Aggregator

A vulnerability, which was classified as critical, was found in Unisoc SL8521E, SL8521ET, SL8541E, UIS8141E, UWS6137, UWS6137E, UWS6151 and UWS6152. This issue affects some unknown processing of the component Developer Tools. Executing manipulation can lead to improper input validation. The identification of this vulnerability is CVE-2025-31714. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Unisoc SL8521E, SL8521ET, SL8541E, UIS8141E, UWS6137, UWS6137E, UWS6151 and UWS6152. This vulnerability affects unknown code of the component Vowifi Service. Performing manipulation results in command injection. This vulnerability was named CVE-2025-31715. The attack may be initiated remotely. There is no available exploit.

A vulnerability classified as critical was found in Unisoc SL8521E, SL8521ET, SL8541E, UIS8141E, UWS6137, UWS6137E, UWS6151 and UWS6152. This affects an unknown part of the component Engineer Mode Service. Such manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-31713. Local access is required to approach this attack. No exploit exists.

A vulnerability classified as critical has been found in Kubernetes Image Builder up to 0.1.44. Affected by this issue is some unknown functionality. This manipulation causes hard-coded credentials. This vulnerability is handled as CVE-2025-7342. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

Spiral-Bench измеряет умение моделей возражать, успокаивать и не вредить пользователю.

2025年8月16日，在德国波恩的FrOSCon会议上，作者发表了题为“curl、开源与网络”的主题演讲，吸引了数百名听众到场聆听。

A vulnerability classified as critical was found in Linux Kernel up to 5.18.17. Affected by this vulnerability is the function smb2_write of the file fs/ksmbd/smb2pdu.c of the component ksmbd. The manipulation results in information disclosure. This vulnerability was named CVE-2022-47940. The attack may be performed from a remote location. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.2.7. This affects the function ntfs_read_mft of the file fs/ntfs3/inode.c of the component Metadata Handler. The manipulation of the argument MFT_REC_MFT leads to use after free. This vulnerability is referenced as CVE-2022-48425. The attack needs to be initiated within the local network. No exploit is available. It is suggested to install a patch to address this issue.

A vulnerability has been found in Linux Kernel up to 6.10.2 and classified as critical. This affects the function devm_kzalloc of the component PCM6240. Performing manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2024-43822. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.8.2. It has been rated as critical. Affected by this vulnerability is the function cgr_lock of the component qbman. Performing manipulation results in deadlock. This vulnerability is reported as CVE-2024-35806. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

The PostgreSQL Global Development Group released emergency security updates on August 14, 2025, addressing three critical vulnerabilities that enable code injection attacks during database restoration processes. The flaws affect all supported versions from PostgreSQL 13 through 17, requiring immediate patching across enterprise environments. Dangerous Dump and Restore Vulnerabilities Two severe code execution vulnerabilities, CVE-2025-8714 and […]

The post Critical PostgreSQL Flaws Allow Code Injection During Restoration appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source software. Developed by Trail of Bits, it recently earned second place in DARPA’s AI Cyber Challenge (AIxCC). Main components Buttercup is made up of four main components, each playing a different role in finding and fixing vulnerabilities. The orchestration/UI component keeps everything running smoothly, coordinating the actions of the other parts of the system and showing you the vulnerabilities it discovers … More →

The post Buttercup: Open-source AI-driven system detects and patches vulnerabilities appeared first on Help Net Security.

Меньше багов, больше контроля и удобств для пользователей.

A critical vulnerability in Rockwell Automation’s ControlLogix Ethernet modules has been discovered that could allow remote attackers to execute malicious code on industrial control systems. The vulnerability, identified as CVE-2025-7353, affects multiple ControlLogix communication modules and carries a severe CVSS score of 9.8 out of 10, indicating the highest level of risk to affected systems. […]

The post Rockwell ControlLogix Ethernet Vulnerability Exposes Systems to Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Data Engineering for Cybersecurity sets out to bridge a gap many security teams encounter: knowing what to do with the flood of logs, events, and telemetry they collect. About the author James Bonifield has a decade of experience analyzing malicious activity, implementing data pipelines, and training others in the security industry. He has built enterprise-scale log solutions, automated detection workflows, and led analyst teams investigating major cyber threat actors. Inside the book The book is … More →

The post Review: Data Engineering for Cybersecurity appeared first on Help Net Security.

维护 Archive of Our Own（AO3）等同人网站的同人社群组织 The Organization for Transformative Works 宣布， AO3 平台上的中文同人作品突破了百万篇，成为英语之外第二个突破百万篇同人作品的语言。AO3 有 800 万注册用户和每月 10 亿次访问量，是全球第 38 大最受欢迎网站，也是美国第 18 大最受欢迎的网站，用户使用了大约 150 种语言撰写同人文。

トレンドマイクロ製企業向けエンドポイントセキュリティ製品には、複数のOSコマンドインジェクションの脆弱性が存在します。

As families across the country prepare for the return to school, cybercriminals are exploiting the seasonal rush with a fresh wave of sophisticated shopping scams. Leveraging peaks in online spending, scammers are deploying malicious campaigns that prey on unsuspecting users searching for supply deals and exclusive offers. The emergence of these scams coincides with growing […]

The post Beware of New back-to-school Shopping Scams That Tricks Drives Users to Fake Shopping Sites appeared first on Cyber Security News.

Ошибки, таймауты и сбои — теперь под вашим контролем.

Prevention effectiveness is falling, detection gaps remain wide, and attackers are exploiting weaknesses in data protection and credentials. Data theft prevention has dropped to 3 percent, password cracking success rates have nearly doubled, and new threat groups are bypassing defenses. The latest Blue Report from Picus Security shows that prevention effectiveness against cyberattacks has dropped for the first time in two years, falling from 69% in 2024 to 62% in 2025. Detection capabilities remain weak, … More →

The post Weak alerting and slipping prevention raise risk levels for CISOs appeared first on Help Net Security.