Aggregator

CVE-2025-40048 | Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2 pread race condition (WID-SEC-2025-2431)

2 weeks ago

A vulnerability described as critical has been identified in Linux Kernel up to 5.15.194/6.1.155/6.6.111/6.12.52/6.17.2. This affects the function pread. Executing manipulation can lead to race condition. The identification of this vulnerability is CVE-2025-40048. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-40047 | Linux Kernel up to 6.12.52/6.17.2 io_waitid_wait privilege escalation (Nessus ID 271908 / WID-SEC-2025-2431)

Vuldb Updates

2 weeks ago

A vulnerability was found in Linux Kernel up to 6.12.52/6.17.2 and classified as critical. Affected by this vulnerability is the function io_waitid_wait. The manipulation results in privilege escalation. This vulnerability is cataloged as CVE-2025-40047. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-40045 | Linux Kernel up to 6.12.52/6.17.2 wcd937x memory corruption (Nessus ID 271890 / WID-SEC-2025-2431)

Vuldb Updates

2 weeks ago

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.52/6.17.2. This affects an unknown part of the component wcd937x. The manipulation leads to memory corruption. This vulnerability is listed as CVE-2025-40045. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-24085 | Apple watchOS use after free (EUVD-2025-3607 / EDB-52316)

Vuldb Updates

2 weeks ago

A vulnerability was found in Apple watchOS. It has been classified as critical. This issue affects some unknown processing. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-24085. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-24085 | Apple iOS/iPadOS use after free (EUVD-2025-3607 / EDB-52316)

Vuldb Updates

2 weeks ago

A vulnerability was found in Apple iOS and iPadOS. It has been declared as critical. Impacted is an unknown function. The manipulation results in use after free. This vulnerability was named CVE-2025-24085. The attack may be performed from remote. In addition, an exploit is available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-24085 | Apple visionOS use after free (EUVD-2025-3607 / EDB-52316)

Vuldb Updates

2 weeks ago

A vulnerability, which was classified as critical, was found in Apple visionOS. Affected by this issue is some unknown functionality. Such manipulation leads to use after free. This vulnerability is traded as CVE-2025-24085. The attack may be launched remotely. Furthermore, there is an exploit available. You should upgrade the affected component.

vuldb.com

CVE-2025-24085 | Apple tvOS use after free (EUVD-2025-3607 / EDB-52316)

Vuldb Updates

2 weeks ago

A vulnerability has been found in Apple tvOS and classified as critical. This affects an unknown part. Performing manipulation results in use after free. This vulnerability is known as CVE-2025-24085. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The affected component should be upgraded.

vuldb.com

CVE-2025-24085 | Apple macOS use after free (EUVD-2025-3607 / EDB-52316)

Vuldb Updates

2 weeks ago

A vulnerability was found in Apple macOS and classified as critical. This vulnerability affects unknown code. Executing manipulation can lead to use after free. This vulnerability is handled as CVE-2025-24085. The attack can be executed remotely. Additionally, an exploit exists. It is suggested to upgrade the affected component.

vuldb.com

Мягкий перенос, жёсткие последствия. Как новая фишинговая кампания использует Unicode-символы для кражи паролей

Securitylab.ru

2 weeks ago

Хакеры нашли слепое пятно в защите, о котором никто не догадывался.

《网络安全法》迎来最大修订:人工智能纳入监管,境外威胁可冻结财产；抖音副总裁李亮谈AI谣言治理：技术工具与全民共治并行 | 牛览

不安全

2 weeks ago

当前环境出现异常，请完成验证后继续访问。

不仅仅是攻防演练！网络安全靶场应如何成为企业的核心战略资产？

不安全

2 weeks ago

嗯，用户发来一个请求，让我帮忙总结一篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。首先，我需要理解用户的需求。看起来用户可能是在处理某个网页内容，或者是遇到了环境异常的问题，需要一个简洁的总结。接下来，我注意到用户提供的文章内容是关于环境异常的提示，说完成验证后可以继续访问，并有一个“去验证”的按钮。所以文章的主要信息就是环境异常，需要验证才能继续访问。然后，我要考虑如何在一百个字以内准确地传达这个信息。不需要复杂的结构，直接说明情况和解决方法即可。比如，“当前环境异常，需完成验证后方可继续访问。”这样既简洁又明了。另外，用户特别强调不需要特定的开头，所以直接描述情况就好。这可能是因为他们希望总结更直接、更实用，适合快速阅读或处理。最后，检查一下字数是否符合要求，并确保没有遗漏关键信息。确认无误后就可以回复给用户了。当前环境异常，需完成验证后方可继续访问。

Cyber Pros Needed: Securing the Middle Ground

Ransomware DataBreachToday.com

2 weeks ago

Midsize Businesses Need Skilled Professionals as Threat Actors Shift Their Tactics
As large enterprises continue to strengthen their defenses and reduce ransom payouts, ransomware operators are redirecting their attention toward midsize organizations. This shift has increased the urgency for adaptable, well-trained cyber professionals who can tailor enterprise-grade protections.

US Withholds Support for UN Global Cybercrime Treaty

Ransomware DataBreachToday.com

2 weeks ago

US Cites Risk of Treaty Being Weaponized by Authoritarian Regimes, Privacy Concerns
The U.S. declined to sign the new U.N. cybercrime convention despite support from 72 nations and its backing by Russia and China over fears it could be exploited by authoritarian states to legitimize surveillance, censor dissent and pressure cross-border data cooperation.

Hospital System Flaws Could Leak Patient Data, CISA Says

Ransomware DataBreachToday.com

2 weeks ago

Agency Warns Vertikal Systems Vulnerabilities Could Help Hackers Access Data
U.S. federal authorities are warning about vulnerabilities in hospital information management systems from Romanian firm Vertikal Systems that could allow hackers to obtain and disclose patient data. The affected systems are used mostly by smaller hospitals and clinics outside the United States.

Varonis Lays Off 5% of Staff, Stock Plunges as Renewals Drop

Ransomware DataBreachToday.com

2 weeks ago

2nd Round of Layoffs Since 2022 Comes 2 Months After $150M Email Security Purchase
Varonis cut 5% of its workforce and saw its stock price nosedive after disclosing a sharp drop in renewal rates for its on-premise subscription business. The underperformance of the federal vertical caused a notable headwind for Varonis despite it accounting for just 5% of annual recurring revenue.

Microsoft Azure Cloud Apps Shut Down by Configuration Error

Ransomware DataBreachToday.com

2 weeks ago

Azure Outage Comes a Week After a Cloud DNS Error Disrupted AWS Users
Microsoft's Azure cloud and 365 systems suffered an outage at noon on Wednesday because of a configuration error - hours before its quarterly earnings call and about a week after rival AWS underwent a widespread outage that shut down applications and services for most of the day.

Почта и VPN — минус $5000000. 90% кибератак происходят из-за фразы: «всё под защитой»

Securitylab.ru

2 weeks ago

Итоги года: $286000 слито через почту, VPN опаснее, чем его отсутствие (в 4 раза), а Google лучше Microsoft.

QNAP警示ASP.NET Core高危漏洞波及NetBak PC备份工具

不安全

2 weeks ago

嗯，用户让我帮忙总结一篇文章的内容，控制在100字以内，而且不需要特定的开头。首先，我需要仔细阅读文章内容，找出关键信息。文章主要讲的是QNAP发布了一个安全警告，指出他们的NetBak PC Agent工具存在一个高危漏洞，编号是CVE-2025-55315。这个漏洞属于安全绕过类型，存在于ASP.NET Core组件中。攻击者可以利用这个漏洞劫持用户凭证或者绕过安全控制。 QNAP建议用户更新Windows系统中的ASP.NET Core组件，并提供了两种修复方法：重新安装NetBak PC Agent或者手动更新组件。漏洞的影响包括权限提升、CSRF绕过和注入攻击等，可能导致数据泄露或服务器被篡改。总结的时候，我需要涵盖这些要点：QNAP的警告、漏洞的编号、影响范围、修复方法以及潜在危害。同时要控制在100字以内，语言要简洁明了。可能会这样组织句子：QNAP警告NetBak PC Agent存在高危漏洞CVE-2025-55315，影响ASP.NET Core组件。该漏洞允许低权限攻击者劫持凭证或绕过安全机制。建议用户更新组件以修复漏洞，并防范潜在攻击风险。这样应该符合用户的要求了。 QNAP警告其NetBak PC Agent备份工具存在高危漏洞CVE-2025-55315，影响ASP.NET Core组件。该漏洞允许低权限攻击者通过HTTP请求走私技术劫持其他用户的凭证或绕过前端安全控制机制。QNAP建议用户更新Windows系统中的ASP.NET Core组件以修复漏洞，并防范潜在攻击风险。

QNAP警示ASP.NET Core高危漏洞波及NetBak PC备份工具

嘶吼

2 weeks ago

QNAP已向用户发出警示，要求修复一处ASP.NET Core高危漏洞——该漏洞同样影响其NetBak PC Agent工具，这是一款用于向QNAP网络附加存储（NAS）设备备份数据的Windows应用。

该漏洞编号为CVE-2025-55315，属于安全绕过漏洞，存在于Kestrel ASP.NET Core Web服务器中。低权限攻击者可通过HTTP请求走私技术，劫持其他用户的凭证，或绕过前端安全控制机制。

QNAP解释称：“NetBak PC Agent在安装过程中会部署并依赖微软ASP.NET Core组件。因此，若运行该工具的Windows系统未及时更新，其搭载的ASP.NET Core版本可能受此漏洞影响。”

QNAP强烈建议用户确保Windows系统已安装最新的微软ASP.NET Core更新，以防范潜在攻击。

为保障系统安全，QNAP用户可通过以下两种方式修复漏洞：

1. 重新安装NetBak PC Agent应用程序，获取集成最新版ASP.NET Core运行时组件的版本；

2. 手动更新ASP.NET Core：访问.NET 8.0下载页面，下载并安装最新的ASP.NET Core运行时（宿主捆绑包，Hosting Bundle）。

漏洞危害：多场景安全风险

微软.NET安全技术人员表示，该漏洞是ASP.NET Core历史上获得“最高严重级别”评级的安全漏洞，其攻击影响取决于目标ASP.NET应用的具体场景。

成功利用该漏洞后，攻击者可实现：

- 冒充其他用户登录，达成权限提升；

- 绕过跨站请求伪造（CSRF）校验；

- 发起注入攻击。

QNAP进一步补充：“若漏洞被成功利用，已认证攻击者可向Web服务器发送特制HTTP请求，导致敏感数据遭未授权访问、服务器文件被篡改，或引发有限范围的拒绝服务（DoS）状态。”

今年1月，QNAP曾针对其数据备份与灾难恢复解决方案——HBS 3 Hybrid Backup Sync 25.1.x版本，发布安全更新修复了6处rsync漏洞。这些漏洞可能导致远程攻击者在未打补丁的NAS设备上，执行特制恶意代码。

胡金鱼

CVE-2025-64144 | ByteGuard Build Actions Plugin up to 1.0 on Jenkins Controller File System permission (Nessus ID 271958)

Vuldb Updates

2 weeks ago

A vulnerability labeled as critical has been found in ByteGuard Build Actions Plugin up to 1.0 on Jenkins. This vulnerability affects unknown code of the component Controller File System Handler. Such manipulation leads to permission issues. This vulnerability is referenced as CVE-2025-64144. The attack needs to be initiated within the local network. No exploit is available.

vuldb.com

Aggregator

Managed ad