Aggregator

A vulnerability was found in Linux Kernel up to 6.12.60/6.17.10. It has been classified as critical. This vulnerability affects the function btusb_mtk_claim_iso_intf. The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2025-68298. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.63/6.18.2/6.19-rc1. This issue affects the function alps_reconnect. Executing a manipulation can lead to use after free. This vulnerability is registered as CVE-2025-68822. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.63/6.18.2/6.19-rc1. Affected is an unknown function of the component KVM. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2025-68810. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.63/6.18.3/6.19-rc3. It has been classified as critical. This vulnerability affects the function rtl92cu_tx_fill_desc of the file drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c of the component wifi. Performing a manipulation of the argument tids[] results in improper validation of array index. This vulnerability is known as CVE-2025-71100. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability has been found in py-pdf pypdf up to 6.7.1 and classified as problematic. Impacted is an unknown function. The manipulation leads to infinite loop. This vulnerability is listed as CVE-2026-27628. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

When a breach occurs, most security teams move fast on containment. Systems get isolated, backups get activated, and logs get […]

The post Threat Attribution: Why Structure Beats Speculation And How Hawkeye Delivers Both appeared first on HawkEye.

Специалисты обнаружили связь между старыми игровыми аккаунтами и современными хакерскими атаками.

研究人员构建了迄今最详尽的图谱，展示了衰老如何影响21种哺乳动物组织中的数千种细胞亚型。他们通过分析不同年龄段小鼠的近 700 万个单细胞，确定了随时间推移最易受损的细胞，以及促使其衰老的因素。研究人员对 32 只小鼠21个器官中提取的数百万个单细胞进行分析。这些小鼠处于 3 个年龄段：1 个月（年轻成年小鼠）、5 个月（中年小鼠）、21 个月（老年小鼠）。研究人员识别出了超过 1800 种不同的细胞亚型，其中包括许多此前未被完整描述过的罕见类型。随后研究团队追踪了各年龄阶段小鼠不同类型细胞的数量变化情况。数十年来，科学家们一直认为衰老主要改变的是细胞功能，而非细胞数量。而研究团队的分析结果对这一观点提出了挑战。他们发现，约 1/4 的细胞类型在数量上随时间推移发生了显著变化，比如某些肌肉细胞和肾细胞的数量大幅减少，而免疫细胞数量则大幅增加。这些变化在不同器官的细胞中具有同步性，相似的细胞状态在不同器官中几乎同时出现和消失。这种模式表明，血液中循环中的共同信号可能有助协调全身的衰老过程。大约 40% 与衰老相关的改变因性别而异。例如女性衰老过程中，表现出更广泛的免疫激活情况。

In response to the evolving events in the Middle East, the NCSC is advising that UK organisations review their cyber security posture.

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API calls. But in reality, something feels off: Sign-ups increase, but users aren’t activating. Server costs rise faster than revenue. Logs are filled with repeated requests from strange user agents. If

Сервис OnlyFake предлагал фото паспорта на столе для обхода банковских проверок.

A newly identified botnet trojan campaign, dubbed OCRFix, has been discovered combining social engineering tricks with blockchain-based command infrastructure to quietly build a network of compromised machines. The campaign blends the well-known ClickFix phishing technique with EtherHiding — a method that stores attacker instructions directly on a public blockchain, making takedowns nearly impossible.​ The attack […]

The post OCRFix Botnet Trojan Leveraging ClickFix Phishing and EtherHiding to Conceal Blockchain-Based Command Infrastructure appeared first on Cyber Security News.

Oasis Security reveals how a new ClawJacked vulnerability could allow attackers to silently take over a victim’s OpenClaw agent

A vulnerability categorized as problematic has been discovered in isaacs minimatch up to 10.2.2. This impacts an unknown function. Executing a manipulation can lead to inefficient regular expression complexity. This vulnerability is registered as CVE-2026-27904. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in FreeRDP up to 3.22.x. Affected by this issue is the function xf_AppUpdateWindowFromSurface. Executing a manipulation can lead to use after free. The identification of this vulnerability is CVE-2026-25955. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability classified as problematic has been found in Wireshark up to 4.4.13/4.6.3. This affects an unknown function of the component USB HID Protocol Dissector. This manipulation causes improperly controlled sequential memory allocation. This vulnerability appears as CVE-2026-3201. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in SPIP up to 4.4.9. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is listed as CVE-2026-22206. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in pgvector 0.6.0/0.7.0/0.8.0/0.8.1. It has been classified as critical. This affects an unknown function. This manipulation causes integer underflow. This vulnerability is registered as CVE-2026-3172. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Red Hat Enterprise Linux 6/7/8/9/10. It has been declared as critical. This affects an unknown function of the component gvfs. Executing a manipulation can lead to server-side request forgery. The identification of this vulnerability is CVE-2026-28295. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Grichter Apache::SessionX up to 2.01 on Perl. The affected element is the function rand of the component Default Session ID Generator. Such manipulation leads to generation of predictable numbers or identifiers. This vulnerability is listed as CVE-2025-40932. The attack may be performed from remote. There is no available exploit.