Aggregator

A vulnerability was found in Acronis Cyber Protect Cloud Agent up to 40076. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper validation of syntactic correctness of input. This vulnerability is known as CVE-2025-30415. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #589458 / VDB-311139

A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. This vulnerability is traded as CVE-2025-5648. An attack has to be approached locally. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

Success in the cloud depends less on adoption and more on agility. Recent industry trends point to emerging data management challenges across cloud service providers and legacy infrastructure, often all at once. This requires a shift in how organizations approach cloud strategies—strategically and proactively. Modern...

Sophos has uncovered a scheme planting malicious code in 130+ GitHub repositories, targeting hackers and gamers

A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function r_cons_context_break_pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The identification of this vulnerability is CVE-2025-5647. The attack needs to be approached locally. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

Submit #586929 / VDB-311136

A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. This vulnerability was named CVE-2025-5646. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

Submit #586928 / VDB-311135

A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. This vulnerability is uniquely identified as CVE-2025-5645. Attacking locally is a requirement. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

Submit #586923 / VDB-311134

Authentication coercion remains a potent attack vector in Windows environments, enabling attackers with even low-privileged domain accounts to force targeted systems, often high-value servers or domain controllers, to authenticate to attacker-controlled hosts. This technique is closely tied to NTLM and Kerberos relay attacks, where the coerced authentication session is intercepted and relayed to other services, […]

The post Windows Authentication Coercion Attacks Present Major Risks to Enterprise Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function r_cons_flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. This vulnerability is handled as CVE-2025-5644. Local access is required to approach this attack. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

Submit #586922 / VDB-311133

A vulnerability classified as problematic was found in Radare2 5.9.9. Affected by this vulnerability is the function cons_stack_load in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. This vulnerability is known as CVE-2025-5643. An attack has to be approached locally. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added.

当黑产开发者以为在共享“行业秘笈”时，殊不知已经掉入了黑客布置的陷阱——看似方便的后门远程控制源码和游戏外挂源码等“圈内资源”，实则是植入了恶意代码的投毒诱饵。黑客抓住相关开发者对开源代码的信任，用“魔法”打败“魔法”，上演了一场荒诞戏码。

Submit #586921 / VDB-311132

Traditional data leakage prevention (DLP) tools aren't keeping pace with the realities of how modern businesses use SaaS applications. Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networks

Cobalt announced a set of product enhancements within the Cobalt Offensive Security Platform aimed at helping customers scale security testing with greater clarity, automation, and control. These innovations further the company’s commitment to deliver expert-driven, fast-to-launch pentesting, now with even richer data and streamlined workflows. The Cobalt Platform centralizes access to security services from a team of expert pentesters, making it easier to find and fix vulnerabilities across an organization’s environments. By enabling faster pentest … More →

The post Cobalt improves pentest transparency, automation, and risk prioritization appeared first on Help Net Security.