Aggregator

A vulnerability was found in Linux Kernel. It has been classified as critical. The impacted element is an unknown function of the component ksmbd. Performing manipulation results in null pointer dereference. This vulnerability is reported as CVE-2023-3866. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.

A vulnerability classified as problematic has been found in Microsoft Windows. The affected element is an unknown function of the component Wireless Networking. Performing manipulation results in an unknown weakness. This vulnerability was named CVE-2020-24588. The attack needs to be approached within the local network. There is no available exploit. It is suggested to install a patch to address this issue.

A vulnerability categorized as problematic has been discovered in Apache Tomcat up to 8.5.100/9.0.107/10.1.43/11.0.9. The affected element is an unknown function of the component HTTP2 Handler. The manipulation results in denial of service. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-48989. The attack may be performed from a remote location. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in IETF HTTP Working Group Fastly H20 and HTTP2. The impacted element is an unknown function of the component Stream Reset Handler. This manipulation causes resource consumption. The identification of this vulnerability is CVE-2025-8671. It is possible to initiate the attack remotely. There is no exploit available.

经过多轮激烈角逐，奇安信代码安全实验室凭借优异的技术能力和攻防实力，从成功晋级线下决赛的30支精英战队中脱颖而出，斩获一等奖（最高奖项）

De Koninklijke Marine ruimt momenteel mijnen en andere explosieven in de Noordzee. Dat gebeurt met de Belgische en Estse zeemacht. Met de militaire aanwezigheid boven de Waddeneilanden wordt bovendien sabotage van kritieke infrastructuur zoals kabels voorkomen. Het landentrio traint ook hoe het optimaal een haven veilig kan houden. De activiteiten maken deel uit van Sandy Coast 25. Die is vandaag begonnen.

Winners of DARPA’s AI Cyber Challenge proved AI can automate patching at scale. Their tools will go open source, offering defenders new power—but also raising concerns about AI-fueled exploits.

The post DARPA AI Cyber Challenge Winners Impress With Quick, Scalable Patching  appeared first on Security Boulevard.

The Warlock ransomware gang has taken credit for the cyber-attack after the UK telco giant publicly confirmed an incident on August 14

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This vulnerability affects the function rpl_do_srh_inline. This manipulation causes use after free. This vulnerability is handled as CVE-2025-38476. It is possible to launch the attack on the local host. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.39/6.15.7. The affected element is the function cipso_v4_sock_setattr of the component smc. Executing manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2025-38475. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This affects the function sch_qfq. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-38477. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. The impacted element is an unknown function of the component usb. Executing manipulation can lead to privilege escalation. This vulnerability is handled as CVE-2025-38474. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

站在新起点，期待脱颖而出的优秀项目能把握机遇，加速成果转化与产业化进程。

培训将围绕真实案例展开复盘，系统讲解“AI辅助防御、新型技战法应用、蓝队协同机制优化”等关键内容，帮助学员在实战中真正做到“知其然，更知其所以然”。

CTEM框架通过持续威胁暴露管理，为金融、医疗和零售三大高危行业提供高针对性防护。

美国佐治亚大学开展的研究表明，水星这颗太阳系最内侧的行星，自 45 亿年前诞生以来，因热量流失在不断缩小，其半径已累计缩短 2.7—5.6 公里如同冷却后的芝士蛋糕表面会皲裂，水星岩石外壳也布满“皱纹”，科学家称之为冲断层。这些因地壳收缩形成的褶皱，成为测量行星“缩水”程度的天然标尺。此前研究认为，水星半径收缩幅度在 1—7 公里之间，但不同断层数据集得出的结论差异显著。研究团队通过聚焦最大断层的收缩效应，进而推演整体变化。通过对 5934 条、653 条及 100 条断层三个不同规模数据集的分析，新方法均得出水星半径缩短 2—3.5 公里的稳定估值。综合其他冷却效应后，他们最终将收缩范围精确锁定在 2.7—5.6 公里。

For the latest discoveries in cyber research for the week of 18th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Canadian House of Commons has suffered a data breach. The incident resulted in unauthorized access to a database containing employees’ names, office locations, email addresses, and information on House-managed computers and […]

The post 18th August – Threat Intelligence Report appeared first on Check Point Research.

Currently trending CVE - Hype Score: 17 - The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the add_single_eventon and add_eventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for ...

Currently trending CVE - Hype Score: 24 - A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code ...