale's Cybersecurity Research Unit (CRU) recently discovered an elevation of privilege vulnerability in Microsoft Defender for Endpoint on Linux and disclosed the vulnerability to the Microsoft Security Response Center (MSRC) who assigned it CVE-2025-26684 and released a fix.

Keys to Achieving Continuous Cloud Security | Part Two

Keys to Achieving Continuous Cloud Security | Part Two

May 8, 2025

Read part two of our three-part series dedicated to helping you achieve continuous cloud security. In this article, we dive into Phase Two of the process, known as "Getting to Green."

Zero Trust Guide

Zero Trust Guide

Apr 18, 2025

Discover how the Kipling Method can help you elevate Zero Trust efforts by giving you a comprehensive view of access requests, strengthening your organization's security posture.

Keys to Achieving Continuous Cloud Security | Part One

Keys to Achieving Continuous Cloud Security | Part One

Apr 9, 2025

As cyber threats evolve, robust cloud security is essential for protecting your business. However, creating a continuous cloud security program can be complex. Our team simplifies this process into three phases to enhance your program's maturity. Explore part one of this three-part series now.

KISS Your Zero Trust Woes Goodbye

KISS Your Zero Trust Woes Goodbye

Mar 12, 2025

Learn how applying the KISS principle—Keep It Simple, Straightforward—to Zero Trust implementation can streamline processes, secure critical assets, and strengthen your organization's security posture.

2025 Success Guide

2025 Success Guide

Jan 21, 2025

Delve into this guide for actionable ways to equip your security team with the necessary knowledge and tools to turn cybersecurity into a strategic advantage and position your organization for lasting success.

Four Steps to Secure Your Supply Chain & Reduce Risk

Four Steps to Secure Your Supply Chain & Reduce Risk

Jan 9, 2025

Discover how comprehensive risk assessments, supply chain security evaluations, robust third-party risk management, and incident response planning can transform your supply chain into a resilient, secure component of your business strategy.

Protecting Your Organization from AI-Enabled Cyber Threats

Protecting Your Organization from AI-Enabled Cyber Threats

Dec 19, 2024

AI-enabled cyber threats are reshaping cybersecurity by enhancing phishing, enabling deepfakes, and automating malware, leading to more sophisticated and scalable attacks. Find out how you can fortify your defenses against these emerging threats with practical tactics.

Continuous Penetration Testing is Your New Offensive Weapon

Continuous Penetration Testing is Your New Offensive Weapon

Nov 25, 2024

The cybersecurity battlefield demands more than outdated defenses. Static "point-in-time" penetration testing isn't enough to combat today's sophisticated threats—it's like bringing a knife to a gunfight. Find out how continuous penetration testing (CPT) offers a proactive approach.