Aggregator

A vulnerability identified as critical has been detected in zephyrproject-rtos Zephyr up to 3.6. This vulnerability affects the function adv_ext_report of the component HCI. This manipulation causes heap-based buffer overflow. The identification of this vulnerability is CVE-2024-6259. The attack needs to be done within the local network. There is no exploit available.

A vulnerability marked as critical has been reported in zephyrproject-rtos Zephyr up to 3.6. Impacted is the function rfcomm_handle_data of the component BT. Performing manipulation of the argument net_buf results in heap-based buffer overflow. This vulnerability is identified as CVE-2024-6258. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability described as critical has been identified in zephyrproject-rtos Zephyr up to 3.6. The affected element is the function get_att_search_list of the component BT. Executing manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2024-6137. The attack is only possible within the local network. No exploit exists.

A vulnerability classified as critical was found in zephyrproject-rtos Zephyr up to 3.6. This affects the function bap_broadcast_assistant of the component BT. The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2024-5931. The attack must originate from the local network. There is no exploit available.

A vulnerability was found in WP Import Plugin up to 7.27 on WordPress. It has been rated as problematic. This vulnerability affects the function upload_function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-10058. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Quiz Maker Plugin up to 6.7.0.56 on WordPress. It has been rated as critical. The affected element is an unknown function of the component Header Handler. This manipulation of the argument X-Forwarded-For causes sql injection. This vulnerability appears as CVE-2025-10042. The attack may be initiated remotely. There is no available exploit.

A vulnerability categorized as critical has been discovered in WP Import Plugin up to 7.28 on WordPress. The impacted element is the function write_to_customfile of the file customFunction.php. Such manipulation leads to code injection. This vulnerability is traded as CVE-2025-10057. The attack may be launched remotely. There is no exploit available.

Submit #649317 / VDB-324615

Submit #649316 / VDB-324614

Submit #649315 / VDB-324613

AMD工程师正在解决Linux内核对ACPI C4状态的支持问题，以使搭载AMD处理器的Linux笔记本电脑能够进入更深度的睡眠模式，从而节省电量并延长续航时间。

美国司法部重新判处22岁的Conor Fitzpatrick三年监禁，因其曾担任非法网络犯罪论坛BreachForums的管理员，并持有儿童性虐待材料。该论坛曾涉及大量被盗数据交易。Fitzpatrick此前因轻判引发争议后被上诉推翻。

The U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in running the cybercrime forum and possessing child sexual abuse material (CSAM). Conor Brian Fitzpatrick (aka Pompompurin), 22, of Peekskill, New York, pleaded guilty to one count of access device conspiracy, one count of access device

A sophisticated new campaign that represents the first documented real-world deployment of FileFix attacks beyond proof-of-concept demonstrations. This campaign marks a significant evolution in social engineering tactics, combining advanced steganographic techniques with multilayered obfuscation to deliver the StealC information stealer through an innovative attack vector that builds upon the notorious ClickFix methodology. Researchers from Acronis’ […]

The post New FileFix Steganography Campaign Spreads StealC Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

苹果为iPhone 6等旧设备发布安全更新iOS 15.8.5和iPadOS 15.8.5，修复了编号CVE-2025-43300的越界写入漏洞，该漏洞可能导致处理恶意图像时内存损坏。受影响设备包括iPhone 6s、7、SE第一代、iPad Air 2、iPad mini第四代和iPod touch第七代。

苹果为 10 年前的 iPhone 6 释出安全更新 iOS 15.8.5 和 iPadOS 15.8.5，修复了一个正被利用的安全漏洞。编号为 CVE-2025-43300 的漏洞是一个越界写入 bug 导致的，可能导致在处理恶意图像文件时内存损坏(memory corruption)。苹果称它收到了漏洞利用的报告。最新补丁适用于 iPhone 6s（所有型号）、iPhone 7（所有型号）、iPhone SE（第一代）、iPad Air 2、iPad mini（第四代）和 iPod touch（第七代）。

HackerNoon根据页面浏览量、互动和评论排名科技新闻，TechBeat发布于2025年9月17日。

文章探讨了钩子系统在编程中的应用及其优势，特别是在JavaScript、Node.js和WordPress中的实现方式，并强调了其在解耦代码和提升开发效率方面的重要性。

A vulnerability was found in SourceCodester Online Student File Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql injection. This vulnerability is documented as CVE-2025-10595. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in SourceCodester Online Student File Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_student.php. Executing manipulation of the argument stud_id can lead to sql injection. This vulnerability is registered as CVE-2025-10594. It is possible to launch the attack remotely. Furthermore, an exploit is available.