Aggregator

A vulnerability identified as critical has been detected in Linux Kernel up to 5.15.99/6.1.17/6.2.4. This affects the function debugfs_lookup. This manipulation causes memory leak. This vulnerability is registered as CVE-2023-53417. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.15.99/6.1.17/6.2.4. This affects the function debugfs_lookup of the component dwc3. Executing manipulation can lead to memory leak. This vulnerability appears as CVE-2023-53415. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.99/6.1.17/6.2.4. The affected element is the function debugfs_lookup. The manipulation results in memory leak. This vulnerability was named CVE-2023-53409. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.15.98/6.1.15/6.2.2. Impacted is the function debugfs_lookup. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2023-53408. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.17/6.2.4 and classified as critical. The impacted element is the function debugfs_lookup. This manipulation causes memory leak. The identification of this vulnerability is CVE-2023-53410. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 5.10.172/5.15.98/6.1.15/6.2.2 and classified as critical. This affects the function debugfs_lookup. Such manipulation leads to memory leak. This vulnerability is referenced as CVE-2023-53411. The attack needs to be initiated within the local network. No exploit is available. It is suggested to upgrade the affected component.

Теперь показать ЧП диспетчеру проще, чем описать словами

VS Code developers beware: ReversingLabs found 19 malicious extensions hiding trojans inside a popular dependency, disguising the final malware payload as a standard PNG image file.

The UK Information Commissioner's Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach. [...]

Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat researchers see everything from probes and backdoors to botnets and cryptominers.

The post Attackers Worldwide are Zeroing In on React2Shell Vulnerability appeared first on Security Boulevard.

The Next Major Cyber Risk Could Come Through a Biological Sample
Researchers demonstrated that it is feasible to encode executable payloads into synthetic DNA that, once sequenced and processed, could trigger malware in sequencing software. When a vulnerability in a sequencer becomes a vulnerability in national health or food security, the stakes are existential.

Lessons From Lightning-Fast AI-Based Attacks and How Cyber Defenders Should Respond
AI-based attacks will come faster and the sequence of activities will be less predictable. Cyber defenders are skilled in network analysis, incident response and cloud or identity management, but in the face of AI-based attacks, they need new skills, tools and defensive tactics.

Analysis of Seized LockBit Data Suggests Victims Who Pay Enjoy More Media Coverage
Bad news for any organization that's ever paid a ransom in a bid to avoid their breach coming to light, or for a promise from attackers to delete stolen data, with a study of seized LockBit data finding that victims who paid a ransom were more likely to see the attack get detailed in the media.

Inotiv Tells SEC 'It's Still Evaluating Full Impact and Notifying Breach Victims'
Drug research firm Inotiv in a filing with federal regulators said it is still evaluating the financial and operational impact of an August cyberattack that's linked to ransomware gang Qilin. The company is also notifying nearly 10,000 people whose data was allegedly stolen in the incident.

Goldman Sachs-Led Round Supports Harness's Push Into AI Security and Automation
With $200 million in Series E funding and a new $5.5 billion valuation, Harness will scale its AI-powered platform for security, compliance and reliability in software development. The investment will support R&D into AI agents, testing, cost optimization and security for AI workloads.

CTO Matthew Fraser Says Administrations May Change but AI Program Is Built to Last
New York City gets a new mayor on Jan. 1, and while no one knows Zohran Mamdani's plans for using artificial intelligence, the city's AI Action Plan will ensure a strong foundation for innovation, city Chief Technology Officer Matthew Fraser told attendees at The AI Summit in Manhattan on Wednesday.

It looks harmless enough. A digital party invitation lands in your inbox or phone. You click to see the details....

The post Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap appeared first on McAfee Blog.

Ведомство исключило возможность утечки данных из реестра.

OpenAI has reported a surge in performance as GPT-5.1-Codex-Max reaching 76% in capability assessments, and warned of upcoming cyber-risks

Op Vliegbasis Deelen zijn de afgelopen 2 maanden 14 brisantbommen, duizenden granaten en meer explosief materiaal gevonden. Dit alles lag in de voormalige dropzone uit de oorlogsjaren en in omliggende gebieden. Het betreft voornamelijk niet-gesprongen Engelse en Amerikaanse vliegtuigbommen uit de Tweede Wereldoorlog. Vanaf morgen schort de Explosieven Opruimingsdienst Defensie (EOD) de werkzaamheden even op tot na de feestdagen.