Aggregator

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.45/6.16.5/6.17-rc4. This affects the function tcp_ao_copy_all_matching. The manipulation leads to memory leak. This vulnerability is referenced as CVE-2025-39852. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.16.5/6.17-rc4. The impacted element is the function asus_wmi_register_driver. Executing manipulation can lead to race condition. The identification of this vulnerability is CVE-2025-39837. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.17-rc4. The affected element is the function __iodyn_find_io_region of the component pcmcia. Performing manipulation results in null pointer dereference. This vulnerability was named CVE-2025-39846. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.17-rc4. Impacted is the function __populate_section_memmap in the library linux/pgtable.h. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-39844. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.17-rc4. This issue affects the function arch_sync_kernel_mappings. This manipulation causes memory corruption. This vulnerability is handled as CVE-2025-39845. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.150/6.6.104/6.12.45/6.16.5/6.17-rc4. This vulnerability affects the function set_track_prepare of the component slub. The manipulation results in allocation of resources. This vulnerability is known as CVE-2025-39843. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

Phishing campaigns have long relied on social engineering to dupe unsuspecting users, but recent developments have elevated these attacks to a new level of sophistication. Attackers now harness advanced content-generation platforms to craft highly personalized emails and webpages, blending genuine corporate branding with contextually relevant messages. These platforms analyze public social media profiles, corporate press […]

The post Phishing Attacks Using AI-Powered Platforms to Misleads Users and Evades Security Tools appeared first on Cyber Security News.

An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn. Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It's assessed to be affiliated with Iran's Islamic

Так была ли жизнь на Красной планете?

利用ASPM在大型证券企业实现应用运行态安全观测 by ourren

MPAF：基于多阶段属性指纹的加密流量分类 by ourren

更多最新文章，请访问SecWiki

In today’s rapidly evolving digital landscape, APIs (Application Programming Interfaces) have become the backbone of online business, connecting services, and enabling new customer experiences. However, as the API footprint grows, so does the attack surface making robust API security testing a critical pillar of enterprise cyber defense in 2025. Whether you’re a security analyst, DevSecOps […]

The post Top 10 Best API Security Testing Tools in 2025 appeared first on Cyber Security News.

A critical authentication bypass vulnerability has emerged in Nokia’s CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS) Manager API, designated as CVE-2023-49564. This high-severity flaw, scoring 9.6 on the CVSS v3.1 scale, enables unauthorized attackers to circumvent authentication mechanisms through specially crafted HTTP headers, potentially granting complete access to restricted API endpoints without valid […]

The post Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). [...]

根据发表在《Current Biology》上的一项研究，某些狗不仅能记住对象如最喜欢的玩具的名称，还能将这些标签扩展到具有类似功能的全新对象，无论它们的外观是否相似。这是一种被称为“标签扩展（label extension）”的高级认知能力，动物通常需要在圈养环境经历多年强化训练才能获得这一能力。但狗狗不需要训练，只需要和人自然玩耍，它们就能掌握根据功能对玩具进行分类的能力。

Multiple sources tell CyberScoop that options under consideration include executive orders or a national action plan, similar to the one the administration released for AI in July.

The post Trump administration planning expansion of U.S. quantum strategy appeared first on CyberScoop.

In early 2025, cybersecurity researchers observed an unprecedented collaboration between two Russian APT groups targeting Ukrainian organizations. Historically, Gamaredon has focused on broad spear-phishing campaigns against government and critical infrastructure, while Turla has specialized in high-value cyberespionage using sophisticated implants. Their joint operations mark a significant escalation: Gamaredon gains initial access using its established toolkit, […]

The post Russian Hacking Groups Gamaredon and Turla Attacking Organizations to Deploy Kazuar Backdoor appeared first on Cyber Security News.

Удар по Дохе обнажил уязвимость катарской ПРО.

New investigation exposes a China-based ring that sold over 6,500 fake United States and Canadian IDs using well-planned covert packaging. Learn how this operation threatens national security and enables financial crime.

诺斯罗普格鲁曼公司的 Cygnus XL 货运飞船比预定时间晚了一天抵达国际空间站。飞船装载了超过五吨重的补给和实验物资。它是在上周日搭乘 SpaceX 的 Falcon 9 火箭发射升空，但本周二凌晨飞船在飞往国际空间站途中主引擎两次点火调整方向时却都提前关闭。工程师后来确定主引擎提前关闭是保守的软件保护措施触发的，引擎本身工作正常。在更新了软件参数之后，飞船周四飞到了距离空间站 30 英尺范围内，宇航员 Jonny Kim 操控空间站机械臂成功捕捉了飞船。