Aggregator

A vulnerability marked as critical has been reported in Linux Kernel up to 6.18.16/6.19.6. The affected element is the function ncm_alloc_inst of the component f_ncm. Performing a manipulation results in null pointer dereference. This vulnerability is reported as CVE-2026-23320. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 7.0-rc2 and classified as critical. This affects the function bpf_trampoline_link_cgroup_shim. Executing a manipulation can lead to use after free. The identification of this vulnerability is CVE-2026-23319. The attack needs to be done within the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 7.0-rc1. This impacts the function UAC_VERSION_2 of the component UAC3 Section. Executing a manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2026-23318. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 7.0-rc1. It has been classified as critical. This issue affects the function vmw_translate_ptr of the component vmwgfx. This manipulation causes uninitialized pointer. This vulnerability is handled as CVE-2026-23317. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability has been found in Linux Kernel up to 6.12.76/6.18.16/6.19.6/7.0-rc2 and classified as critical. Affected by this issue is the function fib_multipath_hash_from_keys of the component net. Performing a manipulation results in denial of service. This vulnerability was named CVE-2026-23316. The attack needs to be approached within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 7.0-rc2. Affected by this vulnerability is the function mt76_connac2_mac_write_txwi_80211 of the component wifi. Performing a manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2026-23315. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.18.16/6.19.6/7.0-rc1. Affected by this issue is the function bq257xx_reg_dt_parse_gpio. Executing a manipulation can lead to memory leak. This vulnerability appears as CVE-2026-23314. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

The breakneck speed of model releases may be creating short, silent security gaps as developers must choose between performance and security, according to a new report.

The post AI’s constant patching treadmill can be a security problem appeared first on CyberScoop.

A vulnerability, which was classified as critical, has been found in GPAC 2.4. This vulnerability affects the function gf_node_get_tag of the file scenegraph/base_scenegraph.c of the component MP4Box. This manipulation causes use after free. This vulnerability is registered as CVE-2025-55644. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, was found in GPAC 2.4. This issue affects the function gf_cenc_set_pssh of the file isomedia/drm_sample.c of the component MP4Box. Such manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2025-55645. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as problematic has been reported in GPAC 2.4. This affects the function Track_SetStreamDescriptor of the file isomedia/track.c of the component MP4Box. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2025-55663. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in GPAC 2.4. It has been classified as critical. The impacted element is the function gf_opus_parse_packet_header of the file media_tools/av_parsers.c of the component MP4Box. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-55648. It is possible to initiate the attack remotely. There is no exploit available.

FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in Honduras, Taiwan, Thailand, and Pakistan.

A new Android banking trojan named Rokarolla is targeting 217 banking and cryptocurrency applications using an extensive set of 137 commands. [...]

Name: boroCTF 2026 (an boroCTF event.)
Date: June 12, 2026, 8 p.m. — 16 June 2026, 03:59 UTC  [add to calendar]
Format: Jeopardy
On-line
Location: New Jersey
Offical URL: https://boroctf.com/
Rating weight: 0
Event organizers: KyteBytes

iRhythm disclosed a cyberattack via third-party apps where patient and proprietary data was stolen, followed by a ransom demand. iRhythm Technologies is a U.S.-based digital healthcare company specializing in remote cardiac monitoring and arrhythmia detection. Its best-known product is the Zio, a wearable patch that continuously records a patient’s heart rhythm for up to several […]

A vulnerability, which was classified as problematic, has been found in Pods Framework Pods Plugin up to 3.3.8 on WordPress. This impacts an unknown function. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-54191. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as problematic has been found in TIMLEGGE Crypt::DSA up to 1.20 on Perl. Affected is the function sign. The manipulation leads to reusing a nonce. This vulnerability is referenced as CVE-2026-12205. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Enhancesoft osTicket 1.18.2 and classified as problematic. The impacted element is an unknown function of the component Session Identifier Handler. Such manipulation leads to session expiration. This vulnerability is uniquely identified as CVE-2026-9507. The attack can be launched remotely. No exploit exists.