Aggregator
Krispy Kreme Data Breach Puts Employees at Risk of Financial Fraud
3 months ago
Doughnut maker Krispy Kreme has revealed that sensitive financial and personal data of over 160,000 individuals has been impacted following a November 2024 cyber incident
US recovers $225 million of crypto stolen in investment scams
3 months ago
The U.S. Department of Justice has seized more than $225 million in cryptocurrency linked to investment fraud and money laundering operations, the largest crypto seizure in the history of the U.S. Secret Service. [...]
Bill Toulas
Шпион из ЦРУ превратил Telegram в площадку для государственной тайны
3 months ago
Он хотел замести следы, а попал в хронику скандальной утечки. Теперь у него достаточно времени, чтобы подумать.
CVE-2024-35868 | Linux Kernel up to 6.1.84/6.6.25/6.8.4 SMB Client cifs_stats_proc_write use after free (Nessus ID 239850)
3 months ago
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.84/6.6.25/6.8.4. This issue affects the function cifs_stats_proc_write of the component SMB Client. The manipulation leads to use after free.
The identification of this vulnerability is CVE-2024-35868. The attack can only be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-36963 | Linux Kernel up to 6.6.30/6.8.9 tracefs /sys/kernel/tracing current_tracer permission (5f91fc82794d/414fb0862814/baa23a8d4360 / Nessus ID 239850)
3 months ago
A vulnerability was found in Linux Kernel up to 6.6.30/6.8.9. It has been classified as critical. Affected is the function current_tracer of the file /sys/kernel/tracing of the component tracefs. The manipulation leads to permission issues.
This vulnerability is traded as CVE-2024-36963. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-36966 | Linux Kernel up to 6.6.31/6.8.10 lib/idr.c erofs_kill_sb allocation of resources (f9b877a7ee31/dcdd49701e42/7af2ae1b1531 / Nessus ID 239850)
3 months ago
A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.31/6.8.10. This affects the function erofs_kill_sb in the library lib/idr.c. The manipulation leads to allocation of resources.
This vulnerability is uniquely identified as CVE-2024-36966. The attack can only be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-37354 | Linux Kernel up to 6.1.93/6.6.33/6.9.4 fs/btrfs/ctree.c btrfs_set_item_key_safe denial of service (Nessus ID 239850)
3 months ago
A vulnerability was found in Linux Kernel up to 6.1.93/6.6.33/6.9.4. It has been declared as critical. Affected by this vulnerability is the function btrfs_set_item_key_safe of the file fs/btrfs/ctree.c. The manipulation leads to denial of service.
This vulnerability is known as CVE-2024-37354. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-39470 | Linux Kernel up to 6.6.33/6.9.4 eventfs_find_events null pointer dereference (5ade5fbdbbb1/7a1b2d138189/d4e9a968738b / Nessus ID 239850)
3 months ago
A vulnerability was found in Linux Kernel up to 6.6.33/6.9.4. It has been classified as critical. This affects the function eventfs_find_events. The manipulation leads to null pointer dereference.
This vulnerability is uniquely identified as CVE-2024-39470. The attack can only be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-39491 | Linux Kernel up to 6.6.32/6.9.3 ALSA probe uninitialized pointer (9054c474f9c2/60d5e087e5f3/d344873c4cbd / Nessus ID 239850)
3 months ago
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.6.32/6.9.3. Affected by this issue is the function probe of the component ALSA. The manipulation leads to uninitialized pointer.
This vulnerability is handled as CVE-2024-39491. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-46852 | Memcached up to 1.6.21 Proxy Mode buffer overflow (Nessus ID 239855)
3 months ago
A vulnerability classified as critical has been found in Memcached up to 1.6.21. This affects an unknown part of the component Proxy Mode. The manipulation leads to buffer overflow.
This vulnerability is uniquely identified as CVE-2023-46852. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-46853 | Memcached up to 1.6.21 Proxy Request off-by-one (Nessus ID 239855)
3 months ago
A vulnerability classified as problematic was found in Memcached up to 1.6.21. This vulnerability affects unknown code of the component Proxy Request Handler. The manipulation leads to off-by-one.
This vulnerability was named CVE-2023-46853. Access to the local network is required for this attack. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-35823 | Linux Kernel up to 6.3.1 saa7134-core.c saa7134_finidev use after free (Nessus ID 239859)
3 months ago
A vulnerability was found in Linux Kernel up to 6.3.1 and classified as problematic. This issue affects the function saa7134_finidev of the file drivers/media/pci/saa7134/saa7134-core.c. The manipulation leads to use after free.
The identification of this vulnerability is CVE-2023-35823. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
NVIDIA помогает создавать лекарства, которые ещё не существуют, но уже работают
3 months ago
Теперь лекарство может быть предсказано без лабораторий — это звучит опасно и вдохновляюще.
Special Webinar: Key Insights from Verizon’s 2025 DBIR
3 months ago
GenAI, credential theft, third-party risks—Verizon's 2025 DBIR reveals what's putting your org at risk. Join DBIR author Alex Pinto & LayerX CEO Or Eshed as they break down this year's key insights and defense strategies. Don't miss the webinar—register now. [...]
Sponsored by LayerX
Security Evolution: From Pothole Repair to Road Building
3 months ago
Instead of constantly fixing security vulnerabilities, organizations should proactively build secure foundations that enable businesses to move faster while reducing risk.
Andy Ellis
Microsoft unveils new security defaults for Windows 365 Cloud PCs
3 months ago
Microsoft has announced new Windows 365 security defaults starting in the second half of 2025 and affecting newly provisioned and reprovisioned Cloud PCs. [...]
Sergiu Gatlan
jQuery Migrate Library Compromised to Steal Logins via Parrot Traffic Direction System
3 months ago
Security researchers from the Trellix Advanced Research Centre have uncovered a sophisticated malware campaign exploiting the widely trusted jQuery Migrate library, a backward compatibility plugin used extensively in platforms like WordPress, Joomla, and Drupal. The attack, which began with a routine URL inspection following unusual online activity, revealed a weaponized version of jquery-migrate-3.4.1.min.js. Sophisticated Malware […]
The post jQuery Migrate Library Compromised to Steal Logins via Parrot Traffic Direction System appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
CVE-2025-6374 | D-Link DIR-619L 2.06B01 /goform/formSetACLFilter curTime stack-based overflow
3 months ago
A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formSetACLFilter of the file /goform/formSetACLFilter. The manipulation of the argument curTime leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer.
The identification of this vulnerability is CVE-2025-6374. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-6373 | D-Link DIR-619L 2.06B01 /goform/formWlSiteSurvey formSetWizard1 curTime stack-based overflow
3 months ago
A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWizard1 of the file /goform/formWlSiteSurvey. The manipulation of the argument curTime leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer.
This vulnerability was named CVE-2025-6373. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com