Aggregator

A vulnerability classified as problematic has been found in Linux Kernel up to 5.15.176/6.1.126/6.6.73/6.12.10. This affects the function connect. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-21669. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Researchers have uncovered two critical vulnerabilities in GitHub Copilot, Microsoft’s AI-powered coding assistant, that expose systemic weaknesses in enterprise AI tools.  The flaws—dubbed “Affirmation Jailbreak” and “Proxy Hijack”—allow attackers to bypass ethical safeguards, manipulate model behavior, and even hijack access to premium AI resources like OpenAI’s GPT-o1. These findings highlight the ease with which AI […]

The post GitHub Copilot Jailbreak Vulnerability Let Attackers Train Malicious Models appeared first on Cyber Security News.

A vulnerability was found in Linux Kernel up to 5.15.176/6.1.126/6.6.73/6.12.10. It has been rated as problematic. Affected by this issue is the function folio_seek_hole_data. The manipulation of the argument bit leads to infinite loop. This vulnerability is handled as CVE-2025-21665. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.126/6.6.73/6.12.10. It has been declared as problematic. Affected by this vulnerability is the function iomap_write_delalloc_scan. The manipulation leads to infinite loop. This vulnerability is known as CVE-2025-21667. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.126/6.6.73/6.12.10. It has been classified as problematic. Affected is the function imx8mp_blk_ctrl_remove. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-21668. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

JumpCloud this week revealed it has acquired Stack Identity to fuel an effort to add identity security and access visibility capabilities to its directory.

The post JumpCloud Acquires Stack Identity to Extend Access Management Reach appeared first on Security Boulevard.

A vulnerability was found in Linux Kernel up to 6.6.73/6.12.10 and classified as problematic. This issue affects the function vsock_bpf_recvmsg. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-21670. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.126/6.6.73/6.12.10 and classified as problematic. This vulnerability affects the function zram_meta_alloc. The manipulation leads to uninitialized pointer. This vulnerability was named CVE-2025-21671. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.6.73/6.12.10. This affects the function cifs_put_tcp_session. The manipulation leads to double free. This vulnerability is uniquely identified as CVE-2025-21673. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.15.176/6.1.126/6.6.73/6.12.10. Affected by this issue is the function ieee802154_if_remove in the library lib/list_debug.c of the component Network Interface Handler. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-57948. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.10. Affected by this vulnerability is the function afs_split_string of the file fs/afs/addr_prefs.c. The manipulation leads to improper locking. This vulnerability is known as CVE-2025-21672. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in quantumcloud AI Infographic Maker Plugin up to 4.9.0 on WordPress. Affected is an unknown function. The manipulation leads to code injection. This vulnerability is traded as CVE-2024-12415. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in svenl77 Post Form Plugin up to 2.8.13 on WordPress. It has been rated as problematic. This issue affects the function bf_new_submission_link. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-12037. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in vernonsystems eHive Objects Image Grid Plugin up to 2.4.1 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13662. The attack can be initiated remotely. There is no exploit available.

Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a hard-coded IP address and have a backdoor that can be used to download and execute unverified files, the US Cybersecurity and Infrastructure Security Agency confirmed. “CISA assesses the inclusion of this backdoor in the firmware of the monitor can create conditions which may allow remote code execution and device modification … More →

The post Patient monitors with backdoor are sending info to China, CISA warns appeared first on Help Net Security.

The rapid rise of DeepSeek, a Chinese artificial intelligence (AI) company, has not only disrupted the AI industry but also attracted the attention of cybercriminals. As its AI Assistant app became the most downloaded free app on the iOS App Store in January 2025, surpassing OpenAI’s ChatGPT, malicious actors have exploited its popularity to launch […]

The post DeepSeek’s Growing Influence Sparks a Surge in Frauds and Phishing Attacks appeared first on Cyber Security News.

​Law enforcement authorities in the United States and the Netherlands have seized 39 domains and associated servers used by the HeartSender phishing gang operating out of Pakistan. [...]

Italy’s data protection authority Garante blocked the DeepSeek AI service due to insufficient transparency regarding user data process. Italy’s data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek ‘s chatbot service within the country, citing a lack of information on its use of users’ personal data. The AI-powered chatbot, recently launched globally, has rapidly gained […]

Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There’s no brute-force ‘spray and pray’ password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.