Aggregator

A vulnerability was found in Linux Kernel up to 5.10.232/5.15.175/6.1.123/6.6.69/6.12.8 and classified as critical. Affected by this issue is the function close_ctree of the file inode.c of the component btrfs. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-57896. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.123/6.6.69/6.12.8 and classified as critical. Affected by this vulnerability is the function in_atomic of the file kernel/locking/mutex.c. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2024-57894. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.8. Affected is the function siw_query_port. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-57857. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.15.175/6.1.123/6.6.69/6.12.8. This issue affects the function tcp_conn_request. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2024-57841. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.69/6.12.8. This vulnerability affects the function unregister_netdev. The manipulation leads to use after free. This vulnerability was named CVE-2024-57801. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.12.8. This affects an unknown part of the component nft_set_hash. The manipulation leads to insufficient verification of data authenticity. This vulnerability is uniquely identified as CVE-2024-54031. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.123/6.6.69/6.12.8. It has been rated as problematic. Affected by this issue is some unknown functionality of the component ALSA. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2024-57893. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.69/6.12.8. It has been classified as problematic. Affected is the function or_each_set_bit of the component mac80211. The manipulation leads to insufficient verification of data authenticity. This vulnerability is traded as CVE-2024-57899. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.123/6.6.69/6.12.8 on BIG. It has been declared as problematic. Affected by this vulnerability is the function ipv6_has_hopopt_jumbo in the library skbuff.h of the component IPv6 Extension Header Handler. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2025-21629. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.8 and classified as problematic. This issue affects the function scx_ops_bypass of the component sched_ext. The manipulation leads to state issue. The identification of this vulnerability is CVE-2024-57891. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

Ultimately, there is no replacement for an intuitive, security-focused developer working with the critical thinking required to drive down the risk of both AI and human error.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS authorization bypass vulnerability, tracked as CVE-2024-55591 (CVSS score: 9.6) to its Known Exploited Vulnerabilities (KEV) catalog. Remote attackers can exploit the vulnerability to bypass authentication and gain […]

A vulnerability has been found in Linux Kernel up to 6.12.8 and classified as critical. This vulnerability affects the function drm_dev_enter of the component xe. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-57844. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Cl0p Ransomware Releases a List of Companies Related to the Cleo Exploit

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.123/6.6.69/6.12.8. This affects the function fsm_main_thread of the file fsm_main_thread.c of the component mtk_t7xx. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2024-39282. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.8. Affected by this issue is some unknown functionality of the component rxe. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-57795. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.8. Affected by this vulnerability is the function nvmet_root_discovery_nqn_store of the component nvmet. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2024-53681. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Sweet Security, a leader in cloud runtime detection and response, today announced the launch of its groundbreaking patent-pending Large Language Model (LLM)-powered cloud detection engine. This innovation enhances Sweet’s unified detection and response solution, enabling it to reduce cloud detection noise to an unprecedented 0.04%. Sweet uses advanced AI to help security teams navigate complex […]

The post Sweet Security Introduces Patent-Pending LLM-Powered Detection Engine, Reducing Cloud Detection Noise to 0.04% appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ShadowSyndicate is a prolific threat actor that has been active since July 2022, collaborated with various ransomware groups, and leverages a diverse toolkit, including Cobalt Strike, Sliver, IcedID, and Matanbuchus malware.  A distinctive feature of their operations is the consistent use of a specific SSH fingerprint (1ca4cbac895fc3bd12417b77fc6ed31d) across numerous servers, with at least 52 linked […]

The post ShadowSyndicate Hackers Added RansomHub Ransomware to their Arsenal appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Роскомнадзор подтвердил второй масштабный сбой за двое суток.