Aggregator

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.9.7. Affected by this vulnerability is an unknown functionality of the file sound/soc/mediatek/common/mtk-soundcard-driver.c of the component mt8195. Performing manipulation results in out-of-bounds read. This vulnerability is known as CVE-2024-42088. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.9.7. This vulnerability affects the function fsl_asoc_card_audmux_init of the component fsl-asoc-card. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-42089. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.9.7. Affected by this issue is the function create_pinctrl of the component pinctrl. Executing manipulation can lead to deadlock. This vulnerability is handled as CVE-2024-42090. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.9.7 and classified as critical. This vulnerability affects the function compensate of the component bme680. This manipulation causes buffer overflow. This vulnerability is tracked as CVE-2024-42086. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.9.7. This affects the function gpiod_set_value of the component ilitek-ili9881c. Executing manipulation can lead to privilege escalation. This vulnerability appears as CVE-2024-42087. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

Cloudflare has disclosed a significant data breach affecting customer information following a sophisticated supply chain attack targeting its Salesforce integration with Salesloft Drift. The incident, which occurred between August 12-17, 2025, resulted in the exposure of customer support case data and potentially sensitive credentials shared through support channels. The Breach Details The cybersecurity company became […]

The post Cloudflare Confirms Data Breach – Customer Data Exposed via Salesforce Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in GLPI up to 9.1.4. It has been classified as critical. This affects an unknown function of the file front/devicesoundcard.php. The manipulation of the argument Home as part of Parameter leads to sql injection. This vulnerability is referenced as CVE-2017-11184. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Moodle 3.x. The impacted element is an unknown function of the component Portfolio URL Handler. This manipulation causes improper input validation. This vulnerability appears as CVE-2018-1137. The attack may be initiated remotely. There is no available exploit.

A vulnerability identified as problematic has been detected in GNU binutils 2.32. Impacted is the function setup_group of the file elf.c of the component libbfd. The manipulation leads to improper resource management. This vulnerability is uniquely identified as CVE-2019-9072. Local access is required to approach this attack. No exploit exists.

A vulnerability was found in Oracle MySQL Connectors up to 6.9.9/6.10.4 and classified as critical. This impacts an unknown function of the component Connector/Net. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2018-2585. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A sophisticated malware operation that combines multiple attack vectors to steal cryptocurrency and deliver additional malicious payloads to Windows systems. A recently discovered TinyLoader malware campaign is actively targeting Windows users through a multi-pronged attack strategy involving network share exploitation, USB propagation, and deceptive shortcut files. The malware, which serves as a delivery mechanism for […]

The post TinyLoader Malware Spreads via Network Shares and Malicious Shortcut Files on Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

文章揭示了Google Cloud和Cloudflare等平台长期未能阻止大规模网络钓鱼和品牌仿冒活动，导致48,000个虚拟主机被滥用。这些平台因未及时采取行动而被视为潜在共谋者。Lockheed Martin等知名公司因疏于监测而成为攻击目标。研究显示此类活动已持续三年以上，涉及非法内容和恶意软件分发。

In this Help Net Security video, Brendon Collins, Principal Consultant at Optiv, explores how organizations can embed security and privacy into the software development lifecycle (SDLC) from the very start. He outlines five proactive principles, including default-deny architecture, privacy in the definition of done, privacy threat modeling, infrastructure-as-code scanning, and CI/CD security gates, showing how teams can innovate quickly while reducing risk and protecting users. The goal is to build a culture of security by … More →

The post Five habits of highly secure development teams appeared first on Help Net Security.

Delta Electronicsが提供するEIP Builderには、XML外部エンティティ参照（XXE）の不適切な制限の脆弱性が存在します。

Думали, что умные холодильники сэкономят деньги, а оказалось, они могут уничтожить весь бизнес.

富士電機が提供するFRENIC-Loader 4には、信頼できないデータのデシリアライゼーションの脆弱性が存在します。

有效地将 Zeek 和 Suricata 这两大网络分析利器从传统的批处理模式转换为现代的流式命令行工具

当前环境出现异常，需完成验证后才能继续访问。

文章介绍了如何将Zeek和Suricata转换为流式命令行工具，以实现对网络流量的实时分析。通过配置Zeek从标准输入读取pcap数据并输出JSON日志，以及调整Suricata将EVE JSON输出到标准输出，可以构建高效的数据处理管道。这种方法提升了实时性、资源利用率，并支持复杂的安全分析场景。

What is it Pyramid is a set of Python scripts and module dependencies that can be used to

The post Pyramid: Python scripts to evade EDRs appeared first on Penetration Testing Tools.