Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.134/6.6.87/6.12.24/6.14.3. Affected is an unknown function. The manipulation of the argument speed leads to divide by zero. This vulnerability is traded as CVE-2025-37770. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.134/6.6.87/6.12.23/6.13.11/6.14.2 and classified as critical. This vulnerability affects unknown code. The manipulation leads to deadlock. This vulnerability was named CVE-2025-23163. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.134/6.6.87/6.12.24/6.14.3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument speed leads to divide by zero. This vulnerability is handled as CVE-2025-37766. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.2.6. This affects the function fsmap_head of the component ext4. The manipulation leads to off-by-one. This vulnerability is uniquely identified as CVE-2023-53143. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

中国工程院院士吴世忠在由同济大学和上海市杨浦区人民政府联合主办的2025年世界人工智能大会智能社会论坛上做了题为《大模型安全治理的现状与展望》的主旨演讲。

有些人迷信QUIC，若遭遇强大的沿线设备，存在信息泄露风险。

Что творится у горизонта событий, не объясняет ни одна старая теория.

A suspected zero-day vulnerability in SonicWall firewall devices that the Akira ransomware group is actively exploiting. The flaw allows attackers to gain initial access to corporate networks through SonicWall’s SSL VPN feature, leading to subsequent ransomware deployment. In late July 2025, security researchers observed a significant increase in ransomware attacks leveraging SonicWall devices. The evidence […]

The post SonicWall Firewall Devices 0-day Vulnerability Actively Exploited by Akira Ransomware appeared first on Cyber Security News.

This week’s cybersecurity landscape is dominated by the active exploitation of zero-day vulnerabilities and sophisticated supply chain attacks targeting widely […]

The post Weekly Threat Landscape Digest – Week 31 appeared first on HawkEye.

Today we cover ChatGPT Codex as part of the Month of AI Bugs series. ChatGPT Codex is a cloud-based software engineering agent that answers codebase questions, executes code, and drafts pull requests. In particular, this post will demonstrate how Codex is vulnerable to prompt injection, and how the use of the “Common Dependencies Allowlist” for Internet access enables an attacker to recruit ChatGPT Codex into a malware botnet. The ZombAI attack arrives at ChatGPT Codex today!

A critical vulnerability has been discovered in the widely used WordPress theme “Alone — Charity Multipurpose Non-profit”, which is already being exploited by malicious actors to compromise websites. Tracked as CVE-2025-5394, the flaw has...

The post Critical RCE Flaw in “Alone” WordPress Theme Actively Exploited, Allowing Full Site Takeover appeared first on Penetration Testing Tools.

100 моделей ИИ протестировали на безопасность. Почти все провалились.

A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-8506. The attack may be initiated remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

A vulnerability has been found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-8505. The attack can be initiated remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Submit #627323 / VDB-318605

Submit #627322 / VDB-318604

A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument photo leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-8504. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in code-projects Online Medicine Guide 1.0. Affected by this issue is some unknown functionality of the file /adaddmed.php. The manipulation of the argument mname leads to sql injection. This vulnerability is handled as CVE-2025-8503. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Online Medicine Guide 1.0. Affected by this vulnerability is an unknown functionality of the file /changepass.php. The manipulation of the argument ups leads to sql injection. This vulnerability is known as CVE-2025-8502. The attack can be launched remotely. Furthermore, there is an exploit available.