Aggregator

A vulnerability was found in PicoC 3.2.2. It has been rated as critical. Affected by this issue is the function LexGetStringConstant of the file lex.c. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2022-44316. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in PicoC 3.2.2. This issue affects the function StdioBasePrintf in the library cstdlib/string.c. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2022-44319. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, was found in PicoC 3.2.2. Affected is the function LexSkipComment of the file lex.c. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2022-44321. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Huawei EMUI and Magic UI. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component DRM. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-44556. The attack needs to be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Mitsubishi Electric PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Conditioning, Induction hob, Mitsubishi Electric HEMS Energy Measurement Unit, Refrigerator, Remote control with Wi-Fi Interface, BATHROOM THERMO VENTILATOR, Rice cooker, Mitsubishi Electric HEMS control adapter, Energy Recovery Ventilator, Smart Switch, Ventilating Fan, Range hood fan, Energy Measurement Unit and Air Purifier. This affects an unknown part of the component Basic Authentication Handler. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2022-33321. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in MediaTek MT2731, MT2735, MT6297, MT6725, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791 and MT8797 and classified as critical. Affected by this vulnerability is an unknown functionality of the component CMAS Message Handler. The manipulation leads to reachable assertion. This vulnerability is known as CVE-2022-26446. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Google Android. This vulnerability affects unknown code of the component VPU. The manipulation leads to information disclosure. This vulnerability was named CVE-2022-21778. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Microsoft Windows. Affected is an unknown function of the component NTLM Hash Handler. The manipulation leads to file inclusion. This vulnerability is traded as CVE-2025-24054. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Contagious Interview (DPRK) 发起新一轮攻击;透明部落组织使用新恶意软件进行持久攻击;Lazarus APT 利用1day漏洞攻击韩国目标;Lazarus组织利用"Tsunami"恶意软件框架挖矿行动

Contagious Interview (DPRK) 发起新一轮攻击;透明部落组织使用新恶意软件进行持久攻击;Lazarus APT 利用1day漏洞攻击韩国目标;Lazarus组织利用"Tsunami"恶意软件框架挖矿行动

Ellis of YL Ventures on How Modern CISOs Must Lead, Not Master Every Discipline
There were never many 'do everything' CISOs. Today there are even fewer. But with a specialist area, strong overview and ability to channel expertise, CISOs can align with business goals, embrace the business enabler role, demonstrate quick wins, and ensure their organization makes better risk decisions.

4 Breaches Appear to Potentially Affect Hundreds of Thousands Across Several States
Catholic hospital chain Ascension Health is notifying hundreds of thousands of individuals across several states of at least four hacking incidents in recent months involving third-parties. Ascension reported one of the breaches this week, another in mid-April and the others in March and February.

CISA Staff Told to Prepare for Cuts and Crowded Work Locations Amid Growing Turmoil
Top officials at the nation's cyber defense agency want to give President Donald Trump's pick to lead the agency time to assess major restructuring plans - a move that is reportedly delaying the timeline for reductions in force while causing growing concerns for job stability among staffers.

Retailer Continues to Recover From Ransomware Incident
British retailer Marks & Spencer was reportedly targeted by financial crime group Scattered Spider, who deployed ransomware on the company's VMware ESXi server. The retailer continues to recover from a cyber incident that disrupted operations in its online and offline stores.

英伟达黄仁勋称华为是全球最强科技公司之一，中美在 AI 发展领域的水平非常接近； 2025 年五一档首日票房 1.83 亿，《水饺皇后》《猎金・游戏》《人生开门红》前三

A employee at Elon Musk's artificial intelligence company xAI leaked a private key on GitHub that for the past two months could have allowed anyone to query private xAI large language models (LLMs) which appear to have been custom made for working with internal data from Musk's companies, including SpaceX, Tesla and Twitter/X, KrebsOnSecurity has learned.