Aggregator

A vulnerability classified as problematic has been found in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon MC, Snapdragon MDM, Snapdragon Mobile, Snapdragon Technology, Snapdragon Voice & Music, Snapdragon WBC, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking. This affects an unknown part of the component MBN File Handler. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-21465. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon CCW, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon MDM, Snapdragon Mobile, Snapdragon Technology, Snapdragon Voice & Music, Snapdragon WBC, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument offset/size leads to out-of-bounds read. This vulnerability is handled as CVE-2025-21464. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Mobile and Snapdragon WBC. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component fastrpc Session Handler. The manipulation leads to buffer over-read. This vulnerability is known as CVE-2025-21457. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Auto QCA7005. It has been classified as problematic. Affected is an unknown function of the component PIB File Handler. The manipulation leads to exposure of sensitive information through metadata. This vulnerability is traded as CVE-2025-47324. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Qualcomm Snapdragon Compute, Snapdragon Mobile and Snapdragon Wearables and classified as critical. This issue affects some unknown processing of the component IOCTL Handler. The manipulation leads to time-of-check time-of-use. The identification of this vulnerability is CVE-2025-21455. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Shopware 6.6.x/6.7.x and classified as problematic. This vulnerability affects unknown code of the component Voucher System. The manipulation leads to race condition. This vulnerability was named CVE-2025-7954. The attack can be initiated remotely. There is no exploit available.

Today we cover Devin AI from Cognition, the first AI Software Engineer. We will cover Devin proof-of-concept exploits in multiple posts over the next few days. In this first post, we show how a prompt injection payload hosted on a website leads to a full compromise of Devin’s DevBox. GitHub Issue To Remote Code Execution By planting instructions on a website or GitHub issue that Devin processes, it can be tricked to download malware and launch it.

Akira Ransomware Exploited MFA-Protected SonicWall SSL VPNs, Say Researchers
SonicWall said it is probing a surge in attacks against its Gen 7 firewalls, running various firmware versions, which have SSL VPN enabled. Researchers said attackers may have been exploiting a zero-day vulnerability and that multiple victims have been infected with Akira ransomware.

Ransomware, Data Thefts, Other Attacks Continue to Plague Health Sector
Recent hacks on a provider of sleep disorder diagnostic gear and services, a network of medical imaging facilities and a multi-disciplinary cancer care center have affected nearly 800,000 patients. The breaches are among the latest rash of cybercriminal attacks plaguing the healthcare sector.

Dutch Servers Restored Following Moscow-Led Attack
The Dutch Public Prosecution Service on Monday began phased restoration of its networks after a cyberattack last month forced the agency to take down its services offline. The agency confirmed that hackers exploited a vulnerability in a Citrix device.

$100M State Cyber Grants Mark Major Drop in Federal Support Despite Growing Demand
The federal government announced a final $100 million round of cybersecurity grants aimed at boosting state and local defenses, but experts warn the funding signals a broader shift in responsibility to under-resourced governments facing escalating threats without sustained federal support.

多智能体蜂群掀起安全与 AI 融合革命

深度聚焦行业发展趋势、技术应用场景与复合型人才培养体系建设。

重视网络安全意味着实施更主动、自适应且可执行的措施，这些措施协同工作，才能有效应对那些对业务影响最大的威胁。

HPE announced expansion of its cybersecurity, resiliency, and compliance solutions, taking a multi-layered approach to protect enterprises through industry-leading data, network, and system security. HPE is introducing its combined secure networking portfolio, built on HPE Aruba Networking and HPE Juniper Networking, and announcing expansive updates across its portfolio: HPE advances network security with a new SASE copilot for HPE Aruba Networking EdgeConnect that provides AI-driven insights on network activity, security gaps and more. HPE Aruba … More →

The post HPE unveils unified cybersecurity portfolio with AI-driven networking and data protection appeared first on Help Net Security.

它们7x24小时不间断地协同工作，共享知识，自主决策，并将最关键、最复杂的事件提炼出来，交由人类专家进行最终的战略决策。

三菱電機製GENESIS64、MC Works64およびGENESISの複数のプロセスには、Windowsショートカットの不適切な扱いの脆弱性が存在します。

本周，互联网网络安全态势整体评价为良。

RedSeal unveiled RedSeal One, an AI-enabled exposure management platform designed to help organizations reduce risk, streamline operations, and strengthen resilience across hybrid environments. RedSeal One combines the company’s four foundational capabilities—hybrid environment modeling, attack path analysis, business-contextual risk prioritization, and continuous compliance—into a single, streamlined platform. Enabled by agentic AI, the platform continuously models the full hybrid digital environment and delivers actionable insights with the context teams need to reduce risk, validate defenses, and take … More →

The post RedSeal launches RedSeal One to simplify exposure management across hybrid environments appeared first on Help Net Security.

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks carried out by a threat actor called UAC-0099 targeting government agencies, the defense forces, and enterprises of the defense-industrial complex in the country. The attacks, which leverage phishing emails as an initial compromise vector, are used to deliver malware families like MATCHBOIL, MATCHWOK, and