Warlock
You must login to view this content
Aggregator
Warlock
2 days 23 hours ago
You must login to view this content
cohenido
Warlock
2 days 23 hours ago
You must login to view this content
cohenido
Warlock
2 days 23 hours ago
You must login to view this content
cohenido
Warlock
2 days 23 hours ago
You must login to view this content
cohenido
CVE-2025-38430 | Linux Kernel up to 6.15.3 nfsd nfsd4_spo_must_allow state issue (Nessus ID 264318 / WID-SEC-2025-1653)
2 days 23 hours ago
A vulnerability classified as problematic was found in Linux Kernel up to 6.15.3. Affected by this issue is the function nfsd4_spo_must_allow of the component nfsd. Executing manipulation can lead to state issue.
This vulnerability appears as CVE-2025-38430. The attacker needs to be present on the local network. There is no available exploit.
Upgrading the affected component is advised.
vuldb.com
CVE-2025-38429 | Linux Kernel up to 6.6.94/6.12.34/6.15.3 bus mhi_ep_ring_add_element race condition (Nessus ID 253428 / WID-SEC-2025-1653)
2 days 23 hours ago
A vulnerability described as problematic has been identified in Linux Kernel up to 6.6.94/6.12.34/6.15.3. Affected is the function mhi_ep_ring_add_element of the component bus. Such manipulation leads to race condition.
This vulnerability is documented as CVE-2025-38429. The attack requires being on the local network. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2025-38431 | Linux Kernel up to 6.15.4/6.16-rc3 smb symlink (WID-SEC-2025-1653)
2 days 23 hours ago
A vulnerability was found in Linux Kernel up to 6.15.4/6.16-rc3. It has been classified as critical. This affects an unknown part of the component smb. The manipulation leads to symlink following.
This vulnerability is listed as CVE-2025-38431. The attack must be carried out from within the local network. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com
CVE-2025-38432 | Linux Kernel up to 6.15.4/6.16-rc3 net csum_ipv6_magic initialization (WID-SEC-2025-1653)
2 days 23 hours ago
A vulnerability described as problematic has been identified in Linux Kernel up to 6.15.4/6.16-rc3. The affected element is the function csum_ipv6_magic of the component net. Executing manipulation can lead to improper initialization.
This vulnerability is handled as CVE-2025-38432. The attack can only be done within the local network. There is not any exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2025-38428 | Linux Kernel up to 6.15.3 ims_pcu_flash_firmware len memory corruption (Nessus ID 250108 / WID-SEC-2025-1653)
2 days 23 hours ago
A vulnerability was found in Linux Kernel up to 6.15.3. It has been declared as critical. This issue affects the function ims_pcu_flash_firmware. Such manipulation of the argument len leads to memory corruption.
This vulnerability is referenced as CVE-2025-38428. The attack needs to be initiated within the local network. No exploit is available.
It is recommended to upgrade the affected component.
vuldb.com
AI正在向“安全左移”领域磨刀霍霍
2 days 23 hours ago
AI正沿着软件开发的全过程,重塑安全工作的面貌
开放媒体联盟将在2025年年底推出视频编解码器AV2 新版继续提升压缩性能
2 days 23 hours ago
开放媒体联盟计划于2025年底推出AV2视频编解码器标准,旨在提升压缩性能、改进屏幕内容处理,并支持AR/VR和多节目分屏播放。
Cybersecurity jobs available right now: September 16, 2025
2 days 23 hours ago
CISO Haier Europe | Italy | On-site – View job details As a CISO, you will develop an information security strategy aligned with organizational priorities, secure executive support, and oversee the protection of data, intellectual property, and technology assets. You will establish and enforce security policies, procedures, and protocols, and identify and mitigate risks to ensure resilience against emerging threats. CSIRT Analyst Advens | Germany | Remote – View job details As a CSIRT Analyst, … More →
The post Cybersecurity jobs available right now: September 16, 2025 appeared first on Help Net Security.
Anamarija Pogorelec
Vietnam Probes Breach of Credit Agency Run by Central Bank
2 days 23 hours ago
Cybercrime Group ShinyHunters Advertises 160 Million Stolen Records
Vietnam's central bank is probing a hack attack that breached its credit reporting division, exposing personally identifiable information. The cybercrime group ShinyHunters claimed credit for the breach, advertising on a cybercrime forum 160 million stolen records for $175,000.
Vietnam's central bank is probing a hack attack that breached its credit reporting division, exposing personally identifiable information. The cybercrime group ShinyHunters claimed credit for the breach, advertising on a cybercrime forum 160 million stolen records for $175,000.
YesWeHack Bug Bounty Boosts Security Collaboration
2 days 23 hours ago
Live Hacking Event Offers New Insights Over Traditional Testing
In today's threat landscape, as attackers grow more sophisticated, organizations are finding that direct collaboration between ethical hackers and development teams offers advantages traditional testing methods can't always match.
In today's threat landscape, as attackers grow more sophisticated, organizations are finding that direct collaboration between ethical hackers and development teams offers advantages traditional testing methods can't always match.
HHS Offers $50B in Rural Health Grants Including IT, Cyber
2 days 23 hours ago
Will Funding Offset Bigger Cuts Planned for Rural Health Under Big Beautiful Bill?
The Department of Health and Human Services has rolled out a $50 billion grant program to "transform" rural healthcare. The program - authorized under the "Big Beautiful Bill" - includes investment opportunities related to IT and cybersecurity. But is it nearly enough?
The Department of Health and Human Services has rolled out a $50 billion grant program to "transform" rural healthcare. The program - authorized under the "Big Beautiful Bill" - includes investment opportunities related to IT and cybersecurity. But is it nearly enough?
HIPAA Covered Entities - It’s More Than Just PHI
2 days 23 hours ago
<p>Handling health records doesn’t automatically make an organization a Covered Entity. In this blog, we help clear up common misconceptions so teams can better understand whether HIPAA truly applies.</p>
Chris Camejo
Новая профессия в IT: «Уборщик» кода за ИИ. Вот и расплата за инновации
2 days 23 hours ago
Почему программисты плачут от кода, который пишет ИИ за них.
微软:反垃圾邮件服务误拦Exchange Online与Teams链接
2 days 23 hours ago
微软反垃圾邮件服务出现误判问题,导致Exchange Online和Microsoft Teams用户无法打开部分链接或接收被隔离的邮件。该问题源于引擎错误标记嵌套URL为恶意内容。微软已识别并解除部分受影响链接,并正在修复系统以解决剩余问题。此事件反映了微软近期多次处理类似误报问题的情况。
微软:反垃圾邮件服务误拦Exchange Online与Teams链接
2 days 23 hours ago
微软目前正在解决一个已知问题:其反垃圾邮件服务出现误判,导致Exchange Online和Microsoft Teams用户无法打开部分链接,部分邮件也被错误隔离。
据悉,该问题源于反垃圾邮件引擎误将“嵌套在其他链接中的URL”标记为潜在恶意内容,进而导致部分邮件被隔离。
该问题于9月5日开始影响Exchange Online和Microsoft Teams用户。微软表示,即便某些链接已被确认安全,管理员仍可能收到标题为“检测到一名用户点击潜在恶意URL”的警报。
在发现该漏洞当天,微软已识别出超过6000个受影响的URL,正着手解除对它们的拦截,随后将重新推送相关消息,以恢复所有被误标记的消息或链接。
此前,微软曾尝试通过修改配置将延迟间隔调整为1小时,但未获成功。目前,工程师已部署修复程序,通过确保同步操作不再进入隔离状态来解决这些问题。
尽管工程师已部分修复了这些误报问题,但仍在处理因反垃圾邮件模型缺陷导致更多链接被禁用的影响。
微软在9月8日表示,已识别出一组新的受影响URL,正着手处理这部分链接及任何残留的受影响消息。目前大部分影响已得到解决,在进行根本原因分析的同时,也在积极处理剩余问题。
尽管微软尚未披露受此反垃圾邮件问题影响的客户数量及地区,但该服务问题已被归类为“事件”——这类分类通常意味着问题已造成明显的用户影响。
自今年年初以来,微软已多次处理类似问题,这些问题均导致邮件被误标记为垃圾邮件或隔离。例如,5月时,微软修复了Exchange Online中一个机器学习模型误将Gmail账户发送的邮件标记为垃圾邮件的问题;4月,修复了另一个机器学习漏洞——该漏洞导致Exchange Online误将Adobe发送的邮件标记为垃圾邮件;3月,又解决了Exchange Online反垃圾邮件系统误隔离部分用户邮件的误报问题。
胡金鱼