Aggregator

CVE-2025-26421 | Google Android 13/14/15 Lockscreen logic error (EUVD-2025-26861)

Vuldb Updates
1 week ago
A vulnerability has been found in Google Android 13/14/15 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Lockscreen. The manipulation leads to business logic errors. This vulnerability is traded as CVE-2025-26421. An attack has to be approached locally. There is no exploit available. To fix this issue, it is recommended to deploy a patch.
vuldb.com

CVE-2025-10034 | D-Link DIR-825 1.08.01 httpd ping6_response.cg get_ping6_app_stat ping6_ipaddr buffer overflow (EUVD-2025-27082)

Vuldb Updates
1 week ago
A vulnerability was found in D-Link DIR-825 1.08.01. It has been rated as critical. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is cataloged as CVE-2025-10034. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-26426 | Google Android 13/14/15 BroadcastController.java registerReceiverWithFeatureTraced input validation (EUVD-2025-26856)

Vuldb Updates
1 week ago
A vulnerability was found in Google Android 13/14/15. It has been declared as problematic. This vulnerability affects the function registerReceiverWithFeatureTraced of the file BroadcastController.java. Such manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2025-26426. Local access is required to approach this attack. No exploit exists. It is best practice to apply a patch to resolve this issue.
vuldb.com

CVE-2025-26423 | Google Android 13/14/15 WifiConfigurationUtil.java validateIpConfiguration memory corruption (EUVD-2025-26859)

Vuldb Updates
1 week ago
A vulnerability was found in Google Android 13/14/15. It has been rated as critical. This issue affects the function validateIpConfiguration of the file WifiConfigurationUtil.java. Performing manipulation results in memory corruption. This vulnerability was named CVE-2025-26423. The attack needs to be approached locally. There is no available exploit. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-26452 | Google Android 14/15 ResourcesImpl.java loadDrawableForCookie access control (EUVD-2025-27004)

Vuldb Updates
1 week ago
A vulnerability categorized as critical has been discovered in Google Android 14/15. This affects the function loadDrawableForCookie of the file ResourcesImpl.java. Such manipulation leads to improper access controls. This vulnerability is referenced as CVE-2025-26452. The attack can only be performed from a local environment. No exploit is available. A patch should be applied to remediate this issue.
vuldb.com

CVE-2025-26440 | Google Android 14 CameraService.cpp permission (EUVD-2025-27072)

Vuldb Updates
1 week ago
A vulnerability was found in Google Android 14. It has been rated as critical. The impacted element is an unknown function of the file CameraService.cpp. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2025-26440. Local access is required to approach this attack. No exploit exists. Applying a patch is the recommended action to fix this issue.
vuldb.com

CVE-2025-26450 | Google Android 13/14/15 IInputMethodSessionWrapper.java onInputEvent permission (EUVD-2025-27071)

Vuldb Updates
1 week ago
A vulnerability was found in Google Android 13/14/15. It has been rated as critical. Affected is the function onInputEvent of the file IInputMethodSessionWrapper.java. This manipulation causes permission issues. This vulnerability is handled as CVE-2025-26450. It is possible to launch the attack on the local host. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.
vuldb.com

CVE-2025-26455 | Google Android 13/14/15 NdkMediaCodec.cpp out-of-bounds write (EUVD-2025-27006)

Vuldb Updates
1 week ago
A vulnerability, which was classified as critical, has been found in Google Android 13/14/15. Affected by this issue is some unknown functionality of the file NdkMediaCodec.cpp. The manipulation leads to out-of-bounds write. This vulnerability is documented as CVE-2025-26455. The attack needs to be performed locally. There is not any exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-32312 | Google Android 13/14/15 PackageParser.java createIntentsList deserialization (EUVD-2025-27070)

Vuldb Updates
1 week ago
A vulnerability identified as problematic has been detected in Google Android 13/14/15. This impacts the function createIntentsList of the file PackageParser.java. This manipulation causes deserialization. The identification of this vulnerability is CVE-2025-32312. The attack can only be executed locally. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-55241 | Microsoft Entra ID improper authentication (EUVD-2025-26868 / WID-SEC-2025-1971)

Vuldb Updates
1 week ago
A vulnerability was found in Microsoft Entra ID. It has been declared as critical. This affects an unknown part. Executing manipulation can lead to improper authentication. This vulnerability is registered as CVE-2025-55241. It is possible to launch the attack remotely. No exploit is available. This product is provided as a managed service, meaning users do not have the ability to maintain vulnerability countermeasures themselves.
vuldb.com

CVE-2025-26462 | Google Android 13/14/15 AccessibilityServiceConnection.java privileges management (EUVD-2025-27045)

Vuldb Updates
1 week ago
A vulnerability was found in Google Android 13/14/15 and classified as problematic. This issue affects some unknown processing of the file AccessibilityServiceConnection.java. Such manipulation leads to improper privilege management. This vulnerability is traded as CVE-2025-26462. An attack has to be approached locally. There is no exploit available. A patch should be applied to remediate this issue.
vuldb.com

美国计划限制进口中国无人机

Solidot
1 week ago
美国商务部计划发布规则,以国家安全理由限制或禁止进口中国无人机,以及来自中国等国重量超过 10000 磅的车辆。从中国进口的无人机占美国商用无人机销量的绝大部分,其中逾半数来自全球最大无人机制造商大疆。此前拜登政府已以国家安全为由,限制进口中国生产的汽车和卡车。去年 12 月拜登签署了一项法案,该法案可能为禁止大疆、道通智能在美国销售新型无人机铺平道路。

Noisy Bear Campaign Targeting Kazakhstan Energy Sector Outed as a Planned Phishing Test

The Hackers News
1 week ago
A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April 2025. "The campaign is targeted towards employees of KazMunaiGas or KMG where the threat entity
The Hacker News

ISMG Editors: The Pentagon, Microsoft and Chinese Workers

DataBreachToday.com
1 week ago
Also: Software Supply Chain Risks, Cato's AI Security Buy
In this week's update, four ISMG editors discussed the Pentagon's review of Microsoft's use of Chinese nationals on U.S. military cloud systems, renewed concerns over software supply chain risks and Cato Networks' first-ever acquisition to boost AI security.

BSidesSF 2025: Slaying The Dragons: A Security Professional’s Guide To Malicious Packages

Security Boulevard
1 week ago

Creator, Author and Presenter: Kirill Boychenko

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Slaying The Dragons: A Security Professional’s Guide To Malicious Packages appeared first on Security Boulevard.

Marc Handelman

Anthropic 向图书作者支付 15 亿美元和解侵权诉讼

Solidot
1 week ago
上月底 AI 初创公司 Anthropic 与图书作者就版权侵犯集体诉讼达成和解,避免了潜在可能高达数十亿美元的侵权赔偿。法庭文件显示,Anthropic 从盗版电子书库 LibGen 和 PiLiMi 下载了多达 700 万电子书,在 2021 年和 2022 年创建了一个巨大的书库。本周图书作者披露 Anthropic 同意支付 15 亿美元并销毁为训练其 AI 模型而盗版的所有书籍副本。这一和解协议涉及的赔偿金额是美国版权诉讼史上最高的。协议涵盖 Anthropic 为训练 AI 而盗版的 50 万部作品。每位作者的每部作品将获得 3000 美元的赔偿。Anthropic 已同意了和解条款,但还需要获得法院批准。

Managed ad