Aggregator

A vulnerability has been found in Linux Kernel up to 6.14.8 and classified as problematic. This affects an unknown part of the component clk. The manipulation leads to state issue. This vulnerability is referenced as CVE-2025-38041. The attack needs to be initiated within the local network. No exploit is available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.14.8. Affected is the function k3_udma_glue_reset_rx_chn of the file drivers/net/ethernet/ti/k3-cppi-desc-pool.c of the component dmaengine. This manipulation of the argument skip_fdq causes state issue. This vulnerability appears as CVE-2025-38042. The attacker needs to be present on the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.140/6.6.92/6.12.30/6.14.8. The affected element is the function in_atomic of the file kernel/irq/manage.c. Executing a manipulation can lead to stack-based buffer overflow. This vulnerability appears as CVE-2025-38040. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability classified as problematic was found in iCMS 7.0.16. This vulnerability affects unknown code of the file user.admincp.php. Executing a manipulation can lead to cross-site request forgery. This vulnerability is registered as CVE-2023-42321. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic has been found in iCMS 7.0.16. Impacted is an unknown function. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2023-42322. The attack may be initiated remotely. There is no available exploit.

A vulnerability labeled as critical has been found in Tenda AC10V4 US_AC10V4.0si_V16.03.10.13_cn_TDC01. Affected by this issue is the function GetParentControlInfo. Such manipulation of the argument mac leads to buffer overflow. This vulnerability is referenced as CVE-2023-42320. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as problematic has been detected in OpenImageIO oiio 2.4.12.0. Affected by this issue is the function read_subimage_data. The manipulation leads to denial of service. This vulnerability is documented as CVE-2023-42299. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as problematic. Impacted is an unknown function. The manipulation of the argument Subject Name/Subject Code leads to cross site scripting. This vulnerability is listed as CVE-2023-42307. The attack may be initiated remotely. There is no available exploit.

Blue Origin 宣布暂停 New Shepard 项目两年，但此举可能意味着其亚轨道太空旅游的永久终结。New Shepard 火箭和太空船自 2015 年投入使用至今共完成了 38 次发射，除一次外全部成功，将 98 人送入太空体验亚轨道飞行。为何 Blue Origin 要终止其成立至今持续时间最长的项目？CEO Dave Limp 表示要将人力和资源投入到载人登月项目上。Blue Origin 员工对此举也颇感意外，因为上一次亚轨道飞行是在 8 天前将六人送入太空，该公司还有 4 枚处于不同阶段的 New Shepard 火箭以及两艘正在建造中的太空船，它还在去年讨论过扩展发射场。然而该项目一直处于亏损状态，有逾 500 名员工投入在该项目，分散了其精力和资源。

The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer systems. "Malicious updates were distributed through eScan's legitimate update infrastructure, resulting in the deployment of multi-stage malware to enterprise

In this Help Net Security video, Rishi Kaushal, CIO at Entrust, explains how security leaders should talk to the board about cyber risk. He focuses on what matters to board members and what does not. He links cryptography, certificates, and authentication to business outcomes like revenue loss, outages, fraud, and regulatory exposure. Kaushal breaks down the digital trust layer and explains why failures in keys, certificates, or access controls often lead to visible business damage. … More →

The post What boards need to hear about cyber risk, and what they don’t appeared first on Help Net Security.

2025 年 10 月比特币创下了 123,742 美元的记录，但四个月后跌至 76000 美元，币值从峰值下跌了四成。彭博认为这一波跌势不是出于恐慌而是买家、动能和信心的缺失引起的。下跌没有明显的导火索，纯粹是需求减弱、流动性减少，其价值与更广泛的市场无关联。即使最近几周黄金白银价格剧烈波动，加密货币也未出现任何震荡。比特币 1 月下跌近 11%，连续第四个月下跌——这是自 2018 年以来最长的连跌纪录。社交媒体上也对止跌缺乏乐观情绪。主流买家的信心正在减弱，许多买家在高价买入后都处于亏损状态。

Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer's resources to push malicious updates to downstream users. "On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the GlassWorm

Most organizations view AI identities through the same lens used for other non-human identities, such as service accounts, API keys, and chatbots, according to The State of Non-Human Identity and AI Security report by the Cloud Security Alliance. AI identities inherit old IAM weaknesses Treating AI identities as another category of non-human identity means they inherit the same weaknesses that have affected identity programs for years. Credential sprawl, unclear ownership, and uneven lifecycle controls already … More →

The post AI is flooding IAM systems with new identities appeared first on Help Net Security.

Younger generations are increasingly ditching smartphones in favor of “dumbphones”—simpler devices with fewer apps, fewer distractions, and less tracking. But what happens when you step away from a device that now functions as your wallet, your memory, and your security key? In this episode, Tom and Scott explore the dumbphone movement through a privacy and […]

The post Why Gen Z is Ditching Smartphones for Dumbphones appeared first on Shared Security Podcast.

The post Why Gen Z is Ditching Smartphones for Dumbphones appeared first on Security Boulevard.

《2025Q4 企业邮箱安全报告》重磅发布！深度解析三大趋势，点击立领完整版报告→

1月30日，港交所披露「北京天地和兴科技股份有限公司」招股书。

Под угрозой ключи API, токены и переписки из-за открытых панелей и ошибок настройки.

根据发表在《Journal of Sport and Health Science》期刊上的一项研究，坚持规律的有氧运动有助于保持大脑年轻。研究显示，坚持一整年有氧运动的成年人大脑看起来比那些没有改变活动习惯的人年轻近一岁。研究使用 MRI 扫描结果估算大脑的生物学年龄。130 名年龄在 26-58 岁之间的健康成年人参与了研究。参与者被随机分配到中等至高强度有氧运动组或常规对照组。运动组的参与者每周在实验室完成两次 60 分钟的监督锻炼，在家中进行额外的锻炼以达到每周约 150 分钟的有氧运动量。研究人员在研究开始时和 12 个月后分别使用 MRI 扫描测量了大脑结构，通过峰值摄氧量（VO2peak）评估了心肺功能。一年后两组有明显差异：运动组参与者大脑年龄显著下降，对照组大脑年龄略有上升。平均而言运动组大脑年龄下降了约 0.6 岁，对照组大脑年龄增加了约 0.35 岁——但该结果不具有统计显著性。两组的大脑年龄相差了一岁。

A vulnerability, which was classified as critical, was found in lenosp 1.0-1.2.0. This issue affects some unknown processing of the file /user/upload of the component JPG File Handler. Such manipulation leads to unrestricted upload. This vulnerability is listed as CVE-2023-42180. The attack must be carried out from within the local network. There is no available exploit.