Aggregator

A vulnerability was found in DavidOsipov PostQuantum-Feldman-VSS up to 0.7.6b0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to information exposure through discrepancy. The identification of this vulnerability is CVE-2025-29780. Attacking locally is a requirement. There is no exploit available.

Law enforcement discovered admin credentials on the suspect's computer for an online repository hosted on the Dark Web that stored source code for multiple versions of the LockBit builder.

A vulnerability, which was classified as problematic, was found in GPAC 0.7.1. This affects the function GetESD of the file isomedia/track.c. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2019-12481. An attack has to be approached locally. There is no exploit available.

A vulnerability has been found in GPAC 0.7.1 and classified as problematic. This vulnerability affects the function gf_isom_get_original_format_type of the file isomedia/drm_sample.c. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2019-12482. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in GPAC 0.7.1 and classified as critical. This issue affects the function ReadGF_IPMPX_RemoveToolNotificationListener of the file odf/ipmpx_code.c. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2019-12483. Attacking locally is a requirement. There is no exploit available.

A vulnerability was found in WP Font Awesome up to 1.7.8 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-0271. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Chamberlain myQ 5.222.0.32277 on iOS. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Password Reset Endpoint. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is handled as CVE-2023-24080. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Redrock TutorTrac. Affected is an unknown function. The manipulation of the argument reason/location leads to cross site scripting. This vulnerability is traded as CVE-2023-24081. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in AMD Ryzen 5000 Series Desktop Processor with Radeon Graphics, Ryzen 7000 Series Desktop Processor, Ryzen 4000 Series Mobile Processors with Radeon Graphics, Ryzen 5000 Series Mobile Processors with Radeon Graphics, Ryzen 4000 Series Desktop Processors with Radeon Graphics, Ryzen 6000 Series Processors with Radeon Graphics, Ryzen 7040 Series Mobile Processors with Radeon Graphics, Ryzen 5000 Series Processors with Radeon Graphics, Ryzen 7045 Series Mobile Processors, Ryzen 7020 Series Processors with Radeon Graphics, Ryzen Embedded V2000, Ryzen Embedded V3000, Ryzen 7035 Series Mobile Processors with Radeon Graphics and Ryzen 3000 Series Processors with Radeon Graphics. Affected is an unknown function of the component SPI Protection. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2023-20579. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Google Android 13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Device Policy Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-0029. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel up to 5.10.34/5.11.18/5.12.1. It has been rated as critical. This issue affects the function ul_callback of the component qrtr. The manipulation leads to use after free. The identification of this vulnerability is CVE-2021-46973. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

The Internet of Things (IoT), also referred to as Cyber-Physical Systems (CPS) has exploded across all types of enterprises, promising greater efficiency, automation, and data-driven insights.  From smart sensors monitoring factory floors to AI-powered cameras securing premises, these devices are transforming how businesses operate. However, this surge in connectivity, coupled with the increasing power of […]

The post The Silent Infiltration:  How Powerful CPS Devices Are Amplifying Cyber Risks for Businesses appeared first on Viakoo, Inc.

The post The Silent Infiltration:  How Powerful CPS Devices Are Amplifying Cyber Risks for Businesses appeared first on Security Boulevard.

Author/Presenter: Chris Morgan

Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel.

Permalink

The post BSides Exeter 2024 – Blue Track – DFIR – Tracking TTP Changes Of SocGhoulish appeared first on Security Boulevard.

Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages. [...]

Открытие, которое может изменить всю теорию гармонического анализа.

Government cybersecurity and information security frameworks are a constant work in progress. Many different frameworks draw their requirements from the National Institute of Standards and Technology, and one of the most important documents for cybersecurity is NIST Special Publication 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. One of the key pillars of […]

The post NIST SP 800-171 Rev 2 vs Rev 3: What’s The Difference? appeared first on Security Boulevard.

On February 24, 2025, Skybox Security officially shut down operations, leaving its customers without support, updates, or future development. If your organization relied on Skybox for firewall policy management, security...

The post Skybox Security: Migrating to a Better Alternative appeared first on Security Boulevard.

Threat Actor "Digileak" Allegedly Selling Admin Access to a Medical Task Management Dashboard in China

Symantec threat researchers used OpenAI's Operator agent to carry out a phishing attack with little human intervention, illustrating the looming cybersecurity threat AI agents pose as they become more powerful. The agent learned how to write a malicious PowerShell script and wrote an email with the phishing lure, among other actions.

The post Symantec Uses OpenAI Operator to Show Rising Threat of AI Agents appeared first on Security Boulevard.

The Mora_001 group uses similar post-exploitation patterns and ransomware customization originated by LockBit.