Aggregator

CVE-2025-37929 | Linux Kernel up to ed681e90fb244aa883b918c4d8be2614e816c6df arm64 spectre_bhb_loop_affected denial of service

11 months 1 week ago

A vulnerability was found in Linux Kernel up to ed681e90fb244aa883b918c4d8be2614e816c6df and classified as critical. Affected by this issue is the function spectre_bhb_loop_affected of the component arm64. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-37929. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-37928 | Linux Kernel up to 6.1.137/6.6.89/6.12.27/6.14.5/6.15-rc4 drivers/md/dm-bufio.c in_atomic buffer overflow

VulDB Recent Entries

11 months 1 week ago

A vulnerability has been found in Linux Kernel up to 6.1.137/6.6.89/6.12.27/6.14.5/6.15-rc4 and classified as critical. Affected by this vulnerability is the function in_atomic of the file drivers/md/dm-bufio.c. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2025-37928. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-37924 | Linux Kernel up to 6.1.137/6.6.89/6.12.27/6.14.5/6.15-rc4 ksmbd_free_user use after free

VulDB Recent Entries

11 months 1 week ago

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.137/6.6.89/6.12.27/6.14.5/6.15-rc4. Affected is the function ksmbd_free_user. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-37924. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

SecWiki News 2025-05-20 Review

SecWiki News(国内外安全资讯)

11 months 1 week ago

SecWiki周刊（第585期) by ourren

MiniCAT：了解和检测小程序中的跨页面请求伪造漏洞 by ourren

更多最新文章，请访问SecWiki

微软封了国际刑事法院首席检察官的电邮账号

Solidot

11 months 1 week ago

海牙国际刑事法院今年二月以战争罪对以色列总理内塔尼亚胡及他的前国防部长加兰特（ Yoav Gallant）发出逮捕令，美国总统特朗普随后对国际刑事法院进行了制裁。微软则立即封了首席检察官 Karim Khan 的电邮账号，这位英国检察官之后被迫改用了 Proton 的电邮。Karim Khan 在英国的银行账号也被封锁了。Open-Source Business Alliance (OSBA)认为微软此举是前所未有的，这一行为为所有依赖美国基础设施的国家和组织敲响了警钟。这一案例表明美国总统可通过法令“以数字方式关闭任何依赖美国技术的组织”。

Hazy Hawk gang exploits DNS misconfigs to hijack trusted domains

Bleeping Computer.

11 months 1 week ago

A threat actor named 'Hazy Hawk' has been using DNS CNAME hijacking to hijack abandoned cloud endpoints of domains belonging to trusted organizations and incorporate them in large-scale scam delivery and traffic distribution systems (TDS). [...]

Bill Toulas

Akira

Dark Feed IO

11 months 1 week ago

You must login to view this content

cohenido

Morpheus

Dark Feed IO

11 months 1 week ago

You must login to view this content

cohenido

IBM security advisory (AV25-281)

CCCS - Alerts and advisories

11 months 1 week ago

Canadian Centre for Cyber Security

Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery

The Hackers News

11 months 1 week ago

A threat actor known as Hazy Hawk has been observed hijacking abandoned cloud resources of high-profile organizations, including Amazon S3 buckets and Microsoft Azure endpoints, by leveraging misconfigurations in the Domain Name System (DNS) records. The hijacked domains are then used to host URLs that direct users to scams and malware via traffic distribution systems (TDSes), according to

The Hacker News

Uncensored AI Tool Raises Cybersecurity Alarms

Information Security Magazine

11 months 1 week ago

The Venice.ai chatbot gained traction in hacking forums for its uncensored access to advanced models

Lynx

Dark Feed IO

11 months 1 week ago

You must login to view this content

cohenido

The State of AI in Cybersecurity 2025: What’s Working, What’s Lagging, and Why It Matters Now More Than Ever

Security Boulevard

11 months 1 week ago

This second annual study offers a deeper look at how organizations are using AI to detect and respond to attacks faster, where it’s making the biggest impact, and what’s holding adoption back.

The post The State of AI in Cybersecurity 2025: What’s Working, What’s Lagging, and Why It Matters Now More Than Ever appeared first on Security Boulevard.

MixMode Threat Research

Large Retailers Land in Scattered Spider's Ransomware Web

darkreading

11 months 1 week ago

The threat group games IT help desks to gain entry into retailer networks, and signs show it has shifted its attention from the UK to US targets.

Becky Bracken

调查发现气候科学家是最不受信任的科学家

Solidot

11 months 1 week ago

对 68 个国家近 7 万人的问卷调查发现，气候科学家相比其它领域的科学家不太受信任。刚果民主共和国对气候科学家的信任度最低，研究人员认为这反映了当地居民认为国际气候科学家倡导的绿色转型无法给他们带来好处。中国等国对气候科学家的信任度则非常高，研究人员认为这反映了中国对绿色能源经济潜力的认可，民众支持国家气候政策，将气候科学家视为推动这些政策发挥作用的关键参与者。研究还发现，持右翼政治观点的人士总体上对气候科学家的信任度较低，这些趋势存在于美国、加拿大、澳大利亚、英国和欧洲大部分地区。研究人员指出，数十年来保守派政治势力和化石燃料利益集团一直在共同致力于将气候科学政治化，破坏其可信度。但有意思的是，部分东欧和非洲国家的保守派则倾向于更信任气候科学家。研究人员猜测这可能表明，政治领导层的态度，而不是人们的政治观点，更能解释信任方面的差异。此外，支持社会等级制度和认为常识胜过科学专业知识的人不太可能信任气候科学家。

CISA最近将Chrome漏洞标记为被积极利用

安全客

11 months 1 week ago

安全客

Accenture Files Leak – New Research Reveals Projects Controlling Billions of User Data

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

11 months 1 week ago

A new research report released today by Progressive International, Expose Accenture, and the Movement Research Unit uncovers the sprawling influence of Accenture, the world’s largest consultancy firm, in driving a global wave of surveillance, exclusion, and authoritarianism. The investigation reveals how Accenture has become essential to security states worldwide, channeling public resources into private ownership […]

The post Accenture Files Leak – New Research Reveals Projects Controlling Billions of User Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Balaji