Aggregator

A vulnerability has been found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component FedCM. Performing manipulation results in use after free. This vulnerability is identified as CVE-2024-2176. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.147/6.6.100/6.12.40/6.15.8 and classified as critical. The impacted element is an unknown function of the component nilfs2. The manipulation results in reachable assertion. This vulnerability was named CVE-2025-38663. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.147/6.6.100/6.12.40/6.15.8. It has been classified as critical. Affected is the function kfree of the component appletalk. This manipulation causes use after free. This vulnerability is tracked as CVE-2025-38666. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.

微软正在 Windows 11 中集成越来越多的 AI 功能，最新的测试版本 v26220.7262 加入了 Copilot Actions，但默认没有启用，需要管理员权限才能激活。对于这些基于大模型的 AI 功能，微软试图推卸掉自己的责任，它通过其支持文档警告，称 Copilot Actions 之类的 AI 功能会引入新的安全风险，如跨提示注入(cross-prompt injection 或 XPIA)——文档或 UI 元素中的恶意内容能覆盖 AI 指令，导致数据泄露或安装恶意程序等意外操作。它建议用户在了解安全风险的情况下启用 AI 功能。Copilot Actions 具有高访问权限，能对用户的 Documents、Downloads、Desktop、Pictures、Videos 和 Music 等文件夹进行读写操作。微软还表示 AI 也可能会产生幻觉，“产生意外之外的输出”。

微软正在 Windows 11 中集成越来越多的 AI 功能，最新的测试版本 v26220.7262 加入了 Copilot Actions，但默认没有启用，需要管理员权限才能激活。对于这

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

JP Morgan Chase, Citi and Morgan Stanley Among Banking Customers Impacted
Major U.S. banks are assessing their exposure to a cybersecurity incident at real estate financial technology company SitusAMC, which disclosed Saturday that a breach may have affected client data. The New York firm uncovered the incident on Nov. 12.

Mindpath Health Settles Claim for $3.5M; Delta Dental Notifies 146,000 of Breach
Email breaches continue to plague the healthcare sector, resulting in data compromises that often affect the sensitive information of scores of patients. Two recent incidents illustrate the risks email breaches pose to patients, and the potential legal fallout for providers.

Israeli Startup Plans to Integrate AI Agent Guardrails Into Cloud Platform
Sweet Security secured $75 million in Series B funding to integrate AI security into its CNAPP platform. With runtime protection as its differentiator, the startup plans to address growing CISO concerns over shadow AI and attack vectors involving intelligent agents.

Lawmakers Say Reversal Strips One of Few Enforceable Standards for Major Carriers
The U.S. FCC's move to scrap its short-lived interpretation of the Communications Assistance for Law Enforcement Act - the 1994 statute known as CALEA - sparked warnings that the agency just eliminated one of the few enforceable cybersecurity tools for the telecom sector.

JP Morgan Chase, Citi and Morgan Stanley Among Banking Customers Impacted
Major U.S. banks are assessing their exposure to a cybersecurity incident at real estate financial technology company SitusAMC, which disclosed Saturday that a breach may have affected client data. The New York firm uncovered the incident on Nov. 12.

Mindpath Health Settles Claim for $3.5M; Delta Dental Notifies 146,000 of Breach
Email breaches continue to plague the healthcare sector, resulting in data compromises that often affect the sensitive information of scores of patients. Two recent incidents illustrate the risks email breaches pose to patients, and the potential legal fallout for providers.

Israeli Startup Plans to Integrate AI Agent Guardrails Into Cloud Platform
Sweet Security secured $75 million in Series B funding to integrate AI security into its CNAPP platform. With runtime protection as its differentiator, the startup plans to address growing CISO concerns over shadow AI and attack vectors involving intelligent agents.

Lawmakers Say Reversal Strips One of Few Enforceable Standards for Major Carriers
The U.S. FCC's move to scrap its short-lived interpretation of the Communications Assistance for Law Enforcement Act - the 1994 statute known as CALEA - sparked warnings that the agency just eliminated one of the few enforceable cybersecurity tools for the telecom sector.

Headlines scream about zero-days and nation-state attacks, but the reality is far less glamorous. Ross Haleliuk, from Venture in Security talks about the concept of humans being wired to overweight rare, dramatic events and underweight the everyday risks that quietly do the most damage. For perspective: you’re about 7,000 times more likely to drown in a pool than to die in a plane crash. In other words, the scariest part of your holiday probably isn’t … More →

The post The breaches everyone gets hit by (and how to stop them) appeared first on Help Net Security.

Пользователи уже ищут замену некогда аскетичному текстовому редактору.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-25, 23 days ago. The vendor is given until 2026-03-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 4.9 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2025-11-25, 120 days ago. The vendor is given until 2026-03-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2025-11-25, 79 days ago. The vendor is given until 2026-03-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.