Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel. The affected element is the function cancel_delayed_work of the component mvsas. The manipulation results in use after free. This vulnerability is identified as CVE-2025-40001. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel. Impacted is the function cancel_delayed_work of the file kernel/workqueue.c of the component ocelot. The manipulation leads to improper initialization. This vulnerability is referenced as CVE-2025-40003. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in ChurchCRM up to 5.18.0. This issue affects some unknown processing of the file src/ChurchCRM/Backup/RestoreJob.php of the component Backup Restore Handler. Executing manipulation of the argument restoreFile can lead to path traversal. The identification of this vulnerability is CVE-2025-11939. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing manipulation of the argument DB_PASSWORD/ROOT_PATH/URL results in deserialization. This vulnerability was named CVE-2025-11938. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #671101 / VDB-329015

Submit #671083 / VDB-329014

Q-Day наступит раньше, чем вы успеете перевести деньги.

Submit #671103 / VDB-227384

Submit #671102 / VDB-296272

恶意代码自动化分析

Law enforcement authorities across Europe have dismantled a sophisticated cybercrime-as-a-service operation that enabled criminals to commit widespread fraud and other serious offenses across the continent. The coordinated action, codenamed ‘SIMCARTEL’, resulted in seven arrests, the seizure of over 40,000 active SIM cards, and the takedown of infrastructure that facilitated crimes causing millions of euros in […]

The post Authorities Shut Down Cybercrime-as-a-Service, Seize 40,000 SIM Cards appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor. According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company's analysis is based on the ZIP

Когда 63 узла и 504 чипа работают как единый разум — начинается новая эра исследований.

关键词思科漏洞近日，一场被网络安全研究人员命名为“零迪斯科行动”的高级持续性威胁活动浮出水面，其攻击矛头直指构

关键词漏洞科技媒体 bleepingcomputer 昨日（10 月 17 日）发布博文，报道称微软修复了追踪

Zimbra has released an emergency security patch to address a critical Server-Side Request Forgery (SSRF) vulnerability that could allow attackers to access sensitive data through the platform’s chat proxy configuration. The flaw, classified as high severity, affects Zimbra versions 10.1.5 through 10.1.11, prompting the company to urge immediate action from users and administrators.​ Understanding the […]

The post Critical Zimbra SSRF Flaw Exposes Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in CirrusSearch Extension up to 1.42 on MediaWiki. This issue affects some unknown processing. Performing manipulation results in allocation of resources. This vulnerability is cataloged as CVE-2025-62666. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Skin BlueSky up to 1.38 on Mediawiki. The impacted element is an unknown function. Performing manipulation results in cross site scripting. This vulnerability is known as CVE-2025-62665. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Cargo Extension on Mediawiki. This affects an unknown part. Performing manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-62671. The attack can be initiated remotely. There is not any exploit available.