Aggregator

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.11.2. Affected by this vulnerability is the function filemap_get_folios_contig of the component HugeTLB Page Handler. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2024-49873. The attack needs to be done within the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.54/6.10.13/6.11.2. This affects the function svc_i3c_master_probe of the component i3c. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2024-49874. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.11.2. Affected by this vulnerability is the function memfd_pin_folios of the component HugeTLB Page Handler. The manipulation results in denial of service. This vulnerability is known as CVE-2024-49872. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.1.112/6.6.54/6.10.13/6.11.2. This impacts the function cachefiles_open_file. Executing a manipulation can lead to improper update of reference count. This vulnerability appears as CVE-2024-49870. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 5.15.167/6.1.112/6.6.54/6.10.13/6.11.2. Affected is the function adp5589_clear_config of the component adp5589-keys. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-49871. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.11.2. Affected is the function __counted_by of the component btrfs. The manipulation of the argument Name results in buffer overflow. This vulnerability was named CVE-2024-49869. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

Курс Monero вырос на 70% после масштабной конвертации украденных активов.

Discover how AI-driven email automation will reshape customer journeys in 2026 with personalized campaigns, smarter timing, scalability, and better engagement.

The post 4 Ways Email Automation Will Reshape Customer Journeys in 2026 appeared first on Security Boulevard.

A vulnerability categorized as critical has been discovered in TOTOLINK A3700R 9.1.2u.5822_B20200513. This affects the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument ssid can lead to buffer overflow. The identification of this vulnerability is CVE-2026-1143. The attack may be launched remotely. Furthermore, there is an exploit available.

保时捷上周宣布，2025 年该公司在欧洲销售的汽车中电动版本销量超过了燃油版本。保时捷在欧洲销售的汽车插电版本占到了 57.9%。该公司最畅销的车型是 Macan，它有电动版本和燃油版本，在全世界的总销量为 84,328 辆，其中电动版本为 45,367 辆，占到了 53.8%。即使在美国市场，Macan 的电动版本占到总销量的三分之一。美国是唯一一个电动汽车销量下降的主要汽车市场，去年的电动汽车销量占到了总销量的大约 10%。

An actor who goes online with the alias @ihackthegovernment posted stolen personal data from his victims, including the U.S. Supreme Court. Nicholas Moore, 24, from Tennessee, pleaded guilty to repeatedly hacking the U.S. Supreme Court’s electronic filing system. Court documents reveal he used his Instagram account to leak data from several of his victims. “Nicholas […]

Cybersecurity researchers have discovered a sophisticated malware campaign using an unusual but effective tactic: deliberately crashing users’ browsers. The threat, named CrashFix, operates through a malicious Chrome extension disguised as the legitimate ad blocker NexShield. When users search for privacy tools online, malicious advertisements direct them to download what appears to be a trustworthy extension […]

The post CrashFix – Hackers Using Malicious Extensions to Display Fake Browser Warnings appeared first on Cyber Security News.

本报告基于主机侧大量的入侵记录进行深度分析，涵盖 3万+个独立攻击源IP，涉及 137 个CVE漏洞

基于我们在 2025 年与企业客户的实际工作总结而成的安全趋势判断每一年，我们都会基于在真实企业环境中的一线观

Стал известен секретный план Ирана по превращению интернета в государственную привилегию.

Security researchers have uncovered significant vulnerabilities in the firmware of Xiaomi’s popular Redmi Buds series, specifically affecting models ranging from the Redmi Buds 3 Pro up to the latest Redmi Buds 6 Pro. The discovery highlights critical flaws in the Bluetooth implementation of these devices, allowing attackers to access sensitive information or force the devices […]

The post Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes appeared first on Cyber Security News.

SEON has unveiled the launch of its AI-powered Identity Verification solution, bringing ID verification, liveness detection and proof of address checks into its unified risk platform. SEON’s solution is built on more than 900 real-time fraud signals, helping organizations assess not just whether an ID is real, but whether the person can be confidently approved based on identity and risk signals. Most identity verification tools focus on validating documents, but lack the risk context needed … More →

The post SEON Identity Verification combines KYC checks with real-time fraud intelligence appeared first on Help Net Security.

Cybercriminals have distributed 17 malicious browser extensions across Chrome, Firefox, and Edge platforms, collectively downloading over 840,000 times and compromising user security for years. The GhostPoster campaign, which emerged as early as 2020, used deceptive extension names like “Google Translate in Right Click,” “Youtube Download,” and “Ads Block Ultimate” to appear legitimate while quietly stealing […]

The post 17 New Malicious Chrome GhostPoster Extensions with 840,000+ Installs Steals User Data appeared first on Cyber Security News.

A vulnerability was found in Yonyou KSOA 9.0 and classified as critical. This affects an unknown part of the file /kmf/user_popedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid results in sql injection. This vulnerability is reported as CVE-2026-1179. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.