Aggregator

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.32/5.16.18/5.17.1. This affects the function devm_kzalloc. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2022-49184. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.17.1 and classified as critical. This vulnerability affects the function of_node_put. The manipulation leads to improper update of reference count. This vulnerability was named CVE-2022-49185. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1 and classified as critical. Affected by this vulnerability is the function of_parse_phandle. The manipulation leads to improper update of reference count. This vulnerability is known as CVE-2022-49241. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.17.1. It has been classified as critical. This affects the function of_parse_phandle. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2022-49240. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.17.1. Affected is the function of_node_put. The manipulation leads to improper update of reference count. This vulnerability is traded as CVE-2022-49242. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

隐秘的StilachiRAT木马通过复杂技术窃取敏感数据，可能实现横向移动，威胁企业安全。其反取证机制和持久化手段致使其极具隐蔽性，严重威胁系统安全。

立法层面最先落地的数据空间

立法层面最先落地的数据空间

立法层面最先落地的数据空间

立法层面最先落地的数据空间

立法层面最先落地的数据空间

立法层面最先落地的数据空间

立法层面最先落地的数据空间

CVE-2024-27564 漏洞被积极利用，金融行业成主要目标，35%组织安全配置不足，全球攻击频发，修复迫在眉睫。

The growing sophistication of software supply chain attacks is driven by widespread flaws in open-source and third-party commercial software, along with malicious campaigns that specifically target AI and cryptocurrency development pipelines, according to a ReversingLabs report. According to ReversingLabs data, open-source software remained a key element of supply chain risk in 2024. For example, incidents of exposed development secrets via publicly accessible, open-source packages rose 12% compared to 2023. And critical and exploitable software flaws … More →

The post Hackers target AI and crypto as software supply chain risks grow appeared first on Help Net Security.

Cloudflare 推出后量子加密技术，应对量子计算机对传统加密的“生存性威胁”，保护企业网络流量，防范“先收集，后解密”的攻击策略，确保未来通信安全。

Application Security Expert monday.com | United Kingdom | Hybrid – View job details As an Application Security Expert, you will provide guidance on security best practices and compliance, and undertake security testing. Develop security testing plans and integrate them into the software development lifecycle. Perform and oversee security testing and manage remediation of identified vulnerabilities. Application Security Analyst II, Information Security First National Financial | Canada | On-site – View job details As an Application … More →

The post Cybersecurity jobs available right now: March 18, 2025 appeared first on Help Net Security.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Nitesh Surana (@_niteshsurana) of Trend Micro Research' was reported to the affected vendor on: 2025-03-18, 65 days ago. The vendor is given until 2025-07-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-03-18, 65 days ago. The vendor is given until 2025-07-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Dongjun Kim(@Enki WhiteHat) and Jongseong Kim(@Enki Whitehat)' was reported to the affected vendor on: 2025-03-18, 65 days ago. The vendor is given until 2025-07-16 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.