Aggregator

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile and Snapdragon Wearables and classified as critical. Affected by this issue is some unknown functionality of the component IOCTL Interface. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-21458. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Qualcomm Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon WBC and Snapdragon Wearables and classified as critical. Affected by this vulnerability is an unknown functionality of the component IOCTL Command Handler. The manipulation leads to use after free. This vulnerability is known as CVE-2025-21456. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile. Affected is an unknown function. The manipulation leads to reachable assertion. This vulnerability is traded as CVE-2025-21452. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Qualcomm Snapdragon Auto. This issue affects some unknown processing of the component Header Length Handler. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2025-27072. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Qualcomm Snapdragon Auto, Snapdragon Industrial IOT and Snapdragon Mobile. This vulnerability affects unknown code. The manipulation leads to active debug code. This vulnerability was named CVE-2025-21472. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon MC, Snapdragon MDM, Snapdragon Mobile, Snapdragon Technology, Snapdragon Voice & Music, Snapdragon WBC, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking. This affects an unknown part of the component MBN File Handler. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-21465. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon MDM, Snapdragon Mobile, Snapdragon Technology, Snapdragon Voice & Music, Snapdragon WBC, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument offset/size leads to out-of-bounds read. This vulnerability is handled as CVE-2025-21464. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Mobile and Snapdragon WBC. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component fastrpc Session Handler. The manipulation leads to buffer over-read. This vulnerability is known as CVE-2025-21457. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Auto QCA7005. It has been classified as problematic. Affected is an unknown function of the component PIB File Handler. The manipulation leads to exposure of sensitive information through metadata. This vulnerability is traded as CVE-2025-47324. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Compute, Snapdragon Mobile and Snapdragon Wearables and classified as critical. This issue affects some unknown processing of the component IOCTL Handler. The manipulation leads to time-of-check time-of-use. The identification of this vulnerability is CVE-2025-21455. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Shopware 6.6.x/6.7.x and classified as problematic. This vulnerability affects unknown code of the component Voucher System. The manipulation leads to race condition. This vulnerability was named CVE-2025-7954. The attack can be initiated remotely. There is no exploit available.

Today we cover Devin AI from Cognition, the first AI Software Engineer.

We will cover Devin proof-of-concept exploits in multiple posts over the next few days. In this first post, we show how a prompt injection payload hosted on a website leads to a full compromise of Devin’s DevBox.

GitHub Issue To Remote Code Execution

By planting instructions on a website or GitHub issue that Devin processes, it can be tricked to download malware and launch it. This leads to full system compromise and turns Devin into a remote-controlled ZombAI. Any exposed secrets can then be leveraged to perform lateral movement, or other post-exploitation steps.

Akira Ransomware Exploited MFA-Protected SonicWall SSL VPNs, Say Researchers
SonicWall said it is probing a surge in attacks against its Gen 7 firewalls, running various firmware versions, which have SSL VPN enabled. Researchers said attackers may have been exploiting a zero-day vulnerability and that multiple victims have been infected with Akira ransomware.

Ransomware, Data Thefts, Other Attacks Continue to Plague Health Sector
Recent hacks on a provider of sleep disorder diagnostic gear and services, a network of medical imaging facilities and a multi-disciplinary cancer care center have affected nearly 800,000 patients. The breaches are among the latest rash of cybercriminal attacks plaguing the healthcare sector.

Dutch Servers Restored Following Moscow-Led Attack
The Dutch Public Prosecution Service on Monday began phased restoration of its networks after a cyberattack last month forced the agency to take down its services offline. The agency confirmed that hackers exploited a vulnerability in a Citrix device.

$100M State Cyber Grants Mark Major Drop in Federal Support Despite Growing Demand
The federal government announced a final $100 million round of cybersecurity grants aimed at boosting state and local defenses, but experts warn the funding signals a broader shift in responsibility to under-resourced governments facing escalating threats without sustained federal support.

多智能体蜂群掀起安全与 AI 融合革命

深度聚焦行业发展趋势、技术应用场景与复合型人才培养体系建设。

重视网络安全意味着实施更主动、自适应且可执行的措施，这些措施协同工作，才能有效应对那些对业务影响最大的威胁。

HPE announced expansion of its cybersecurity, resiliency, and compliance solutions, taking a multi-layered approach to protect enterprises through industry-leading data, network, and system security. HPE is introducing its combined secure networking portfolio, built on HPE Aruba Networking and HPE Juniper Networking, and announcing expansive updates across its portfolio: HPE advances network security with a new SASE copilot for HPE Aruba Networking EdgeConnect that provides AI-driven insights on network activity, security gaps and more. HPE Aruba … More →

The post HPE unveils unified cybersecurity portfolio with AI-driven networking and data protection appeared first on Help Net Security.