Aggregator

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.6.101/6.12.41/6.15.9/6.16.0. This affects the function make_bad_inode of the component ntfs3. Such manipulation leads to denial of service. This vulnerability is documented as CVE-2025-38615. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.16.0 and classified as problematic. This issue affects the function board_info_ioctl. Executing manipulation can lead to improper initialization. This vulnerability is tracked as CVE-2025-38613. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.16.0. This issue affects the function ep_loop_check_proc of the component eventpoll. The manipulation results in uncontrolled recursion. This vulnerability is known as CVE-2025-38614. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.147/6.6.101/6.12.41/6.15.9/6.16.0. Affected is the function fbtft_framebuffer_alloc of the component staging. Executing manipulation can lead to memory leak. This vulnerability appears as CVE-2025-38612. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

Qilin 勒索软件在 2025 年下半年活跃，每月泄露超 40 起案件，制造业受创最重。该组织采用双重勒索策略，并利用 Cyberduck 和 Mimikatz 等工具进行攻击。

ISC Stormcast播客于2025年10月27日发布，值班处理员Didier Stevens报告威胁级别为绿色。文章还提及应用安全课程将于同年12月在达拉斯举办，并提供了相关资源链接和联系信息。

Name: osu!gaming CTF 2025 (an osu!gaming CTF event.)
Date: Oct. 25, 2025, 2 a.m. — 27 Oct. 2025, 02:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://osugaming.sekai.team/
Rating weight: 0
Event organizers: osu!gaming

Name: DEADFACE CTF 2025 (an DEADFACE CTF event.)
Date: Oct. 25, 2025, 2 p.m. — 27 Oct. 2025, 00:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.deadface.io/
Rating weight: 0
Event organizers: Cyber Hacktics

微软更新必应壁纸软件，默认开启点击桌面打开必应搜索功能。用户无意中点击可能触发搜索页面打开。微软此举或为刷流量。软件还弹窗要求设置必应为默认搜索引擎，并新增新闻模块。

A vulnerability, which was classified as problematic, was found in Hgiga PowerStation. This issue affects some unknown processing. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2023-24838. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in Hgiga MailSherlock and classified as critical. Impacted is an unknown function of the component Connection Log Query Handler. Performing manipulation results in os command injection. This vulnerability is identified as CVE-2023-24841. The attack can be initiated remotely. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Hgiga MailSherlock. Affected is an unknown function of the component Mail Query Handler. Such manipulation leads to sql injection. This vulnerability is documented as CVE-2023-24840. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in Hgiga MailSherlock and classified as problematic. This affects an unknown function. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2023-24839. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in Softnext SPAM SQR. This affects an unknown part. The manipulation results in code injection. This vulnerability was named CVE-2023-24835. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as critical, has been found in Hgiga PowerStation. This vulnerability affects unknown code of the component Remote Management. This manipulation causes os command injection. The identification of this vulnerability is CVE-2023-24837. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in SUNNET CTMS. It has been rated as critical. This vulnerability affects unknown code of the component File Upload. The manipulation leads to path traversal. This vulnerability is traded as CVE-2023-24836. It is possible to initiate the attack remotely. There is no exploit available.

嗯，用户让我帮忙总结一下这篇文章的内容，控制在100个字以内，而且不需要用“文章内容总结”或者“这篇文章”这样的开头。直接写描述就行。首先，我得仔细阅读文章，抓住主要信息。 文章主要讲的是谷歌工程师正在为Chrome开发垂直选项卡功能。这个功能之前很多用户都期待了很久，因为像微软的Edge浏览器已经有了这个功能，确实提高了效率，尤其是在打开很多标签页的时候。现在Chrome终于要支持了。 接着，文章提到垂直选项卡在高分辨率和大屏幕设备上更实用，看起来也更美观。虽然火狐浏览器也支持了这个功能，但Chrome作为市场份额最高的浏览器，一直没有支持，这让很多用户感到遗憾。 然后，文章引用了Chrome Unboxed的消息，说谷歌工程师正在积极提交代码来开发这个功能。他们正在构建合适的UI框架，并且提到了一些细节，比如专用的功能标志用于早期测试，还有选项卡组织功能，比如标签组和固定选项卡的位置。 最后，文章提到对于经常打开很多标签页的用户来说，垂直选项卡能提高效率。虽然Edge有这个功能但广告太多让人困扰，所以用户期待Chrome的垂直选项卡能让他们重新使用Chrome而不受骚扰。 总结一下关键点：Chrome开发垂直选项卡功能、提高效率、用户期待、微软Edge已有此功能、谷歌工程师积极开发、细节如UI框架和组织功能、以及用户的使用体验提升。 现在把这些信息浓缩到100字以内。要确保涵盖主要点：Chrome开发垂直选项卡、提高效率、用户期待已久、微软Edge已有此功能、谷歌工程师的努力以及该功能的优势。 谷歌工程师正在为 Chrome 开发垂直选项卡功能以提高效率和美观度。该功能已在 Microsoft Edge 和火狐浏览器中实现,长期受用户期待。新代码表明 Chrome 正在构建侧边栏 UI 框架,支持固定选项卡和标签组,预计将成为提升用户体验的重要更新。