Aggregator

CVE-2026-23231 | Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.13/6.19.3 netfilter nf_tables_addchain use after free

VulDB Recent Entries
1 month 1 week ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.13/6.19.3. This impacts the function nf_tables_addchain of the component netfilter. This manipulation causes use after free. The identification of this vulnerability is CVE-2026-23231. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

Groups Push Back on HHS' Proposed Health IT Rollbacks

BankInfoSecurity.com
1 month 1 week ago
CHIME, AHA, Others Contend Privacy, Security Burden Would Shift to Providers
Proposals to eliminate certain longstanding health IT certification criteria - including privacy and security related controls - will shift regulatory burden from health IT developers to healthcare providers, some industry groups contend in their public response to proposed federal rulemaking.

Startup JetStream Secures $34M Seed Round for AI Governance

BankInfoSecurity.com
1 month 1 week ago
Blueprint Model From Ex-CrowdStrike Product Leader Targets MCP Servers, Cost Sprawl
JetStream has raised $34 million in seed funding to tackle enterprise AI governance challenges. The startup introduced blueprint-based controls to manage shadow AI, MCP servers and token-level spending while helping CISOs gain visibility and enforce guardrails across cloud and SaaS environments.

Juniper PTX Routers at Risk, Critical Takeover Flaw Disclosed

BankInfoSecurity.com
1 month 1 week ago
Juniper Tells Customers to Tune Their Firewall
A critical vulnerability in Juniper Networks' primary operating system could give threat actors root level privileges to execute code on Juniper’s PTX Series routers. Successful exploitation would give attackers full command and control over devices without the need for authentication.

CVE-2025-10891

CVE Trends
1 month 1 week ago
Currently trending CVE - Hype Score: 1 - Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2025-7544

CVE Trends
1 month 1 week ago
Currently trending CVE - Hype Score: 1 - A vulnerability was found in Tenda AC1206 15.03.06.23. It has been rated as critical. This issue affects the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be ...

CVE-2025-64328

CVE Trends
1 month 1 week ago
Currently trending CVE - Hype Score: 1 - FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known ...

Car Tyre Sensors Can Be Used to Track Drivers Without Their Knowledge

Hack Read
1 month 1 week ago
New research from IMDEA Networks reveals how unencrypted signals from tyre pressure sensors in brands like Toyota and Mercedes can be used for covert vehicle tracking. Learn how these low-cost systems can map out your daily routines and why current regulations fail to protect driver privacy.
Deeba Ahmed

From phishing to Google Drive C2: Silver Dragon expands APT41 playbook

Security Affairs
1 month 1 week ago
APT group Silver Dragon, linked to APT41, targets governments via server exploits and phishing, using Cobalt Strike and Google Drive for C2. Check Point researchers have identified Silver Dragon, an APT group tied to the China-linked group APT41, targeting government entities in Europe and Southeast Asia since mid-2024. The group gains initial access by exploiting […]
Pierluigi Paganini

Cyber Defense Magazine | A New Bell Rings For K-12 Cloud Security After the Illuminate Settlement

Security Boulevard
1 month 1 week ago

This article was originally published in Cyber Defense Magazine on 02/09/26 by Charlie Sander. The Illuminate incident serves as a crucial reminder to edtech vendors of the potential backlash that can occur when privacy promises are not upheld In a recent complaint, the FTC addresses Illuminate Education’s need to strengthen its data security after a breach ...

The post Cyber Defense Magazine | A New Bell Rings For K-12 Cloud Security After the Illuminate Settlement appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Cyber Defense Magazine | A New Bell Rings For K-12 Cloud Security After the Illuminate Settlement appeared first on Security Boulevard.

Charlie Sander

TikTok 拒绝端对端加密私信,称会让用户不安全

Solidot
1 month 1 week ago
TikTok 拒绝提供端对端加密技术去加密私信,理由是会让用户不安全。端对端加密意味着只有私信的发送者和接收者能查看内容,Facebook、Instagram、Messenger 和 X 等都声称私信使用了端对端加密以最大程度的保护用户隐私,但端对端加密也让执法机构无法查看任何私信内容,无法阻止有害内容的传播。TikTok 表示端到端加密会防止警方和安全团队在必要时读取用户的私信,它希望能保护用户,尤其是年轻用户,免受伤害。TikTok 声称在英国有 3000 万月活用户,全球用户逾 10 亿。

Managed ad