Aggregator

A vulnerability was found in Siemens SINEC Traffic Analyzer up to 2.x. It has been rated as critical. Affected is an unknown function of the component Docker Container Handler. The manipulation leads to execution with unnecessary privileges. This vulnerability is traded as CVE-2025-40767. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Elementor Plugin up to 3.30.2 on WordPress and classified as critical. This vulnerability affects the function Import_Images::import. The manipulation leads to path traversal. This vulnerability was named CVE-2025-8081. The attack can be initiated remotely. There is no exploit available.

A vulnerability marked as problematic has been reported in IBM Cloud Pak for Business Automation up to 24.0.0 IF005/24.0.1 IF002. Affected is an unknown function. The manipulation leads to authorization bypass. This vulnerability is traded as CVE-2025-36023. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in IBM i 7.3/7.4/7.5/7.6. This affects an unknown part of the component Digital Certificate Manager for i. The manipulation leads to authentication bypass by spoofing. This vulnerability is uniquely identified as CVE-2025-36119. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in libarchive up to 3.7.x. Affected by this issue is the function archive_read_support_format_warc of the file archive_read_support_format_warc.c. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2025-5916. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in libarchive up to 3.7.x. This affects the function build_ustar_entry_name of the file archive_write_set_format_pax.c. The manipulation leads to off-by-one. This vulnerability is uniquely identified as CVE-2025-5917. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in libarchive up to 3.7.x. Affected by this vulnerability is the function copy_from_lzss_window of the file archive_read_support_format_rar.c. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-5915. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

This week’s cybersecurity landscape highlights a dynamic threat environment characterized by newly disclosed vulnerabilities, active exploitation of known flaws, and […]

The post Weekly Threat Landscape Digest – Week 33 appeared first on HawkEye.

Cybercriminal groups peddling sophisticated phishing kits that convert stolen card data into mobile wallets have recently shifted their focus to targeting customers of brokerage services, new research shows. Undeterred by security controls at these trading platforms that block users from wiring funds directly out of accounts, the phishers have pivoted to using multiple compromised brokerage accounts in unison to manipulate the prices of foreign stocks.

A vulnerability was found in Linux Kernel up to 5.19.3 and classified as critical. This issue affects the function dsa_tree_change_tag_proto of the file /sys/class/net/eno2/dsa/tagging. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2022-50063. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected by this vulnerability is an unknown functionality of the component Nitro Enclaves Driver. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2021-3543. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.13.1. It has been declared as critical. Affected by this vulnerability is the function dpu_plane_atomic_print_state. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-58073. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.16-rc5. This vulnerability affects the function to_atmarpd of the component atm. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-38460. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 5.10.136/5.15.60/5.18.17/5.19.1. Affected is the function ast_vhub_init_desc of the component usb. The manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2022-50139. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

An analysis of telemetry data published by Red Canary, a unit of Zscaler, finds only 16% of the tens of thousands of phishing emails reported by end users in the first half of 2025 proved to be actual threats. At the same time, however, the report also noted that cybercriminals are employing increasingly sophisticated techniques,..

The post Analysis Sees Limited End User Ability to Accurately Identify Phishing Attacks appeared first on Security Boulevard.

The UK telco said it temporarily took some systems offline as a "protective" measure in its investigation.

Free data recovery software or tools are among the most essential tools, playing a crucial role in our lives. Although you can find dozens of them nowadays, their importance remains significant. Losing our data from a device due to failure of the device, an attack by ransomware or accidentally erasing of data can become a […]

The post 10 Best Free Data Recovery Software 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Физики построили карту из ничего — и доказали, что пустота управляет Вселенной.