Aggregator

A vulnerability classified as critical was found in Linux Kernel up to 6.6.93/6.12.33/6.15.2. This affects the function dev_gro_receive of the component net. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-38123. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Android. It has been rated as problematic. Affected is an unknown function of the component F2FS Driver. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2019-9445. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.25/6.8.4. This vulnerability affects the function sock_sendmsg of the component SUNRPC. The manipulation leads to memory leak. This vulnerability was named CVE-2024-35882. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Alleged Sale of Unauthorized Access to Canadian Shop

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.35/6.15.4. This affects an unknown part of the component xe. The manipulation leads to improper initialization. This vulnerability is uniquely identified as CVE-2025-38353. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Currently trending CVE - Hype Score: 1 - The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Microsoft исправила утечку хэшей через иконки — и открыла её через исполняемые файлы

In the relentless battle against cyber threats in 2025, unpatched software remains a gaping vulnerability exploited by attackers worldwide. Outdated operating systems, applications riddled with known flaws, and missing security updates create an open invitation for malware, ransomware, and data breaches. Effective patch management the process of identifying, acquiring, testing, and deploying software updates to […]

The post Top 10 Best Patch Management Software For IT Security 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Новая схема Microsoft упрощает доступ и одновременно пугает специалистов по безопасности.

Currently trending CVE - Hype Score: 9 - A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.  This vulnerability is due to a lack of ...

Спустя столетие поисков аксионы наконец отозвались?

OpenAI has confirmed it has begun rolling out a new warmer personality for GPT-5, but remember that it won't be as warm as GPT-4o, which is still available for use under legacy models. [...]

今日暂未更新资讯~
更多最新文章，请访问SecWiki

根据发表在《Metabolism》期刊上的一项研究，韩国大学医学院的研究人员报告名为 ReHMGB1 的蛋白质在人体血液中传递衰老信号。ReHMGB1 代表 Reduced High Motion Group Box 1，会触发细胞衰老，永久性丧失其功能。它不仅会在局部发生，还会通过血液循环向全身传递破坏信号，尤其是在损伤或疾病的刺激下。对小鼠研究发现，如果阻断 ReHMGB1 的信号传递，肌肉受损的小鼠会显著加快肌肉再生速度，改善身体机能，减少细胞衰老迹象，减轻全身炎症。ReHMGB1 也具有有益功能，警告人体某个身体组织受损需要修复。

Китайский малыш выжигает эфир на все 500 ватт.

这里拿携程举例子。之前就有朋友在携程买票，结果“被贷款”，我作为所谓的携程 V7 黑钻用户老用户，知道在携程买票必然是步步惊心的，自以为足够小心了。结果上个月买火车票时，还是中了招。 图一我一看就知道不能点第一个链接，便宜肯定是骗人（仔细看，就能看见 +36 元），所以我直接点了第二个链接——确实怪我，没看见要 +25 元。 图二里是有明细的，但我确实平时不怎么细看，直接付款了。 后来机缘巧合，在大概十分钟后发现中招，有些不痛快，就退票退款了，退的时候告诉我，铁路局收了一些退票费不能退，如图三——我忍了。 过了一会，我突然觉得不对，算了一下账，原来携程收我的所谓“优享预定”也是不退的——每张票收 25 元的优享预定，究竟是什么呢——我看了看，是图四，原谅我没看出它的价值来。 于是我打了电话到携程投诉，客服很客气地表示退款，把铁路局的也退了，还表示要送我 100 元现金券。我拒绝了，表示我可能会写一写这个例子。 作为一个产品经理，我其实能理解这种设计。我甚至理解，哪怕梁建章提要求，也未必改得掉这个问题，毕竟背后有太多利益，都是净利润，不能轻易因为投诉就放弃。 只是，这确实就是我标题写的：产品的默认设置，就体现价值观。 我们做的产品也一样，希望真的能客户第一（真的很难）。

Creator, Author and Presenter: Jack Cable

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: The Product Security Imperative: Lessons From CISA appeared first on Security Boulevard.

Gogs最新RCE分析与利用详情

Google's Gemini is now testing a new feature called "Projects." This will be similar to OpenAI's Project Feature for ChatGPT. [...]