Aggregator

A vulnerability was found in Linux Kernel up to 6.11.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component virtio. The manipulation leads to improper initialization. This vulnerability is known as CVE-2024-50264. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.11.7. This vulnerability affects the function ocfs2_xa_remove. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2024-50265. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Google’s artificial intelligence agent “Big Sleep” has made cybersecurity history by discovering and stopping the exploitation of a critical zero-day vulnerability in SQLite, marking the first time an AI system has directly foiled real-world cyberattacks. The AI agent, developed by Google DeepMind and Project Zero, identified the SQLite vulnerability (CVE-2025-6965) based on threat intelligence indicating […]

The post Google’s AI ‘Big Sleep’ Detects Critical SQLite 0-Day, Halts Ongoing Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Он шифровал бизнесы по всей Европе — и попался в халате на кухне.

NIST and collaborating institutions have released extensive data about the genome of pancreatic cancer cells.

Cameron John Wagenius faces up to 27 years in prison after pleading guilty to wire fraud, extortion and aggravated identity theft in data breaches involving major corporations.

Cybersecurity researchers have disclosed what they say is a "critical design flaw" in delegated Managed Service Accounts (dMSAs) introduced in Windows Server 2025. "The flaw can result in high-impact attacks, enabling cross-domain lateral movement and persistent access to all managed service accounts and their resources across Active Directory indefinitely," Semperis said in a report shared with

文章介绍了异步Beacon Object Files（BOFs）的设计与应用，允许红队在目标环境中部署传感器实时监控事件（如管理员登录），并在不影响植入睡眠的情况下将数据传输至C2服务器。该设计支持自动化任务（如获取TGT、启动键盘记录器），提升红队操作的效率与隐蔽性，并为未来实现类似SIEM的解决方案奠定基础。

A vulnerability was found in Linux Kernel up to 5.10.87/5.15.10 and classified as critical. Affected by this issue is some unknown functionality of the file block/blk-iocost.c. The manipulation leads to divide by zero. This vulnerability is handled as CVE-2021-47584. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 4.19.221/5.4.167/5.10.87/5.15.10 and classified as critical. Affected by this vulnerability is the function mutex_init of the component mxl111sf. The manipulation leads to uninitialized pointer. This vulnerability is known as CVE-2021-47583. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.15.10. Affected is the function do_proc_control of the file /proc/sys/kernel/hung_task_timeout_secs of the component USB Core. The manipulation leads to missing initialization of a variable. This vulnerability is traded as CVE-2021-47582. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.10.87/5.15.10. Affected by this vulnerability is the function kcalloc in the library include/linux/fortify-string.h of the component scsi. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2021-47578. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.10.87/5.15.10. Affected by this issue is the function min_t in the library include/linux/fortify-string.h of the component scsi_debug. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2021-47580. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.15.10. This issue affects the function task_work of the component io-wq. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2021-47577. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was suspected in Linux Kernel up to 5.15.10. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 5.15.10. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 5.15.10. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.10. This affects the function resp_mode_select of the component scsi_debug. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2021-47576. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

The financially driven organization known as Dark Partners has been planning massive cryptocurrency theft since at least May 2025, using a complex network of more than 250 malicious domains that pose as AI tools, VPN services, cryptocurrency wallets, and well-known software brands. This is part of a rapidly developing cybercrime operation. These fake websites, distributed […]

The post Dark Partners Hacker Group Drains Crypto Wallets Using Fake AI Tools and VPN Services appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

该文章介绍了Reddit上的r/blackhat社区，专注于讨论和记录漏洞及利用技术，并提醒用户遵守规则后再参与交流。