Aggregator

A vulnerability classified as critical was found in XFree86 and X11 1.16.2/1.16.2.99.901/4/4.0.1/6.1. The affected element is the function GetColorTable of the component GLX Extension. Such manipulation leads to memory corruption. This vulnerability is listed as CVE-2014-8098. The attack may be performed from a remote location. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in XFree86 and X11 1.16.2/1.16.2.99.901/4/4.0.1/6.1. The impacted element is the function SProcXvListImageFormats. Performing manipulation results in memory corruption. This vulnerability is cataloged as CVE-2014-8099. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in XFree86 and X11 1.16.2/1.16.2.99.901/4. This affects the function SProcRenderCompositeGlyphs. Executing manipulation can lead to memory corruption. This vulnerability is registered as CVE-2014-8100. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability has been found in XFree86 and X11 1.16.2/1.16.2.99.901/4/4.0.1/6.1 and classified as critical. This impacts the function SProcRRConfigureOutputProperty. The manipulation leads to memory corruption. This vulnerability is documented as CVE-2014-8101. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in XFree86 and X11 up to 6.7 and classified as critical. Affected is the function SProcXFixesSelectSelectionInput. The manipulation results in memory corruption. This vulnerability is reported as CVE-2014-8102. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability was found in XFree86 and X11. It has been classified as critical. Affected by this vulnerability is the function sproc_present_query_capabilities. This manipulation causes memory corruption. This vulnerability appears as CVE-2014-8103. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as problematic, was found in X.org X Server up to 1.16.3/1.17.0. Impacted is an unknown function of the component XkbSetGeometry Request Handler. The manipulation results in information disclosure. This vulnerability is reported as CVE-2015-0255. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in X.org X11R1. This affects an unknown part of the component Image Handler. The manipulation results in divide by zero. This vulnerability is reported as CVE-2015-3418. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in XWayland up to 1.17.1. Affected is an unknown function of the component Authentication Setup. Executing manipulation can lead to improper access controls. The identification of this vulnerability is CVE-2015-3164. The attack can only be executed locally. There is no exploit available. Upgrading the affected component is advised.

A recently uncovered vulnerability in the Visual Studio Code (VS Code) Marketplace has allowed malicious actors to hijack discontinued extension names and slip malware past unsuspecting developers. In June, ReversingLabs (RL) researchers discovered a new malicious extension, ahbanC.shiba, that bore the same “shiba” identifier as a ransomware-capable extension removed in March—despite official documentation asserting extension […]

The post VS Code Marketplace Abused by Threat Actors to Deliver Malware via Trusted Extensions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

As students and staff returned to campuses this August, a stark rise in cyber attacks against educational institutions has been observed worldwide. From January to July 2025, organizations in the education sector endured an average of 4,356 weekly attacks, marking a 41 percent year-over-year increase. These assaults range from credential-harvesting phishing domains to sophisticated delivery […]

The post Cyber Attacks Targeting Education Sector Surges Following Back-to-School Season appeared first on Cyber Security News.

A vulnerability was found in mtons mblog up to 3.5.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/role/list. This manipulation of the argument Name causes cross site scripting. This vulnerability appears as CVE-2025-9647. The attack may be initiated remotely. In addition, an exploit is available.

​从 AI 飞轮到消费进化，阿里的双引擎战略。

本文提出了一种通过整合生成对抗网络（GANs）来增强网络入侵检测系统（NIDS）性能的新方法，该方法利用 GANs 生成能紧密模拟真实网络行为的合成异常流量数据，以解决 NIDS 训练中存在的数据稀缺问题。

A sophisticated ransomware attack has emerged targeting organizations through compromised third-party managed service provider (MSP) credentials, showcasing the evolving tactics of cybercriminals in 2025. The Sinobi Group, operating as a Ransomware-as-a-Service (RaaS) affiliate, successfully infiltrated corporate networks by exploiting SonicWall SSL VPN credentials mapped to over-privileged Active Directory accounts with domain administrator rights. The attack […]

The post Hackers Leverage Compromised Third-Party SonicWall SSL VPN Credentials to Deploy Sinobi Ransomware appeared first on Cyber Security News.

KylinOS постепенно превращает Поднебесную в цифровую крепость.

A sophisticated backdoor in AppSuite PDF Editor that enables threat actors to execute arbitrary commands on compromised Windows systems. Initially flagged as a potentially unwanted program due to its aggressive installation behavior, AppSuite’s true nature was revealed when its malicious components were deobfuscated and analyzed. Threat actors exploited high-ranking PDF tool websites to distribute a […]

The post AppSuite PDF Editor Exploit Lets Hackers Run Arbitrary Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts. The campaign used "compromised websites to redirect visitors to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft's device code

Sangoma warns of an actively exploited FreePBX zero-day affecting systems with publicly exposed admin control panels. The Sangoma FreePBX Security Team addressed an actively exploited FreePBX zero-day vulnerability, tracked as CVE-2025-57819 (CVSS score of 10.0), impacting systems with an internet-facing administrator control panel (ACP). FreePBX is an open-source telephony software platform that provides a web-based graphical […]

An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, including C6DOOR and GTELAM, in attacks primarily targeting users across Eastern Asia. "Attackers employed sophisticated infection chains, such as hijacked software updates and fake cloud storage or login