Aggregator

A vulnerability has been found in Linux Kernel up to 5.15.74/5.19.16/6.0.2 and classified as critical. This affects an unknown part of the component tracing. The manipulation leads to state issue. This vulnerability is listed as CVE-2022-50255. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.1 and classified as problematic. This affects the function __dev_queue_xmit in the library include/linux/skbuff.h of the component bpf. Such manipulation leads to privilege escalation. This vulnerability is documented as CVE-2022-50253. The attack requires being on the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.1. It has been rated as critical. The affected element is the function kzalloc of the component igb. Performing manipulation results in use after free. This vulnerability is reported as CVE-2022-50252. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Liferay Portal and DXP. This affects an unknown part of the component API. The manipulation results in use of default password. This vulnerability is known as CVE-2025-43799. It is possible to launch the attack remotely. No exploit is available.

A vulnerability, which was classified as problematic, has been found in Liferay DXP up to 7.3.10-u35/7.4.13-u92/2023.Q3.4/2023.Q4.0. This issue affects some unknown processing of the component One-Time Password Handler. Performing manipulation results in missing critical step in authentication. This vulnerability is cataloged as CVE-2025-43798. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Apple tvOS. It has been classified as critical. This impacts an unknown function of the component Media File Handler. The manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2025-43346. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Apple visionOS up to 18.4. It has been declared as critical. Affected is an unknown function of the component Media File Handler. The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2025-43346. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple watchOS. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the component Media File Handler. This manipulation causes out-of-bounds read. This vulnerability is tracked as CVE-2025-43346. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Apple iOS and iPadOS and classified as critical. This affects an unknown function of the component Media File Handler. Executing manipulation can lead to out-of-bounds read. The identification of this vulnerability is CVE-2025-43346. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as problematic was found in Apple macOS up to 14.7/15.6. This impacts an unknown function of the component App. Such manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-43314. Local access is required to approach this attack. No exploit exists. Upgrading the affected component is advised.

2025年9月16日下午，由国家漏洞库（CNNVD）主办的基础软硬件产品漏洞治理生态大会。

The attack, which is linked to ShinyHunters, has reportedly compromised data relating to 7.4 million unique email addresses

The Sentinels League brings global threat hunters together to battle across AI, Cloud, SIEM & Endpoint surfaces for $100K in prizes and more.

Зачем нужны тренировки, если можно перепрошить человека на клеточном уровне…

Struggling with a messy, multi-cloud environment? Learn how Tenable’s unified cloud security approach helps you eliminate dangerous blind spots, attain complete visibility and control, and secure your assets from the first line of code to full production.

Key takeaways

1. Fragmented multi-cloud environments create risky blind spots, making unified visibility essential to identify and manage security gaps.
2. Tenable Cloud Security provides a comprehensive, agentless platform that offers a complete, real-time view of all assets across the entire SDLC, from code to production.
3. With Tenable, cloud security teams can notify resource owners about critical risks, enforce security policies automatically and accelerate remediation.

Here’s an uncontested truth: keeping track of everything in your hybrid, multi-cloud environment is hard.

Without a clear and contextual view of all your cloud assets, it’s a real struggle to spot cloud exposures, fix misconfigurations and figure out who’s responsible for what.

This fragmented view can leave you with major blind spots, especially when a variety of teams are involved with protecting multi-cloud setups. The fallout can be severe: undetected threats, a larger attack surface and rampant shadow IT. You need a new approach to cloud security.

The visibility crisis in the cloud

At issue is a piecemeal and siloed view of your cloud assets. When your security teams can’t see everything across all your cloud providers and regions, they face serious challenges:

• Mixed signals on standards: Trying to get everyone to follow the same security rules is nearly impossible without a single source of truth.
• Disconnected risks: There's often no easy way to connect the dots between a cloud asset and its potential security risks, like vulnerabilities or identity exposures.
• Orphaned and misconfigured resources: Things get created in the cloud without a clear owner, which means no one is on the hook for keeping them secure.

If exploited, these security weaknesses can directly impact the business by causing data breaches, compliance violations and reputational damage.

Tenable Cloud Security: A unified vision

To address these challenges, you need a solution that gives you a complete picture and full control across the entire cloud lifecycle. This is where Tenable Cloud Security, powered by the Tenable One Exposure Management Platform, comes in. As a comprehensive cloud-native application protection platform (CNAPP), Tenable Cloud Security offers a unified approach to securing the cloud – from application development through workload production and response. Think of it as your all-in-one command center for cloud security.

Tenable Cloud Security works in real-time, without needing any agents, to discover your entire cloud footprint, spanning workloads, identities and data. This gives you a deep understanding of your assets’ context and ownership, which makes managing exposures and prioritizing risks much easier. 

Plus, Tenable Cloud Security is built for everyone on your security team, from cloud security practitioners mapping out exposures to the CISO focused on monitoring the organization-wide risk posture.

Key capabilities for end-to-end security

Tenable's approach is built on a foundation of key capabilities that provide a holistic view of cloud security:

• Continuous SDLC-to-production traceability: Get a full view of every misconfiguration, vulnerability and cloud asset across the software development lifecycle (SDLC) – from code to production. This allows teams to fix issues at their source and prevent them from happening again.
• Speed up fixes by knowing who owns what: Every issue is tied back to its source – be it a code repository, a cloud resource or the responsible team – along with clear remediation steps. This significantly improves the mean-time-to-remediation (MTTR).
• Automatically keep your policies in check: By continuously validating configurations from code to runtime, Tenable detects when cloud workloads deviate from defined security baselines. If something drifts, it automatically enforces your policies across your CI/CD pipeline and production environment, thus reducing the risk of misconfigurations and compliance issues.
• Get smart about who can access what: With native identity capabilities, Tenable maps effective access across users, roles, service principals and federated identities in real time. This helps you spot excessive permissions and lets you automatically enforce a least privilege policy.
• Unified exposure graph across cloud and IT: Tenable integrates cloud-native and IT risks into a single exposure graph. By correlating misconfigurations, container vulnerabilities and ephemeral assets with enterprise risk data, Tenable helps your team break down silos and focus on fixing the most critical issues first.
• Prioritize risks baked on data impact: By linking security risks to your most sensitive data, such as customer information, Tenable helps your team focus on the exposures that pose the greatest threat to business-critical or compliance-sensitive data.

The journey to cloud security maturity

Tenable makes it easy to level up your cloud security with a clear, three-step journey:

• Start with the basics: First, get a complete inventory of all your cloud assets, understand how they're connected, and build out a full list of your software components.
• Get more control: Next, start digging into who has access to what, and create custom views for different teams to give them more focused control and visibility.
• Become a master: Finally, add in ownership details for all cloud assets and prioritize risks based on how critical they are to your business. This gets you to a truly proactive and risk-aware security strategy.

The Tenable advantage: From secure design to continuous protection

By baking security into every phase of the SDLC, Tenable empowers you to shift left with confidence and catch risks early. This approach not only reduces drift and rework but also gives clear ownership to DevOps and SecOps teams, leading to faster remediation. From secure design to continuous runtime protection, Tenable gives you the clarity, context and control you need to build and run your cloud infrastructure quickly and safely.

In short, with Tenable Cloud Security, you can lower your risk, drive accountability and streamline your operations while keeping innovation front and center.

Click here to learn more about how Tenable can help you secure your cloud environment from code to cloud.

AI-native Villager, which automates Kali and DeepSeek penetration tests, has reached 11,000 PyPI downloads fueling dual-use threat

Creators, Authors and Presenters: d3dbot, DDoS Community

Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

The post DEF CON 33: DDOS Community appeared first on Security Boulevard.

An Internal Developer Platform (IDP) is a foundational concept in modern software engineering. It acts as a bridge between developers and the underlying infrastructure, tools, and processes needed to build, deploy, and manage software efficiently.

The post What is an Internal Developer Platform (IDP)? appeared first on Security Boulevard.

Het kabinet verhoogt het defensiebudget volgend jaar met € 3,4 miljard. Het totale budget stijgt daarmee tot € 26,8 miljard. De militaire organisatie krijgt het extra geld vanwege de verslechterde veiligheidssituatie in de wereld. De krijgsmacht moet in staat zijn het Nederlandse grondgebied en dat van bondgenoten te verdedigen, samen met NAVO-bondgenoten. Nederland blijft Oekraïne onverminderd steunen.