Aggregator

A critical security vulnerability has been discovered in the Linux UDisks daemon that could allow unprivileged attackers to gain access to files owned by privileged users.  The flaw, identified as CVE-2025-8067, was publicly disclosed on August 28, 2025, and carries an Important severity rating with a CVSS v3 score of 8.5. Key Takeaways1. CVE-2025-8067 in […]

The post Linux UDisks Daemon Vulnerability Let Attackers Gaining Access to Files Owned by Privileged Users appeared first on Cyber Security News.

Пластик. Порох. Программа. И больше не нужен завод.

The Cybersecurity and Infrastructure Security Agency (CISA) has published nine Industrial Control Systems (ICS) advisories on August 28, 2025, detailing high- and medium-severity vulnerabilities across leading vendors’ products.  The advisories highlight remote-exploitable flaws, privilege-escalation weaknesses, memory corruption bugs, and insecure configurations.  CISA and vendors aim to empower operators with precise guidance to safeguard ICS environments […]

The post CISA Releases Nine ICS Advisories Surrounding Vulnerabilities, and Exploits appeared first on Cyber Security News.

AIDEFEND (Artificial Intelligence Defense Framework) is an open knowledge base dedicated to AI security, providing defensive countermeasures and best practices to help security pros safeguard AI and machine learning systems. Practicality is at the core of AIDEFEND. The framework is designed to be “highly actionable,” with the goal of not only raising awareness of threats but also providing clear playbooks to defend against them. “Each technique and subtechnique is mapped to concrete threats cataloged in … More →

The post AIDEFEND: Free AI defense framework appeared first on Help Net Security.

A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub_418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer overflow. The identification of this vulnerability is CVE-2025-9783. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. This vulnerability was named CVE-2025-9782. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-9781. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes buffer overflow. This vulnerability is handled as CVE-2025-9780. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. This vulnerability is known as CVE-2025-9779. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability identified as critical has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2025-9778. An attack has to be approached locally. Furthermore, there is an exploit available.

Submit #640991 / VDB-322085

Submit #640990 / VDB-322084

Submit #640989 / VDB-322083

Submit #640988 / VDB-322082

Submit #640987 / VDB-322081

Submit #640969 / VDB-322080

Boards of directors are being told that cybersecurity is now central to business resilience and growth, and that they must engage more directly in the way their organizations manage risk. A new report from Google Cloud’s Office of the CISO lays out three areas where board oversight is becoming especially important: ransomware, cyber-enabled fraud, and the intersection of innovation and cybersecurity. Ransomware is shifting to identity and help desks The report describes how ransomware attacks … More →

The post Boards are being told to rethink their role in cybersecurity appeared first on Help Net Security.

セイコーソリューションズ株式会社が提供するSkyBridge BASIC MB-A130には、OSコマンドインジェクションの脆弱性が存在します。

A vulnerability, which was classified as critical, was found in deepakmisal24 Chemical Inventory Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory_form.php. Such manipulation of the argument chem_name leads to sql injection. This vulnerability is listed as CVE-2025-9758. The attack may be performed from remote. In addition, an exploit is available.