Aggregator

A vulnerability identified as critical has been detected in WebKitGTK up to 2.36.7. The affected element is the function WebCore::RenderLayer::updateDescendantDependentFlags. This manipulation causes use after free. This vulnerability is tracked as CVE-2023-25363. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability has been found in Siglent SDS1104X-E 6.1.37R9.ADS and classified as problematic. This vulnerability affects unknown code of the component SCPI Interface. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2023-25366. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability was found in WebKitGTK up to 2.36.7. It has been rated as critical. This issue affects the function WebCore::RenderLayer::setNextSibling. The manipulation leads to use after free. This vulnerability is referenced as CVE-2023-25361. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

Available on GitHub and promoted to professional penetration testers, the tool AdaptixC2 has been used to spread loader malware associated with Russian ransomware groups, researchers said.

This joint guidance provides security best practices to help administrators harden on-premises Exchange servers by enforcing a prevention posture and hardening authentication and encryption.

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance to help IT administrators harden Microsoft Exchange servers on their networks against attacks. [...]

20 ватт — предел разума?

A vulnerability was found in Graylog2 graylog2-server up to 6.2.3/6.3.0-rc.1. It has been classified as critical. This affects an unknown part of the component REST API. Performing manipulation results in improper authorization. This vulnerability was named CVE-2025-53106. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.12.17/6.13.5. It has been rated as critical. Affected by this issue is the function hmm_range_fault of the component EFAULT Handler. Performing manipulation results in memory corruption. This vulnerability is known as CVE-2025-21880. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in WinRAR up to 7.12 and classified as critical. This issue affects some unknown processing of the component Archive File Handler. Executing manipulation can lead to path traversal: '.../...//'. This vulnerability is handled as CVE-2025-8088. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in Trimble Cityworks up to 23.9. This impacts an unknown function of the component MS IIS. The manipulation results in deserialization. This vulnerability is cataloged as CVE-2025-0994. The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded.

Cybercriminals are abusing AdaptixC2, a legitimate emulation framework, in ransomware campaigns