Aggregator

A vulnerability classified as critical was found in matio 1.5.18/1.5.19/1.5.20/1.5.21. The affected element is the function Readt32DataDouble. Executing a manipulation can lead to heap-based buffer overflow. The identification of this vulnerability is CVE-2020-36428. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in matio 1.5.28. It has been rated as problematic. This issue affects the function Mat_VarCreateStruct. The manipulation of the argument fields leads to out-of-bounds read. This vulnerability is documented as CVE-2025-50343. The attack requires being on the local network. Additionally, an exploit exists.

CyberArk 指出，恶意软件即服务（MaaS）平台虽然能实现快速扩展，但也给威胁者带来了巨大的暴露风险。

随着自动化和 AI 驱动的漏洞利用不断进步，防御者需要与时俱进时刻跟上步伐，才可以在面对更快、更智能的威胁时站稳脚跟。

Board attention continues to rise, and security groups now operate closer to executive decision making than in prior years, a pattern reflected the Voice of Security 2026 report by Tines. Within that environment, large numbers of teams already rely on AI, automation, and workflow tools as part of routine operations, creating a baseline expectation that AI plays a central role in security work. Board-level engagement has grown over the past year, particularly in larger enterprises. … More →

The post Security work keeps expanding, even with AI in the mix appeared first on Help Net Security.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Brandon Evans of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-01-30, 54 days ago. The vendor is given until 2026-05-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H severity vulnerability discovered by 'Bobby Gould (@bobbygould5) of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-01-30, 54 days ago. The vendor is given until 2026-05-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.7 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Brandon Evans of TrendAI Zero Day Initiative' was reported to the affected vendor on: 2026-01-30, 54 days ago. The vendor is given until 2026-05-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Enterprise environments now span multiple clouds, on-premises systems, and a steady flow of new applications. Hybrid and multi-cloud setups are common across large organizations, and they bring a constant stream of logs, alerts, and operational data. That environment already exists across many enterprises, and it frames a recent Sumo Logic study that examined how security leaders manage tooling, staffing, and detection across these systems. Tooling designed for changing application environments Security leaders generally describe their … More →

The post Security teams are carrying more tools with less confidence appeared first on Help Net Security.

如约而至

Рассказываем, как учёные «взламывают» код, который столетиями считался нечитаемым.

A vulnerability was found in Linux Kernel up to 6.4.10. It has been classified as critical. This affects the function binder_init. Performing a manipulation results in memory leak. This vulnerability is known as CVE-2023-54005. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.3.4 and classified as critical. The affected element is the function __sk_mem_raise_allocated. Executing a manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2023-54004. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.28/6.2.15/6.3.2. The impacted element is the function exclusive_operation of the file fs/btrfs/ioctl.c of the component btrfs. Executing a manipulation can lead to reachable assertion. This vulnerability appears as CVE-2023-54002. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.240/5.10.177/5.15.107/6.1.24/6.2.11. It has been rated as critical. Affected is the function create_ah. Performing a manipulation results in memory leak. This vulnerability is known as CVE-2023-54003. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 5.10.189/5.15.123/6.1.42/6.4.7. It has been classified as critical. The impacted element is the function _r8712_init_xmit_priv. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2023-54001. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.1.45/6.4.10. It has been declared as critical. This impacts the function napi_disable. Such manipulation leads to deadlock. This vulnerability is traded as CVE-2023-54000. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

Over 1 billion users wear devices for tracking steps, sleep, heart rate, and other personal metrics. These devices collect a continuous stream of sensitive data, often tied to detailed user profiles and companion apps. New Clutch survey data show that as wearables settle into daily life, questions about how that data is handled are influencing user confidence and purchasing decisions. Privacy concerns influence loyalty Survey results highlight an increase in consumer concern around data security … More →

The post Wearable tech adoption continues as privacy worries grow appeared first on Help Net Security.

本文详解double fetch漏洞原理，结合竞态攻击实现内核态flag泄露，通过多线程竞争绕过验证机制。

GreyNoise披露的大规模语义扫描活动标志着网络攻击从代码扫描转向语义扫描