Aggregator

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.15.182. This issue affects the function ahash_bucket_start of the component Netfilter. The manipulation leads to race condition. The identification of this vulnerability is CVE-2025-37997. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.15.182/6.1.138/6.6.90/6.12.28/6.14.6. This vulnerability affects the function kobject_put. The manipulation leads to uninitialized pointer. This vulnerability was named CVE-2025-37995. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.15.182/6.1.138/6.6.90/6.12.28/6.14.6. This affects the function ucsi_displayport_work of the component UCSI Driver. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-37994. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.28/6.14.6. It has been rated as problematic. Affected by this issue is the function erofs_onlinefolio_split of the component fileio. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2025-37999. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.28/6.14.6. It has been declared as problematic. Affected by this vulnerability is the function m_can_class_allocate_dev of the component m_can. The manipulation leads to improper initialization. This vulnerability is known as CVE-2025-37993. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Blackmagic Design DaVinci Resolve up to 19.1.3 on macOS. It has been classified as critical. Affected is an unknown function of the component com.apple.security.cs.disable-library-validation. The manipulation leads to incorrect default permissions. This vulnerability is traded as CVE-2025-4081. An attack has to be approached locally. There is no exploit available.

C# теперь можно запускать без проектов. Наконец-то.

As cyber threats increase in sophistication and frequency, organizations are under increasing pressure to secure their digital infrastructure. Microsoft’s Active Directory (AD) remains the backbone of identity and access management for most enterprises, making it a high-value target for attackers. One of the most effective ways to strengthen AD defenses is through the strategic use […]

The post Mitigating Credential Theft Risks in Active Directory Environments appeared first on Cyber Security News.

A sophisticated new malware strain dubbed PumaBot has emerged in the cybersecurity landscape, specifically targeting Internet of Things (IoT) devices through aggressive SSH credential brute-forcing campaigns. This latest threat represents a significant evolution in IoT-focused malware, demonstrating advanced persistence mechanisms and stealth capabilities that allow it to maintain long-term access to compromised devices across diverse […]

The post New PumaBot Hijacks IoT Devices by Brute Forcing SSH Credentials For Persistence appeared first on Cyber Security News.

A vulnerability was found in Oracle Fusion Middleware 10.1.3.5. It has been rated as critical. Affected by this issue is some unknown functionality of the component WebCenter Forms Recognition. The manipulation leads to Remote Code Execution. This vulnerability is handled as CVE-2012-1710. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as very critical, has been found in Oracle Java SE and JRE up to 7 Update 6. Affected by this issue is the function setAccessible of the file rt.jar of the component SunToolkit. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2012-4681. The attack may be launched remotely. Furthermore, there is an exploit available. This vulnerability has a historic impact due to its background and reception. A worm is spreading, which is automatically exploiting this vulnerability. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Synacor Zimbra Collaboration 8.8.15/9.0. This vulnerability affects unknown code of the component Memcache Command Handler. The manipulation leads to injection. This vulnerability was named CVE-2022-27924. Access to the local network is required for this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Rarlab UnRAR up to 6.11 on Unix/Linux. It has been classified as critical. Affected is an unknown function of the component Unpack Handler. The manipulation leads to pathname traversal. This vulnerability is traded as CVE-2022-30333. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Alleged sale of admin and shell access to an unidentified organization in France

Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats against major retailers. American lingerie, clothing, and beauty retailer Victoria’s Secret took its website offline following a cyberattack. At this time, the site shows the following message: “Valued customer, we identified and are taking steps to address a security incident. […]

The latest Go release — Go 1.24, released in February 2025 — introduced a significant security enhancement: the os.Root type. 

The post Navigating os.Root and Path Traversal Vulnerabilities | Go 1.24 Detection and Protection Methods | Contrast Security appeared first on Security Boulevard.