Aggregator

A vulnerability classified as problematic has been found in Linux Kernel up to 6.9.7. This affects the function j1939_xtp_rx_rts. The manipulation leads to reachable assertion. This vulnerability is uniquely identified as CVE-2023-52887. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.1.83/6.6.23/6.7.11/6.8.2. This impacts an unknown function of the component LoongArch. Such manipulation leads to improper locking. This vulnerability is traded as CVE-2024-35818. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.9.7 and classified as critical. This vulnerability affects the function compensate of the component bme680. This manipulation causes buffer overflow. This vulnerability is tracked as CVE-2024-42086. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability has been found in Linux Kernel up to 6.9.7 and classified as problematic. Affected by this issue is the function davinci_gpio_probe. This manipulation causes improper validation of array index. The identification of this vulnerability is CVE-2024-42092. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Linux Kernel up to 5.10.222/5.15.163/6.1.100/6.6.41/6.9.10. Impacted is the function btrfs_put_root of the component qgroup. Executing manipulation can lead to improper update of reference count. This vulnerability is tracked as CVE-2024-41078. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.100/6.6.41/6.9.10. This affects the function devm_kmemdup of the component ASoC. The manipulation leads to allocation of resources. This vulnerability is uniquely identified as CVE-2024-41069. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.1.100/6.6.41/6.9.10. Affected by this vulnerability is the function select_req of the component cachefiles. Such manipulation leads to insufficiently random values. This vulnerability is referenced as CVE-2024-41074. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

$38 миллионов отмыли дипфейками: власти ответили беспрецедентным контролем.

“Het officiersdiploma is niet alleen een bekroning op de studieresultaten. Het is ook een bewijs van vertrouwen. In karakter, leidinggevende capaciteiten, fysieke en mentale weerbaarheid en aanpassingsvermogen.” Commandant Koninklijke Militaire Academie (KMA) kolonel Frank Rippens reikte de zogenoemde ‘bullen’ vandaag uit. Op het Kasteel van Breda rondden 151 afgestudeerde officieren daarmee hun opleiding af.

PostgreSQL 数据库项目释出了 v18 版本。主要新特性包括：异步 I/O (AIO) 子系统改进顺序扫描、位图堆扫描、vacuums 清理等操作的性能，基准测试显示在部分情况下性能提升最高 3 倍；pg_upgrade 保留优化器统计信息；支持对多列 B-tree 索引的“跳过扫描”查找；虚拟生成列，改进文本处理，OAuth 身份验证，等等。更多浏览发布公告。

CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On September 18, Fortra urged GoAnywhere users to upgrade to version 7.8.4 or v7.6.3 (Sustain Release) to fix a deserialization vulnerability in the solution’s License Servlet, which “allows an actor with a validly forged license response signature to deserialize an … More →

The post Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) appeared first on Help Net Security.

​在流量与低价之外，寻找本地生活的第三条路。

watchTowr Labs says hackers exploited the Fortra GoAnywhere MFT flaw CVE-2025-10035 on Sept 10, 2025, a week before public disclosure. Cybersecurity firm watchTowr Labs revealed that it has ‘credible evidence’ that the critical Fortra GoAnywhere MFT flaw CVE-2025-10035 was actively exploited in attacks in the wild as early as September 10, 2025, a week before […]

Forta, the vendor behind the file-transfer service software, has yet to report exploitation or address evidence of compromise. Independent researchers say otherwise.

The post Worries mount over max-severity GoAnywhere defect appeared first on CyberScoop.

Как личные конфликты влияют на будущее Linux.

FortiGuard Labs exposes a high-severity phishing campaign impersonating the National Police of Ukraine to deliver Amatera Stealer (data theft) and PureMiner (cryptojacking) to Windows PCs.

Het Rijksvastgoedbedrijf (RVB) gaat in opdracht van Defensie aan de slag met de bouw van de nieuwe kazerne van het Korps Mariniers in Uddel. Vandaag is de aanbesteding voor de bouw gepubliceerd op TenderNed.

A vulnerability classified as critical has been found in Wide Banner Plugin up to 1.0.4 on WordPress. This affects an unknown part. Performing manipulation results in missing authorization. This vulnerability is cataloged as CVE-2025-58919. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Quantities and Units for WooCommerce Plugin up to 1.0.13 on WordPress. This vulnerability affects unknown code. Executing manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-58917. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as problematic has been reported in Apache Airflow 3.0.3. This impacts an unknown function. Performing manipulation results in permission issues. This vulnerability is reported as CVE-2025-54831. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.