Aggregator

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.38/6.15.6. Affected by this vulnerability is an unknown functionality of the component LMTT Page Handler. The manipulation results in allocation of resources. This vulnerability is cataloged as CVE-2025-38511. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.38/6.15.6. It has been classified as problematic. This vulnerability affects the function joycon_init of the component HID. Performing manipulation results in state issue. This vulnerability is reported as CVE-2025-38507. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.1.145/6.6.98/6.12.38/6.15.6. It has been declared as critical. This issue affects the function kasan_find_vm_area. Executing manipulation can lead to deadlock. This vulnerability appears as CVE-2025-38510. The attacker needs to be present on the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.1.145/6.6.98/6.12.38/6.15.6. The impacted element is the function mac80211_hwsim. This manipulation causes privilege escalation. This vulnerability is handled as CVE-2025-38512. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.15.6. This impacts the function zd_mac_tx_to_dev of the component wifi. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-38513. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15.6 and classified as critical. Affected is the function spsc_queue_push of the component Xe Driver. This manipulation causes denial of service. This vulnerability is tracked as CVE-2025-38515. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.15.6. It has been classified as problematic. Affected by this issue is the function rxrpc_alloc_incoming_call of the component AF_RXRPC Service. Performing manipulation results in allocation of resources. This vulnerability is cataloged as CVE-2025-38514. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in Brother Industries/Toshiba Tec Driver Installer on Windows. The impacted element is an unknown function. The manipulation results in files or directories accessible. This vulnerability was named CVE-2025-49797. The attack needs to be approached locally. There is no available exploit.

Submit #628448 / VDB-320523

Submit #628445 / VDB-320522

Submit #628437 / VDB-320521

A sophisticated threat campaign dubbed “Solana-Scan” has emerged, deploying malicious npm packages aimed at infiltrating the Solana cryptocurrency ecosystem. Identified by the Safety research team through advanced malicious package detection technology, this operation involves a threat actor operating under the handle “cryptohan” and associated with the email [email protected]. The actor has published packages masquerading as […]

The post Malicious npm Packages Target Crypto Developers to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Hackers have stolen the personal information of 1.1 million individuals in a Salesforce data theft attack, which impacted U.S. insurance giant Allianz Life in July. [...]

作者：Yuhan Zhi,Longtian Wang,Xiaofei Xie,Chao Shen,Qiang Hu,Xiaohong Guan 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2508.05681v1 摘要 主动学习（AL）作为一种代表性的标签高效学习范式，已在资源受限场景中得到广泛应用。AL的成功归功于获取函数，这些函数旨在识别出最...

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Trend Micro Apex One flaw, tracked as CVE-2025-54948, to its Known Exploited Vulnerabilities (KEV) catalog. Early this month, Trend Micro released fixes for two critical vulnerabilities, tracked as CVE-2025-54948 and […]

Маск хотел сделать умного ассистента, а получил чат-бота, заражённого безумием 4chan.

Разведка поддоменов теперь занимает минуты вместо часов.

A vulnerability, which was classified as critical, has been found in Taxi Booking Manager for Woocommerce Plugin up to 1.3.0 on WordPress. This issue affects some unknown processing. This manipulation causes missing authorization. This vulnerability is registered as CVE-2025-8898. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in User Profile Builder Plugin up to 3.14.3 on WordPress. It has been classified as problematic. This affects the function gdpr_communication_preferences of the component GDPR Communication Preferences Module. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-8896. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Advanced iFrame Plugin up to 2025.6 on WordPress. It has been declared as problematic. This impacts an unknown function. The manipulation of the argument additional results in cross site scripting. This vulnerability is known as CVE-2025-8089. It is possible to launch the attack remotely. No exploit is available.