Aggregator

A vulnerability classified as critical was found in Linux Kernel up to 5.18.2. Affected by this vulnerability is the function dpu_runtime_resume. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2022-49489. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.3. It has been declared as critical. Affected by this vulnerability is the function for_each_child_of_node. The manipulation leads to improper update of reference count. This vulnerability is known as CVE-2022-49351. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.4.197/5.10.120/5.15.45/5.17.13/5.18.2. This affects the function bfq_group. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2022-49411. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.18.2. This affects an unknown part. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2022-49335. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.3 and classified as critical. Affected by this issue is the function ieee80211_beacons_stop of the component rtl8192u. The manipulation leads to deadlock. This vulnerability is handled as CVE-2022-49305. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.17.0. This affects the function ieee80211_leave_mesh of the component mac80211. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2022-49290. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.17.1. It has been classified as critical. Affected is the function amdgpu_dm_connector_add_common_modes of the component AMD Display. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-49232. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

69% of global respondents to a Jumio survey say AI-powered fraud now poses a greater threat to personal security than traditional forms of identity theft. This number rises to 74% in Singapore, with 71% also indicating that AI-generated scams are harder to detect than traditional scams. Rising AI concerns erode digital trust 69% of global consumers indicated they are more skeptical of the content they see online due to AI-generated fraud than they were last … More →

The post Digital trust is cracking under the pressure of deepfakes, cybercrime appeared first on Help Net Security.

Deal Aims to Target Identity and AI Risks, SaaS Blind Spots With Unified Security
By acquiring Suridata, Fortinet plans to introduce SaaS Security Posture Management to its SASE platform. The update provides end-to-end visibility into SaaS apps, identity threats and AI plugin misuse, making SSPM a vital control plane in cloud-first security strategies.

Also: Signal Blocks Recall, Europe Sanctions Stark Industries
This week, Qakbot leader indicted, Signal blocked Recall and a judge said Trump illegally removed watchdogs. Ivanti and Palo Alto hacks linked, Stark Industries sanctioned, Marks and Spencer's hack costs 300M pounds. Pro-Ukraine hackers hit a Russian clinic and an outbreak of PureRAT in Russia.

Hacker Demanded $20M Ransom to Delete Stolen Personal, Financial Information
A months-long data breach led to the theft of personal and financial information of nearly 70,000 Coinbase customers. Coinbase said the breach dates back to December and was aided by bribery schemes targeting the company's overseas customer support agents.

DanaBot Used to Steal and to Spy
A top figure in the Russian cybercrime gang behind DanaBot infected his own computer with the malware, allowing an FBI agent to search an image of his system, U.S. federal prosecutors disclosed Thursday in indictments and an announced disruption of the malware's infrastructure.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Hossein Lotfi (@hosselot) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-23, 67 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Corentin "@OnlyTheDuck" BAYET from REverse Tactics' was reported to the affected vendor on: 2025-05-23, 90 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Do Manh Dung & Nguyen Dang Nguyen of STAR Labs SG Pte. Ltd.' was reported to the affected vendor on: 2025-05-23, 83 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Thomas Bouzerar (@MajorTomSec) from @Synacktiv, Etienne Helluy-Lafont from @Synacktiv' was reported to the affected vendor on: 2025-05-23, 90 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.0 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Viettel Cyber Security' was reported to the affected vendor on: 2025-05-23, 53 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Chen Le Qi of STAR Labs SG Pte. Ltd.' was reported to the affected vendor on: 2025-05-23, 83 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Chen Le Qi of STAR Labs SG Pte. Ltd.' was reported to the affected vendor on: 2025-05-23, 83 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.