Aggregator

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.86/6.6.27/6.8.6. This affects the function mlx5e_priv_init. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2024-35959. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.26/6.8.5. Affected is the function devm_kasprintf of the component pmdomain. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2024-35943. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

Почему теория Вендта не выдержала очередную проверку.

Libraesva rolled out an emergency update for its Email Security Gateway solution to fix a vulnerability exploited by threat actors believed to be state sponsored. [...]

A major South Korean lender that processes roughly 10% of the nation's credit card spending started notifying some customers that they need to reissue cards.

A vulnerability, which was classified as critical, has been found in free5GC 4.0.1. This affects an unknown function of the component AMF. Performing manipulation results in buffer overflow. This vulnerability is identified as CVE-2025-56394. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability classified as problematic was found in WSO2 Identity Server. The impacted element is an unknown function of the component Aaccount Registration Flow. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-0209. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in WSO2 Identity Server as Key Manager, Identity Server and Open Banking IAM. The affected element is an unknown function of the component FIDO Authentication. This manipulation causes improper authentication. The identification of this vulnerability is CVE-2025-0672. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Automattic Plugin up to 6.8.2 on WordPress. Impacted is an unknown function. The manipulation results in insertion of sensitive information into sent data. This vulnerability was named CVE-2025-58246. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as problematic has been reported in YzmCMS up to 7.3. This issue affects some unknown processing of the component Register Page. The manipulation of the argument Referer leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-56304. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as critical has been found in WSO2 Open Banking IAM, Identity Server as Key Manager and Identity Server. This vulnerability affects unknown code of the component Adaptive Authentication. Executing manipulation can lead to improper authentication. This vulnerability is handled as CVE-2025-0663. The attack can only be done within the local network. There is not any exploit available. The affected component should be upgraded.

Ведомство готовит законопроект.

Defy Security, a leading provider of cybersecurity solutions and services, today announced the appointment of Gary Warzala to its Board of Directors. Warzala is a highly regarded cybersecurity executive with more than 20 years of leadership experience, having served as Chief Information Security Officer (CISO) at Visa Inc., PNC Bank, Fifth Third Bank, Aon Corporation, […]

The post Defy Security Appoints Esteemed Cybersecurity Leader Gary Warzala to Its Board of Directors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Defy Security, a leading provider of cybersecurity solutions and services, today announced the appointment of Gary Warzala to its Board of Directors. Warzala is a highly regarded cybersecurity executive with more than 20 years of leadership experience, having served as Chief Information Security Officer (CISO) at Visa Inc., PNC Bank, Fifth Third Bank, Aon Corporation, […]

The post Defy Security Appoints Esteemed Cybersecurity Leader Gary Warzala to Its Board of Directors appeared first on Cyber Security News.

Alex sighed at his third energy drink of the night shift, watching another batch of security alerts flood his SIEM dashboard. As a Level 2 threat analyst at a mid-sized financial firm, he was drowning in false positives and spending precious hours manually investigating each suspicious hash, IP address, and domain.   Then everything changed during […]

The post Want to Validate Alerts Faster? Use Free Threat Intel from 15K SOCs  appeared first on Cyber Security News.

A vulnerability labeled as critical has been found in JSC R7 R7-Office Document Server up to 20250820. Impacted is an unknown function of the file /downloadas/. Executing manipulation of the argument cmd can lead to path traversal. This vulnerability is tracked as CVE-2025-10777. The attack can be launched remotely. Moreover, an exploit is present. The affected component should be upgraded. R7-Office is a fork of OpenOffice and at the moment it remains unclear if OpenOffice is affected as well. The OpenOffice team was not able to reproduce the issue in their codebase. The vendor replied: "We confirm that this vulnerability has been verified and patched in release 2025.3.1.923. During our security testing, it was not possible to exploit the issue - the server consistently returns proper error responses to the provided scenarios."

A vulnerability identified as problematic has been detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sensitive information. This vulnerability is identified as CVE-2025-10776. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Currently trending CVE - Hype Score: 17 - Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could lead to SSRF in self-hosted applications that incorrectly forwarded user-supplied headers. ...

A vulnerability identified as problematic has been detected in WSO2 Identity Server as Key Manager, API Manager and Identity Server. This affects an unknown part of the component Error Message Handler. Performing manipulation results in injection. This vulnerability is known as CVE-2024-6429. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

Austin, Texas, September 23rd, 2025, CyberNewsWire — SpyCloud, the leader in identity threat protection, today released the 2025 SpyCloud Identity Threat Report, revealing that while 86% of security leaders report confidence in their ability to prevent identity-based attacks, … (more…)

The post News alert: SpyCloud report finds security teams overconfident as identity exposures fuel ransomware first appeared on The Last Watchdog.

The post News alert: SpyCloud report finds security teams overconfident as identity exposures fuel ransomware appeared first on Security Boulevard.