Aggregator

Cobalt Stike；Beacon；Bof；Coff

Zenity CTO Michael Bargury joins the Black Hat USA 2025 News Desk to discuss research on a dangerous exploit, how generative AI technology has "grown arms and legs" —and what that means for cyber risk.

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

A vulnerability was found in Linux Kernel up to 6.12.36/6.15.5/6.16-rc4. It has been rated as critical. The affected element is the function cs40l50_upload_owt of the component cs40l50-vibra. This manipulation causes null pointer dereference. This vulnerability appears as CVE-2025-38381. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.1.143/6.6.96/6.12.36/6.15.5/6.16-rc4. The impacted element is the function __inode_add_ref of the component btrfs. Such manipulation leads to improper initialization. This vulnerability is traded as CVE-2025-38382. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.16-rc2. Affected by this issue is the function nanddev_ecc_engine_cleanup of the component mtd. This manipulation causes memory leak. The identification of this vulnerability is CVE-2025-38384. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.36/6.15.5. This issue affects the function show_numa_info. Executing manipulation can lead to allocation of resources. This vulnerability is tracked as CVE-2025-38383. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.16-rc4. It has been declared as problematic. Impacted is the function i2c_dw_xfer_init of the component designware. The manipulation results in improper initialization. This vulnerability is reported as CVE-2025-38380. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.96/6.12.36/6.15.5/6.16-rc1/6.16-rc4. It has been declared as problematic. This affects the function smb2_reconnect_server of the file kernel/workqueue.c of the component smb. Such manipulation leads to uninitialized pointer. This vulnerability is documented as CVE-2025-38379. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

Recent cybersecurity intelligence has exposed a sophisticated infiltration campaign orchestrated by North Korean state-sponsored threat actors, specifically the Jasper Sleet group, who have systematically penetrated Western organizations through fraudulent employment schemes. This operation, targeting primarily Web3, blockchain, and cryptocurrency companies, represents a significant evolution in North Korean cyber warfare tactics, eliminating the need for traditional […]

The post New Research Unmask DPRK IT Workers Email Address and Hiring Patterns appeared first on Cyber Security News.

Have I Been Pwned claims that the compromised data includes physical addresses, dates of birth, phone numbers, and more, for life insurance customers.

通过构造恶意稀疏型HLL与正常密集型HLL执行合并操作，触发Redis在HLL合并过程中导致的整数上溢漏洞，**造成受限地址写**（覆盖`int`负数范围的`3/4`）。 预先构造包含三个`0x3800`字节sds对象（`sdsa/sdsb/sdsc`）及合并后密集型HLL数据的堆布局，利用受限地址写修改sdsb头部类型标识符（`SDSHDR16`的`0x02`改为`SDSHDR64`的`0x04

对一次诈骗app渗透测试

This is just a test to see if  Buffer picks up the image

The post test appeared first on Security Boulevard.

刚睡醒，就看到群里都在转发一个洞，而且官方还很贴心，代码和思路都有，那就也来跟着学习思路了 1Panel hvv 倒是遇到了一些，不过确实没有打 https://github.com/1Panel-dev/1Panel

一步一步构建出C2，毫无保留！

A comprehensive security analysis has revealed alarming vulnerabilities affecting over 700 million users across multiple VPN applications, exposing critical flaws that compromise the very privacy and security these services promise to protect. Research conducted by cybersecurity experts from Arizona State University, Citizen Lab, and Bowdoin College has uncovered three distinct families of VPN providers that […]

The post New Research Uncovers Connection Between VPN Apps and Multiple Security Vulnerabilities appeared first on Cyber Security News.

由一道CTF题目展开对Nginx 解析漏洞实现路径绕过学习

2025春秋杯夏季赛云境靶场wp