Aggregator

A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been declared as problematic. This vulnerability affects unknown code of the component Memory Management Module. The manipulation leads to improper resource management. This vulnerability was named CVE-2024-58113. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been classified as problematic. This affects an unknown part of the component Kernel File System Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-31171. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS 5.0.0 and classified as critical. Affected by this issue is some unknown functionality of the component Kernel Futex Module. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is handled as CVE-2025-31173. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability has been found in Huawei HarmonyOS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Kernel Futex Module. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is known as CVE-2025-31172. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as critical, was found in MediaTek MT9972. Affected is an unknown function of the component PlayReady TA. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-20662. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in MediaTek MT9972. This issue affects some unknown processing of the component PlayReady TA. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-20661. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in MediaTek MT9972. This vulnerability affects unknown code of the component PlayReady TA. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-20660. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in MediaTek MT6765, MT6768, MT6781, MT6789, MT6833, MT6853, MT6877, MT6885, MT8768, MT8771, MT8781, MT8786 and MT8791T. This affects an unknown part of the component Vdec. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-20657. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in MediaTek MT9972. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Keymaster. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-20655. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in MediaTek MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8796, MT8797, MT8798 and MT8863. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Modem. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-20659. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in MediaTek MT7915, MT7916, MT7981, MT7986, MT7990 and MT7992. It has been classified as problematic. Affected is an unknown function of the component WLAN AP Driver. The manipulation leads to uncaught exception. This vulnerability is traded as CVE-2025-20664. The attack needs to be approached within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in MediaTek MT7915, MT7916, MT7981 and MT7986 and classified as problematic. This issue affects some unknown processing of the component WLAN AP Driver. The manipulation leads to uncaught exception. The identification of this vulnerability is CVE-2025-20663. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in MediaTek MT6890, MT7622, MT7915, MT7916, MT7981 and MT7986 and classified as critical. This vulnerability affects unknown code of the component WLAN Service. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2025-20654. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

It starts with good intentions. A tool to stop phishing. Another to monitor endpoints. One more for cloud workloads. Soon, a well-meaning CISO finds themselves managing dozens of products across teams, each with its own dashboard, alerts, and licensing headaches. Welcome to the age of security tool sprawl. CISOs everywhere are facing platform fatigue. According to a 2023 survey by Syxsense, 68% of organizations use more than 11 tools for endpoint management and security, leading … More →

The post CISOs battle security platform fatigue appeared first on Help Net Security.

Водяные знаки станут визитной карточкой тех, кто пока не готов платить за ИИ.

In this Help Net Security interview, Arun Shrestha, CEO at BeyondID, discusses how AI is transforming secure access management for both attackers and defenders. He discusses the shift toward identity-first security, and the role of contextual and continuous authentication in neutralizing AI-driven intrusions. Shrestha also offers strategic guidance for CISOs managing the adoption of AI responsibly while maintaining security and compliance. We’re seeing both attackers and defenders leverage AI. From your vantage point, how has … More →

The post The shift to identity-first security and why it matters appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-04-07, 63 days ago. The vendor is given until 2025-08-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Suyue Guo from UCSB Seclab' was reported to the affected vendor on: 2025-04-07, 63 days ago. The vendor is given until 2025-08-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ИИ-модель обнаруживает скрытые связи между атаками за считанные секунды.

Communication is the key in all areas, and the cyber world is no different. To communicate in the cyber world, you must learn the language used here: programming languages. This will help you command the machines to act according to you.  In cybersecurity, programming languages allow you to write code to automate a process, which […]

The post Top 10 Programming Languages For Cyber Security – 2025 appeared first on Cyber Security News.