Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.148/6.6.102/6.12.43/6.16.3/6.17-rc2. This impacts the function shutdown of the component gve. Executing a manipulation can lead to null pointer dereference. This vulnerability is registered as CVE-2025-38735. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.43/6.16.3/6.17-rc1/6.17-rc2/a754ab53993b1585132e871c5d811167ad3c52ff. This issue affects the function asix_devices of the component net. Executing a manipulation can lead to improper initialization. This vulnerability is handled as CVE-2025-38736. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.43/6.16.3/6.17-rc2. It has been declared as critical. Impacted is the function smb3_init_transform_rq. Executing a manipulation can lead to buffer overflow. This vulnerability appears as CVE-2025-38737. The attacker needs to be present on the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.43/6.16.3/6.17-rc2 and classified as critical. This affects the function relocate_lowcore. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-38733. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.102/6.12.43/6.16.3/6.17-rc2. This affects the function smc_listen_out of the component net. Performing a manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2025-38734. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.17-rc2. It has been rated as critical. This vulnerability affects unknown code in the library include/linux/skbuff.h of the component netfilter. Performing a manipulation results in improper update of reference count. This vulnerability is known as CVE-2025-38732. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.16.3/6.17-rc2. It has been declared as critical. This affects the function vm_bind_ioctl. Such manipulation leads to double free. This vulnerability is traded as CVE-2025-38731. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

上周关注度较高的产品安全漏洞20260119-20260125)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞1224个，其中高危漏洞644个、中危漏洞496个、低危漏洞84个。

A vulnerability, which was classified as problematic, has been found in Altitude Communication Server 8.5.3290.0. Affected is an unknown function of the component Authentication Service. This manipulation causes injection. This vulnerability is tracked as CVE-2025-41083. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as problematic was found in Altitude Communication Server. This impacts an unknown function of the component HTTP Request Handler. The manipulation results in http request smuggling. This vulnerability is identified as CVE-2025-41082. The attack can be executed remotely. There is not any exploit available.

速修复

Fuzzware.io 最终摘得桂冠

恭喜Project Sekai战队 ! 🏆

推进大语言模型在安全场景中进一步落地

HackerNews 编译，转载请注明出处： Symantec与Carbon Black的研究人员发现了一种名为Osiris的新型勒索软件变种，该变种于2025年11月被用于攻击一家东南亚大型食品服务特许经营商。 根据Symantec和VMware Carbon Black威胁猎手的分析，攻击者部署了一个名为POORTRY的恶意驱动程序，用自带漏洞驱动技术来禁用安全软件。 目前对Osiris的开发者，或其是否以勒索软件提供服务知之甚少，但有证据表明其与INC勒索软件存在关联。 Symantec与Carbon Black发布的报告中指出：“虽然这款Osiris勒索软件与2016年出现的同名勒索软件家族（Locky勒索软件的一个变种）重名，但没有迹象表明这两个家族之间存在任何关联。” Osiris似乎是一种新型勒索软件变种，与2016年基于Locky的同名变种无关。其开发者及任何RaaS模式仍属未知，但博通研究人员发现了攻击者与INC勒索软件团伙有相关联的迹象。 Osiris是一款功能齐全的勒索软件，能够停止服务和进程、选择要加密的文件和文件夹，并投放勒索信。研究人员报告称，该软件支持多种命令选项来定义目标、设置日志记录、选择加密模式以及Hyper-V等相关操作。这个新的勒索软件家族会跳过特定文件类型和系统文件夹，为加密文件附加.Osiris扩展名，删除VSS快照，并终止数据库、备份和生产力相关进程。该恶意软件使用混合ECC和AES-128-CTR加密，每个文件使用唯一密钥，通过完成端口管理异步输入/输出操作，并留下一份名为Osiris-MESSAGE.txt的勒索信，并在勒索信中提及敲诈细节和谈判链接。攻击链在勒索软件部署的数天前便已启动，攻击者当时使用Rclone工具悄悄窃取数据，并将其上传到Wasabi云存储桶中。这种方法，连同重用的工具（如名为kaz.exe的Mimikatz变体），都与过去Inc勒索软件的操作手法如出一辙，表明这可能是模仿或由前Inc附属组织参与的行动。 报告继续指出：“攻击者还部署了Netscan、Netexec和MeshAgent等其他具有双重用途的工具。他们还使用了定制版的Rustdesk远程监控和管理工具，该工具被修改以伪装其功能，并加入了‘WinZip远程桌面’的文件描述和WinZip图标，企图隐藏其真实用途。” 攻击者使用常见的双重用途工具进行网络探测和访问，外加一个伪装成“WinZip远程桌面”的修改版RustDesk远程工具以隐藏其目的。为了瘫痪防御系统，他们在一次自带漏洞驱动攻击中，部署了伪装成Malwarebytes组件的Poortry驱动程序，用以关闭安全软件。KillAV也为了达成目的而被使用。最后，在启动勒索软件之前，他们启用了RDP以维持远程访问。 Osiris是技术娴熟的威胁行为者使用的一款能力强大的新型勒索软件。研究人员强调，工具的重复使用和战术表明其可能与Inc附属组织及Medusa活动存在潜在联系，尽管这样的关联尚不明确。 报告总结道：“勒索软件领域的形势不断变化，新勒索软件家族的出现始终值得密切关注。” 消息来源：securityaffairs.com； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Специалисты призвали изменить подход к защите данных из-за типизации атак.

根据微软的支持文档，Windows 11 一月安全更新可能导致部分 PC 无法启动，它正在收集用户和 IT 管理员的反馈。用户无需卸载此更新，因为该问题“仅限于”特定 PC。目前不清楚有多少用户受到影响，微软列出了两个受影响的平台：KB5074109 – Windows 11 25H2 和 KB5074109 – Windows 11 24H2。微软称，受影响的 PC 可能会突然停止启动，出现黑屏死机 (BSOD)错误，错误代码为 UNMOUNTABLE_BOOT_VOLUME。

自动更新通过显著缩短漏洞披露与修复之间的时间差，在降低补丁延迟、提升设备一致性

HackerNews 编译，转载请注明出处： 爱尔兰一名高级官员本周表示，爱尔兰政府计划起草一项立法，使执法部门使用间谍软件合法化。 爱尔兰司法、内政与移民事务部长吉姆·奥卡拉汉于周二表示，爱尔兰有必要加强“合法拦截权”，并“为使用隐蔽监视软件建立法律依据”，以更有效地打击严重犯罪与安全威胁。 公告称，该法案将要求所有的拦截请求必须获得法院授权。 根据公告，该法律还将包含一项条款，允许使用电子扫描设备，这类设备可精确定位并记录移动设备的识别数据，从而将其追踪至特定区域。 奥卡拉汉在声明中表示：“新立法还将包含有力的法律保障措施，以持续确保这些权力的使用是必要且适度的。” 公告指出，司法部将与爱尔兰总检察长办公室及其他国家机构合作，共同制定该法律框架。 奥卡拉汉称这项计划中的立法“早该出台”。     消息来源：securityaffairs.com； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文