Aggregator

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.1.10. This vulnerability affects the function add_secret_dac_path. Such manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2023-52988. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 5.15.92/6.1.10. This vulnerability affects the function bic_set_bfqq. The manipulation results in use after free. This vulnerability is reported as CVE-2023-52983. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 5.10.167/5.15.92/6.1.10. This affects the function probe. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2023-52984. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.10. This impacts an unknown function of the component imx8mm-verdin. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2023-52985. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability marked as problematic has been reported in Linux Kernel up to 5.10.167/5.15.92/6.1.10. This vulnerability affects unknown code of the component BPF. This manipulation causes uncontrolled recursion. This vulnerability is handled as CVE-2023-52986. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.10. It has been rated as critical. This affects the function __guc_reset_context of the component i915. The manipulation leads to improper update of reference count. This vulnerability is documented as CVE-2023-52981. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.1.10. It has been rated as problematic. Impacted is the function wait_on_bit of the component fscache. This manipulation causes state issue. This vulnerability is registered as CVE-2023-52982. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

Хакеры нашли новый способ — помогают “чинить” ваш Mac и крадут пароли.

谷歌更新服务条款打击跨区订阅行为，用户需准确报告所在国家地区，否则可能被暂停或取消订阅。

The malware Android.Backdoor.916.origin, uncovered by Doctor Web’s research laboratory, specifically targets the corporate sector in Russia and possesses extensive capabilities for surveillance and data theft. Its primary purpose is not mass infection but rather...

The post Fake Antivirus Targets Russian Businesses: Inside a New Android Espionage Campaign appeared first on Penetration Testing Tools.

A vulnerability categorized as critical has been discovered in BEA Systems WebLogic Server up to 7.0 SP 1/7.0.0.1 SP 1. The affected element is an unknown function. Such manipulation leads to memory corruption. This vulnerability is traded as CVE-2003-0151. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

Experts from Insikt Group have presented the first comprehensive investigation into the activities of Lumma Stealer affiliates—one of the most widespread families of data-stealing malware. Covering the period from mid-2024 through the first half...

The post Lumma Unleashed: Inside the Vast Ecosystem Powering the World’s Top Infostealer appeared first on Penetration Testing Tools.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Android VPN apps used by millions are covertly connected AND insecure Three families of Android VPN apps, with a combined 700 million-plus Google Play downloads, are secretly linked, according to a group of researchers from Arizona State University and Citizen Lab. Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300) Apple has fixed yet another vulnerability (CVE-2025-43300) that has … More →

The post Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day appeared first on Help Net Security.

本网站使用cookies以记住您的偏好和重复访问,从而提供更相关的体验。您可点击“接受所有”同意使用所有cookies,或访问“Cookie设置”进行控制。

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Hunt.io Exposes and Analyzes ERMAC V3.0 Banking Trojan Full Source Code Leak   Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824 Supply Chain Risk in Python: Termncolor and Colorinal Explained       Noodlophile […]

A new entrant from the United Arab Emirates has shaken up the tightly controlled vulnerability market. Advanced Security Solutions, launched in August, has announced its willingness to pay up to $20 million for smartphone...

The post Bidding War: A New Firm Is Offering a Record $20 Million for Zero-Day Exploits appeared first on Penetration Testing Tools.

Microsoft has restricted Chinese companies’ access to early notifications about vulnerabilities in its products. The decision follows an internal investigation into potential leaks from the Microsoft Active Protections Program (MAPP), a system designed to...

The post Microsoft Restricts China’s Access to Vulnerability Data After Suspected Leaks appeared first on Penetration Testing Tools.

Amid the escalating wave of cyberthreats—particularly from advanced threat groups—one of the most dangerous yet persistently underestimated attack vectors remains almost unchanged: the compromise of user accounts through password guessing. According to the newly...

The post Alarming Report: The Simple Attack That’s Breaching Half of Corporate Networks appeared first on Penetration Testing Tools.

A vulnerability labeled as problematic has been found in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. This vulnerability is uniquely identified as CVE-2025-9380. Local access is required to approach this attack. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

The story of an enthusiast hacker breaching McDonald’s digital infrastructure in pursuit of free chicken nuggets has spiraled into a sweeping security investigation, exposing dozens of critical vulnerabilities within the corporation’s systems. On August...

The post From Nuggets to Breaches: A Hacker Exposes Critical Flaws in McDonald’s Systems appeared first on Penetration Testing Tools.