Aggregator

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.45/6.16.5. The affected element is the function est_timer of the component net_sched. Executing manipulation can lead to reachable assertion. The identification of this vulnerability is CVE-2025-39900. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.45/6.16.5. Impacted is the function move_pages_pte of the component userfaultfd. Performing manipulation results in privilege escalation. This vulnerability was named CVE-2025-39899. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

Google’s Threat Intelligence Group (GTIG) has published a comprehensive guide to help organizations strengthen their SaaS security posture—particularly Salesforce—against UC6040’s sophisticated voice-phishing and malicious connected-app attacks. By combining identity hardening, SaaS-specific controls, and advanced logging and detection, security teams can significantly reduce the risk of credential compromise and large-scale data exfiltration. Protecting software-as-a-service (SaaS) platforms […]

The post Google Publishes Security Hardening Guide to Counter UNC6040 Threats appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability labeled as problematic has been found in OpenPLC v3. This issue affects the function enipThread of the component ud2 Instruction Handler. Such manipulation leads to reliance on undefined, unspecified, or implementation-defined behavior. This vulnerability is uniquely identified as CVE-2025-54811. Local access is required to approach this attack. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability identified as problematic has been detected in Schema & Structured Data for WP & AMP Plugin up to 1.49 on WordPress. This vulnerability affects unknown code of the component HTML Tag Attribute Handler. This manipulation causes HTML injection. This vulnerability is handled as CVE-2025-9512. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

视网膜扫描技术通过捕捉眼睛后部血管的复杂模式进行身份验证。该技术利用红外光吸收特性生成独特的血管图像，并将其转换为数字模板用于认证。相比指纹和面部识别，视网膜扫描更难伪造且受环境因素影响较小。尽管在医疗、金融和政府等领域已得到应用，但成本高、隐私问题及对某些眼部疾病患者的限制仍需解决。

Explore the depths of retina scan authentication, from its technology and security to ethical considerations and implementation. A guide for developers and security pros.

The post An Inclusive Guide to Retina Scan Authentication appeared first on Security Boulevard.

Cloud providers rely on hardware-based memory encryption to keep user data safe. This encryption shields sensitive information like passwords, financial records, and personal files from hackers and curious insiders. Leading technologies such as Intel SGX and AMD SEV-SNP are designed to ensure that even if a cloud host or administrator is compromised, encrypted data remains […]

The post Battering RAM Exploit Bypasses Modern Protections in Intel, AMD Cloud Processors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical zero-day vulnerability affecting thousands of Cisco firewalls is being actively exploited by threat actors in the wild.  The vulnerability, tracked as CVE-2025-20333, poses an immediate risk to organizations worldwide with a CVSS score of 9.9, representing one of the most severe security flaws discovered in enterprise firewall infrastructure this year. According to data […]

The post 48+ Cisco Firewalls Vulnerable to Actively Exploited 0-Day Vulnerability in the Wild appeared first on Cyber Security News.

Microsoft has officially released Windows 11, version 25H2, also known as the Windows 11 2025 Update, marking the next feature update for the operating system. The update became available for general availability on September 30, 2025, initiating a phased rollout to eligible devices. This new version is designed as a service, with updates delivered periodically […]

The post Windows 11 25H2 Released for General Availability – Know Issues and Mitigations appeared first on Cyber Security News.

360 Privacy launched 360 Strata, an advanced privacy platform designed to transform how organizations understand, manage, and reduce digital exposures. The platform empowers executives, security teams, and family offices with actionable intelligence to identify what personal information is exposed and deliver measurable outcomes. 360 Strata ensures sensitive data is protected while providing clients with actionable insight to assess impact and make informed decisions. “Organizations have lacked the architectural visibility leaders need to demonstrate value,” said … More →

The post New 360 Strata platform delivers actionable intelligence to protect sensitive data appeared first on Help Net Security.

A vulnerability labeled as problematic has been found in Custom Searchable Data Entry System Plugin up to 1.7.1 on WordPress. Affected by this issue is the function ghazale_sds_delete_entries_table_row. The manipulation results in denial of service. This vulnerability was named CVE-2020-36852. The attack may be performed from remote. There is no available exploit.

Akuity has launched new AI capabilities that enable users to detect degraded states across applications, triage incidents, and automate fixes on the Akuity platform within minutes. The platform also provides enterprise-ready continuous delivery and promotion capabilities for Kubernetes, built on the fundamentals of Argo CD. “We’ve been using the Akuity platform for more than three years across thousands of applications deployed within our clusters. With Akuity’s new AI capabilities, we are able to immediately find … More →

The post Akuity unveils AI-powered incident detection and automation for Kubernetes appeared first on Help Net Security.

乌克兰计算机应急响应团队警告新的定向网络攻击活动，利用名为CABINETRAT的后门程序通过伪装成Excel插件的XLL文件传播。该恶意软件通过Signal应用分发，隐藏在与拘留越境者相关的文档中。CABINETRAT具备收集系统信息、执行命令和上传下载文件等功能，并采用多种反虚拟机和反分析技术以规避检测。

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in September 2025, has been attributed to a threat cluster it tracks as UAC-0245. The agency said it spotted the attack following the discovery of software tools taking the form of XLL files, which refer to Microsoft Excel

文章探讨了通过模型微调优化语言模型性能的方法，提出了一种混合适应技术，使模型微调更加高效和经济。该方法结合低秩适应、专家混合等策略，在减少内存占用的同时提升了模型的泛化能力和训练效率。

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about critical vulnerabilities in Cisco’s IOS and IOS XE Software SNMP subsystem that are actively being exploited by threat actors. CVE-2025-20352, which involves a stack-based buffer overflow in the Simple Network Management Protocol (SNMP) implementation, has been officially added to CISA’s Known Exploited Vulnerabilities […]

The post Cisco IOS/IOS XE SNMP Vulnerabilities Exploited in Ongoing Attacks, Warns CISA appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Lunar Spider利用CORS漏洞入侵网站并注入FakeCaptcha框架，通过恶意JavaScript生成iframe覆盖原页面内容。该框架监控用户点击并发送数据到Telegram频道。攻击链涉及MSI下载器和恶意DLL Latrodectus V2，最终用于网络初始访问和后续勒索软件部署。该团伙主要活跃于欧洲金融部门。

A new Android banking trojan has emerged that combines traditional overlay attacks with a stealthy hidden Virtual Network Computing (VNC) server to achieve full remote control of compromised devices. First detected in late September 2025, the malware is distributed through SMS-based phishing campaigns that lure victims into installing a fake “security” app. Once granted the […]

The post New Android Banking Trojan Uses Hidden VNC to Gain Complete Remote Control Over Device appeared first on Cyber Security News.

这篇文章探讨了 Fediverso（去中心化社交网络生态系统）的优势与挑战。作者 Giuliana Sorci 强调 Fediverso 通过独立平台实现互操作性，避免数据商业化和监控，并允许用户自治管理实例。然而，技术门槛、文化差异及大型科技公司的潜在威胁仍是其发展的障碍。