Aggregator

CVE-2025-46285 | Apple macOS up to 14.8.2/15.7.2 App integer overflow (EUVD-2025-203133 / WID-SEC-2025-2838)

Vuldb Updates
1 week ago
A vulnerability labeled as critical has been found in Apple macOS up to 14.8.2/15.7.2. Affected is an unknown function of the component App. Executing manipulation can lead to integer overflow. This vulnerability is handled as CVE-2025-46285. It is possible to launch the attack on the local host. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-14503 | Amazon AWS Harmonix up to 0.4.1 privileges assignment (GHSA-qm86-gqrq-mqcw / EUVD-2025-203445)

Vuldb Updates
1 week ago
A vulnerability was found in Amazon AWS Harmonix up to 0.4.1 and classified as critical. The impacted element is an unknown function. Executing manipulation can lead to incorrect privilege assignment. This vulnerability appears as CVE-2025-14503. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-43320 | Apple macOS up to 15.7.2 App Local Privilege Escalation (EUVD-2025-203166 / Nessus ID 278571)

Vuldb Updates
1 week ago
A vulnerability classified as problematic was found in Apple macOS up to 15.7.2. Impacted is an unknown function of the component App. Such manipulation leads to Local Privilege Escalation. This vulnerability is listed as CVE-2025-43320. The attack must be carried out locally. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2025-13794 | Auto Featured Image Plugin up to 4.2.1 on WordPress Thumbnail bulk_action_generate_handler authorization (EUVD-2025-203499)

Vuldb Updates
1 week ago
A vulnerability classified as problematic has been found in Auto Featured Image Plugin up to 4.2.1 on WordPress. Impacted is the function bulk_action_generate_handler of the component Thumbnail Handler. This manipulation causes missing authorization. This vulnerability is tracked as CVE-2025-13794. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

AI黑产“暗战”升级,邮件防御如何“见招拆招”?

嘶吼
1 week ago

12月17日15:00 线上直播

特邀资深信息安全专家分享

直播亮点抢先看

1.趋势洞察:解读黑产新招数,揭示勒索/盗号/钓鱼攻击新动向

2.案例复盘:拆解热门攻击案例,预警新型攻击手法

3.防御赋能:聚焦2026防护重点,解锁全场景解决方案

预约直播即享三重福利

1.专享资料包

2025年Q4黑产数据精要版

2025年季度企业安全报告合集

2.深度评估机会

1v1专家邮件防护咨询

定制企业防护方案

CACTER邮件安全

French Interior Minister says hackers breached its email servers

Security Affairs
1 week ago
The French interior minister confirmed that a cyberattack breached the Interior Ministry, compromising its email servers. The French Interior Minister Laurent Nunez announced on Friday that threat actors compromised email servers at the Ministry of the Interior. The attack was detected overnight between December 11 and 12, and according to the French interior minister, attackers […]
Pierluigi Paganini

CVE-2022-50641 | Linux Kernel up to 6.0.2 for_each_available_child_of_node reference count (Nessus ID 278324)

Vuldb Updates
1 week ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.0.2. Affected is the function for_each_available_child_of_node. Performing manipulation results in improper update of reference count. This vulnerability is known as CVE-2022-50641. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2022-50649 | Linux Kernel up to 6.0.2 power adp5061_get_chg_type out-of-bounds (Nessus ID 278325)

Vuldb Updates
1 week ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.0.2. Affected by this vulnerability is the function adp5061_get_chg_type of the component power. Performing manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2022-50649. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

Google to Shut Down Dark Web Monitoring Tool in February 2026

The Hackers News
1 week ago
Google has announced that it's discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web. To that end, scans for new dark web breaches will be stopped on January 15, 2026, and the feature will cease to exist effective February 16, 2026. "While the report offered general
The Hacker News

Product showcase: GlassWire mobile firewall for Android

Help Net Security
1 week ago

GlassWire is a free network monitoring and security application for Windows and Android. It lets you see how your system communicates over the internet and local network. The Windows version also offers a Premium tier with advanced features, while the Android app focuses on monitoring and control. By combining visual network activity with simple controls, GlassWire helps you understand what’s happening behind the scenes and take action when something looks out of the ordinary. Today … More →

The post Product showcase: GlassWire mobile firewall for Android appeared first on Help Net Security.

Anamarija Pogorelec

Managed ad