Aggregator

A vulnerability was found in Linux Kernel up to 5.17.1 and classified as problematic. This impacts the function pm80xx_send_abort_all. The manipulation of the argument n_elem results in improper initialization. This vulnerability is cataloged as CVE-2022-49217. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.32/5.16.18/5.17.1 and classified as critical. The impacted element is an unknown function. The manipulation results in memory corruption. This vulnerability is identified as CVE-2022-49229. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in Linux Kernel up to 5.4.188/5.10.109/5.15.32/5.16.18/5.17.1. This vulnerability affects the function tcp_bpf_send_verdict. The manipulation results in privilege escalation. This vulnerability was named CVE-2022-49204. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 5.15.32/5.16.18/5.17.1. It has been declared as problematic. Affected by this vulnerability is the function asix_read_cmd. Such manipulation leads to unchecked return value. This vulnerability is documented as CVE-2022-49226. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 5.4.188/5.10.109/5.15.32/5.16.18/5.17.1. This affects the function __kmem_cache_shutdown. Performing manipulation results in stack-based buffer overflow. This vulnerability was named CVE-2022-49220. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as problematic has been found in F5 BIG-IP up to 17.1.1 on SNMP. Affected is an unknown function. The manipulation leads to memory leak. This vulnerability is referenced as CVE-2025-21091. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert about a critical vulnerability in multiple Apple products. Tracked as CVE-2022-48503, this unspecified issue in the JavaScriptCore engine could allow attackers to execute arbitrary code simply by processing malicious web content. The flaw affects macOS, iOS, tvOS, Safari, and watchOS, putting millions of […]

The post CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Satya fiddles while Redmond burns? Showstopper bugs with security certificates—plus failing USB keyboards and mice—cause QA questions.

The post October Patch Tuesday Fails Hard — Windows Update Considered Harmful? appeared first on Security Boulevard.

我们的银河系从不静止，它会旋转，也会摆动。ESA 的盖亚（Gaia）太空望远镜的数据揭示，银河系还存在一股从中心向外扩散的巨大波动。一道巨浪在太阳周围数万光年的尺度上搅动着银河中的恒星运动。就像把石头丢进池塘泛起涟漪一样，这道由恒星构成的银河巨浪，横跨了银河系外侧盘面的大片区域。科学家目前仍不清楚这种银河颤动的起源。遥远过去与一个矮星系的碰撞可能是原因之一，但仍需要更多研究。

SpaceX 此前与 NASA 签署了一项价值 29 亿美元的合同，提供宇航员登陆月球表面的着陆器。NASA 代理局长 Sean Duffy 周一在 CNBC Squawk Box 上表示，SpaceX 推迟了时间表，而美国正致力于在中国之前载人登月，NASA 正考虑让其它公司与 SpaceX 竞争制造月球着陆器。如果 NASA 取消或修改与 SpaceX 的合同，可能预示着 NASA 的计划发生重大逆转。

Правительства раздают компаниям льготы и землю, пока их граждане сидят без воды и света.

The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks. [...]

In a letter to Apple cited by the state news agency TASS, the Federal Antimonopoly Service (FAS) said Apple’s current setup gives preference to foreign search engines, putting local providers at a “competitive disadvantage” and infringing on consumers’ rights.

A vulnerability, which was classified as problematic, has been found in Bambu Studio up to 2.1.1.52. Affected is an unknown function. The manipulation leads to Local Privilege Escalation. This vulnerability is documented as CVE-2025-57521. The attack needs to be performed locally. There is not any exploit available.

Meta on Tuesday said it's launching new tools to protect Messenger and WhatsApp users from potential scams. To that end, the company said it's introducing new warnings on WhatsApp when users attempt to share their screen with an unknown contact during a video call so as to prevent them from giving away sensitive information like bank details or verification codes. On Messenger, users can opt to

A vulnerability classified as problematic was found in HR Performance Solutions Performance Pro 3.19.17. This impacts an unknown function of the file index.php. Executing manipulation of the argument Employee Notes/title/description can lead to cross site scripting. This vulnerability is registered as CVE-2025-60934. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in HR Performance Solutions Performance Pro 3.19.17. This affects an unknown function. Performing manipulation of the argument Goal Name/Goal Notes/Action Step Name/Action Step Description/Note Name/Goal Description results in cross site scripting. This vulnerability is cataloged as CVE-2025-60932. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in HR Performance Solutions Performance Pro 3.19.17. The impacted element is an unknown function. Such manipulation of the argument Goal Name/Goal Notes/Action Step Name/Action Step Description/Note Name/Goal Description leads to cross site scripting. This vulnerability is listed as CVE-2025-60933. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Mbed TLS up to 3.6.4. The affected element is an unknown function. This manipulation causes observable timing discrepancy. This vulnerability is tracked as CVE-2025-59438. The attack is only possible within the local network. No exploit exists.

Group-IB has uncovered a scam operation impersonating Singapore officials using Google Ads and deepfakes