Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.166/6.1.109/6.6.50/6.10.9. This affects the function generate_preauth_hash. Executing a manipulation can lead to null pointer dereference. This vulnerability is tracked as CVE-2024-46795. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.6.50/6.10.9. This impacts the function queued_spin_lock_slowpath. The manipulation leads to improper initialization. This vulnerability is traded as CVE-2024-46797. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.10.9. Affected is the function COMP_DUMMY of the component Intel. Executing a manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2024-46793. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.109/6.6.50/6.10.9. It has been classified as problematic. This affects the function mmio_read of the component tdx. The manipulation leads to improper initialization. This vulnerability is documented as CVE-2024-46794. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

After Hacker Site Gets Resurrected, Cybercrime Group Denies All Involvement
Drama continues fast and furious in BreachForums land, as someone claiming to be part of the ShinyHunters crime group said they've rebooted the long-running and oft-disrupted forum yet again. But an official ShinyHunters channel denied the group having involvement in any such reboots.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

Fortinet выпустила экстренное обновление, чтобы закрыть удаленный доступ к серверам.

The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the TeamPCP threat actor proved just how valuable developer machines are. Their supply chain attack on

60% скрытых атак нацелены не на кражу денег, а на промышленный шпионаж.

Google’s Vulnerability Reward Program (VRP) celebrated its 15th anniversary in 2025 by breaking every payout record in its history. The tech giant awarded a staggering $17 million to external security researchers worldwide, representing a massive 40% surge compared to 2024. Over 700 ethical hackers from across the globe successfully identified and responsibly disclosed vulnerabilities, proving […]

The post Google’s Bug Bounty Program Hits All-Time High With $17 Million in 2025 Payouts appeared first on Cyber Security News.

For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The European Commission, the European Union’s executive body, has confirmed a data breach after its Europa.eu platform was compromised through a third-party exchange linked to the Trivy supply chain attack. The incident […]

The post 6th April – Threat Intelligence Report appeared first on Check Point Research.

The Apache Software Foundation has released emergency security updates to address two severe vulnerabilities in the Apache Traffic Server (ATS). ATS operates as a high-performance web proxy cache that improves network efficiency and handles massive volumes of enterprise web traffic. These newly discovered flaws stem from how the server processes HTTP requests with message bodies. […]

The post Apache Traffic Server Vulnerabilities Let Attackers Trigger DoS Attack appeared first on Cyber Security News.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.10.9. The impacted element is the function raw_copy_to_user/raw_copy_from_user. The manipulation results in memory corruption. This vulnerability is cataloged as CVE-2024-46792. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.225/5.15.166/6.1.109/6.6.50/6.10.9 and classified as critical. Affected by this issue is the function mcp251x_hw_wake of the component mcp251x. Executing a manipulation can lead to deadlock. This vulnerability is registered as CVE-2024-46791. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.10.9. Affected is the function prepare_slab_obj_exts_hook. Such manipulation leads to allocation of resources. This vulnerability is listed as CVE-2024-46789. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.10.9 and classified as problematic. Affected by this vulnerability is the function free_pages_prepare in the library /include/linux/alloc_tag.h of the component codetag. Performing a manipulation results in allocation of resources. This vulnerability is cataloged as CVE-2024-46790. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.50/6.10.9. This affects the function start_kthread of the component osnoise. Performing a manipulation results in null pointer dereference. This vulnerability was named CVE-2024-46788. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.50/6.10.9. The affected element is the function timer_reduce of the component fscache. The manipulation leads to use after free. This vulnerability is listed as CVE-2024-46786. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.6.50/6.10.9. Affected by this vulnerability is the function list_del_rcu of the file /sys/kernel/debug/tracing/kprobe_events of the component eventfs. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2024-46785. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic was found in Linux Kernel up to 6.10.9. This affects the function tcp_bpf_sendmsg. The manipulation results in unchecked return value. This vulnerability is identified as CVE-2024-46783. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.