Aggregator

Also: Signal Blocks Recall, Europe Sanctions Stark Industries
This week, Qakbot leader indicted, Signal blocked Recall and a judge said Trump illegally removed watchdogs. Ivanti and Palo Alto hacks linked, Stark Industries sanctioned, Marks and Spencer's hack costs 300M pounds. Pro-Ukraine hackers hit a Russian clinic and an outbreak of PureRAT in Russia.

Hacker Demanded $20M Ransom to Delete Stolen Personal, Financial Information
A months-long data breach led to the theft of personal and financial information of nearly 70,000 Coinbase customers. Coinbase said the breach dates back to December and was aided by bribery schemes targeting the company's overseas customer support agents.

DanaBot Used to Steal and to Spy
A top figure in the Russian cybercrime gang behind DanaBot infected his own computer with the malware, allowing an FBI agent to search an image of his system, U.S. federal prosecutors disclosed Thursday in indictments and an announced disruption of the malware's infrastructure.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Hossein Lotfi (@hosselot) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-23, 67 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Corentin "@OnlyTheDuck" BAYET from REverse Tactics' was reported to the affected vendor on: 2025-05-23, 90 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Do Manh Dung & Nguyen Dang Nguyen of STAR Labs SG Pte. Ltd.' was reported to the affected vendor on: 2025-05-23, 83 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.2 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Thomas Bouzerar (@MajorTomSec) from @Synacktiv, Etienne Helluy-Lafont from @Synacktiv' was reported to the affected vendor on: 2025-05-23, 90 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.0 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Viettel Cyber Security' was reported to the affected vendor on: 2025-05-23, 53 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Chen Le Qi of STAR Labs SG Pte. Ltd.' was reported to the affected vendor on: 2025-05-23, 83 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Chen Le Qi of STAR Labs SG Pte. Ltd.' was reported to the affected vendor on: 2025-05-23, 83 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.0 AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N severity vulnerability discovered by 'Viettel Cyber Security' was reported to the affected vendor on: 2025-05-23, 53 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Hyeonjin Choi (@d4m0n_8) of Out Of Bounds' was reported to the affected vendor on: 2025-05-23, 83 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Hossein Lotfi (@hosselot) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-23, 80 days ago. The vendor is given until 2025-09-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A vulnerability classified as problematic was found in Sahotataran LatestComment 1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2012-6555. The attack can be launched remotely. Furthermore, there is an exploit available.

Вебинар группы компаний «Гарда» | 27 мая в 11:00.

A vulnerability was found in Linux Kernel up to 5.4.188/5.10.109/5.15.32/5.16.18/5.17.1. It has been classified as problematic. Affected is the function tcp_bpf_sendmsg of the file net/ipv4/af_inet.c. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2022-49205. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.17.1. This affects the function bfq_dispatch_request. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2022-49176. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1 and classified as critical. Affected by this vulnerability is the function of_parse_phandle. The manipulation leads to improper update of reference count. This vulnerability is known as CVE-2022-49188. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.17.1. This affects the function netlink_recvmsg of the file net/netlink/af_netlink.c. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2022-49197. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.17.1. This affects the function device_pm_check_callbacks. The manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2022-49175. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.