Aggregator

A vulnerability was found in Qualcomm Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile. It has been declared as critical. This impacts an unknown function. Such manipulation of the argument passing leads to buffer overflow. This vulnerability is referenced as CVE-2025-21476. The attack can only be performed from a local environment. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. It has been classified as critical. This affects the function config_dev of the component Camera Kernel Driver. This manipulation causes use after free. The identification of this vulnerability is CVE-2025-27037. The attack can only be executed locally. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Qualcomm Snapdragon Compute and Snapdragon Industrial IOT and classified as problematic. The impacted element is an unknown function of the component Video Engine. The manipulation results in buffer over-read. This vulnerability was named CVE-2025-27036. The attack needs to be approached locally. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT and Snapdragon Mobile and classified as problematic. The affected element is an unknown function of the component Video Handler. The manipulation leads to buffer over-read. This vulnerability is uniquely identified as CVE-2025-27033. Local access is required to approach this attack. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Datart 1.0.0-rc.3. Impacted is an unknown function. Executing manipulation of the argument INIT can lead to privilege escalation. This vulnerability is handled as CVE-2025-56819. The attack can be executed remotely. There is not any exploit available.

A vulnerability, which was classified as problematic, has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Wearables. This issue affects some unknown processing. Performing manipulation results in buffer over-read. This vulnerability is known as CVE-2025-27030. Attacking locally is a requirement. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Perforce Puppet Enterprise 2025.4.0/2025.5. This vulnerability affects unknown code of the component Infra Assistant Feature. Such manipulation leads to insufficiently protected credentials. This vulnerability is traded as CVE-2025-10360. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. This affects an unknown part of the component RTP Packet Decoder. This manipulation causes buffer over-read. This vulnerability appears as CVE-2025-21487. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. Affected by this issue is some unknown functionality of the component RTP Packet Handler. The manipulation results in buffer over-read. This vulnerability is reported as CVE-2025-21488. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Wearables. Affected by this vulnerability is an unknown functionality of the component RTP Packet Handler. The manipulation leads to buffer over-read. This vulnerability is documented as CVE-2025-21484. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

Explore how reasonable cybersecurity is evolving from a legal concept into a practical standard for protecting systems and consumer data.

Explore how reasonable cybersecurity is evolving from a legal concept into a practical standard for protecting systems and consumer data.

FLARE: разделили сжатие и воспламенение — взломали код синтеза.

Researchers said the BRICKSTORM campaign stood out because of its “sophistication, evasion of advanced enterprise security defenses and focus on high-value targets.”

SecCodeBench 2.0：面向智能编码工具的代码安全评测体系升级 by ourren

更多最新文章，请访问SecWiki

日本爱知县(Aichi)丰明（Toyoake）市议会通过了《促进正确使用智能手机》法令，象征性的将智能手机的娱乐性使用时间限制为每天两小时，此举旨在让市民尤其是学生获得充足的睡眠。违反两小时限制的人并不会受到惩罚。法令称，过度使用手机的人及其家人在日常和社交生活中会面临困难，限制每天两小时可能会有所帮助。丰明市有 6.9 万居民，该法案只是建议性的，并不具有约束力。

A vulnerability in multiple OnePlus OxygenOS versions allows any installed app to access SMS data and metadata without requiring permission or user interaction. [...]

Three sophisticated malware families have emerged as significant threats to telecommunications and manufacturing sectors across Central and South Asia, representing a coordinated campaign that exploits legitimate system processes to deliver powerful backdoor capabilities. RainyDay, Turian, and a new variant of PlugX have been systematically abusing DLL search order hijacking techniques to execute malicious loaders, establishing […]

The post RainyDay, Turian and Naikon Malwares Abuse DLL Search Order to Execute Malicious Loaders appeared first on Cyber Security News.

Federal missions are moving faster than ever, and the demand for speed is matched only by the need for greater trust. From implementing zero-trust mandates to deploying AI-powered systems, today's agencies are expected to deliver software that accelerates mission outcomes while maintaining the highest security standards.

The post Mission Velocity, Mission Assurance: Why Federal Software Security Demands Both appeared first on Security Boulevard.