Aggregator

OT security needs continuous operations, not one-time fixes

Help Net Security
2 days 20 hours ago

Cyberattacks keep hitting the OT systems that critical infrastructure operators run, according to new research from Forrester. In a survey of 262 OT security decision-makers, 91% reported at least one breach or system failure caused by a cyberattack in the past 18 months. These attacks disrupted essential services, damaged reputations, and created regulatory and financial consequences. The study highlights the limits of current OT security approaches. While many vendors build products using Secure by Design … More →

The post OT security needs continuous operations, not one-time fixes appeared first on Help Net Security.

Anamarija Pogorelec

CVE-2025-38430 | Linux Kernel up to 6.15.3 nfsd nfsd4_spo_must_allow state issue (Nessus ID 264318 / WID-SEC-2025-1653)

Vuldb Updates
2 days 20 hours ago
A vulnerability classified as problematic was found in Linux Kernel up to 6.15.3. Affected by this issue is the function nfsd4_spo_must_allow of the component nfsd. Executing manipulation can lead to state issue. This vulnerability appears as CVE-2025-38430. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2025-38429 | Linux Kernel up to 6.6.94/6.12.34/6.15.3 bus mhi_ep_ring_add_element race condition (Nessus ID 253428 / WID-SEC-2025-1653)

Vuldb Updates
2 days 20 hours ago
A vulnerability described as problematic has been identified in Linux Kernel up to 6.6.94/6.12.34/6.15.3. Affected is the function mhi_ep_ring_add_element of the component bus. Such manipulation leads to race condition. This vulnerability is documented as CVE-2025-38429. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-38431 | Linux Kernel up to 6.15.4/6.16-rc3 smb symlink (WID-SEC-2025-1653)

Vuldb Updates
2 days 20 hours ago
A vulnerability was found in Linux Kernel up to 6.15.4/6.16-rc3. It has been classified as critical. This affects an unknown part of the component smb. The manipulation leads to symlink following. This vulnerability is listed as CVE-2025-38431. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-38432 | Linux Kernel up to 6.15.4/6.16-rc3 net csum_ipv6_magic initialization (WID-SEC-2025-1653)

Vuldb Updates
2 days 20 hours ago
A vulnerability described as problematic has been identified in Linux Kernel up to 6.15.4/6.16-rc3. The affected element is the function csum_ipv6_magic of the component net. Executing manipulation can lead to improper initialization. This vulnerability is handled as CVE-2025-38432. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-38428 | Linux Kernel up to 6.15.3 ims_pcu_flash_firmware len memory corruption (Nessus ID 250108 / WID-SEC-2025-1653)

Vuldb Updates
2 days 20 hours ago
A vulnerability was found in Linux Kernel up to 6.15.3. It has been declared as critical. This issue affects the function ims_pcu_flash_firmware. Such manipulation of the argument len leads to memory corruption. This vulnerability is referenced as CVE-2025-38428. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

Cybersecurity jobs available right now: September 16, 2025

Help Net Security
2 days 20 hours ago

CISO Haier Europe | Italy | On-site – View job details As a CISO, you will develop an information security strategy aligned with organizational priorities, secure executive support, and oversee the protection of data, intellectual property, and technology assets. You will establish and enforce security policies, procedures, and protocols, and identify and mitigate risks to ensure resilience against emerging threats. CSIRT Analyst Advens | Germany | Remote – View job details As a CSIRT Analyst, … More →

The post Cybersecurity jobs available right now: September 16, 2025 appeared first on Help Net Security.

Anamarija Pogorelec

Vietnam Probes Breach of Credit Agency Run by Central Bank

DataBreachToday.com
2 days 20 hours ago
Cybercrime Group ShinyHunters Advertises 160 Million Stolen Records
Vietnam's central bank is probing a hack attack that breached its credit reporting division, exposing personally identifiable information. The cybercrime group ShinyHunters claimed credit for the breach, advertising on a cybercrime forum 160 million stolen records for $175,000.

Managed ad