Aggregator

A vulnerability was found in Linux Kernel up to 6.1.116/6.6.60/6.11.7. It has been rated as problematic. This issue affects the function inc_rlimit_get_ucounts of the component Signal Handler. The manipulation leads to incorrect comparison. The identification of this vulnerability is CVE-2024-50271. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.11.7. This affects an unknown part of the component io_edgeport. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-50267. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Immersive announced its Immersive One AI-powered Lab Builder feature to give customers and partners new ways to improve cyber skills across teams through customized labs and learning experiences. With this new tool supporting Immersive’s Prove, Improve, Benchmark, and Report (PIBR) approach, cyber leaders will be able to create hands-on exercises and simulations for their technical workforce, including offensive, defensive, and secure-coding-based simulations to improve readiness against real-world threats. With the majority of cyber attacks involving … More →

The post Immersive unveils role-specific cybersecurity capabilities appeared first on Help Net Security.

In a major blow to pro-Russian cybercrime, authorities across Europe and the United States launched a sweeping international crackdown on the hacking group NoName057(16) between 14 and 17 July. The coordinated operation, codenamed Eastwood and led by Europol and Eurojust, targeted the group’s members and infrastructure. Law enforcement and judicial authorities from Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands, and the United States took part in the simultaneous actions. The … More →

The post Global crackdown hits pro-Russian cybercrime, 100+ systems taken down worldwide appeared first on Help Net Security.

A vulnerability was found in Working Resources Inc. Badblue Personal 1.7.3 and classified as problematic. Affected by this issue is the function cleanSearchString. The manipulation leads to basic cross site scripting. This vulnerability is handled as CVE-2002-1683. The attack may be launched remotely. Furthermore, there is an exploit available.

MITRE раскрыла, как ломают смарт-контракты.

Security researchers have uncovered a critical chain of vulnerabilities in Samsung’s WEA453e wireless access point that allows unauthenticated remote attackers to execute commands with full administrative privileges. The flaws, discovered in August 2020, demonstrate how seemingly minor web interface oversights can cascade into complete system compromise. The vulnerability chain begins with a reflected cross-site scripting […]

The post Samsung WLAN AP Flaws Let Remote Attackers Run Commands as Root appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Ukraine's military intelligence agency confirmed that it participated with two volunteer hacking groups in an operation against Gaskar Group, a Russian drone company.

A vulnerability was found in Groundhogg Plugin up to 4.2.1 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2025-48300. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in Media Library Assistant Plugin up to 3.26 on WordPress and classified as problematic. Affected by this vulnerability is the function mla_term_list of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-7035. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in NeoMutt and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Header Field Handler. The manipulation of the argument To/Cc leads to insufficient verification of data authenticity. This vulnerability is known as CVE-2024-49393. The attack can be launched remotely. There is no exploit available.

The Department of Defense (DoD) revealed that an advanced persistent threat (APT) group, known as Salt Typhoon and publicly identified as Chinese state-sponsored actors, had successfully penetrated a U.S. state’s Army National Guard network in a major increase in cyberthreats. This compromise spanned from March 2024 to December 2024, enabling potential exfiltration of sensitive military […]

The post Chinese ‘Salt Typhoon’ Hackers Infiltrated US National Guard Network for Almost a Year appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

Oracle released its July 2025 Critical Patch Update on July 15, addressing 309 security vulnerabilities across its extensive product portfolio.  This quarterly security update represents one of the most comprehensive patches in recent history, targeting critical flaws in database systems, middleware, cloud applications, and enterprise software that could potentially expose organizations to severe cyberattacks. The […]

The post Oracle Critical Security Update – 309 Vulnerabilities with 145 Remotely Exploitable Patched appeared first on Cyber Security News.

登录tix.qq.com获取更多资讯

很少有 CEO 能在艰难的时刻，如此游刃有余。

Microsoft has issued an urgent warning to Windows users about an impending security certificate expiration that could significantly impact device functionality. The tech giant announced that Secure Boot certificates used by most Windows devices are scheduled to expire starting in June 2026, potentially affecting the ability of personal and business computers to boot securely if […]

The post Windows Secure Boot Certificate Expired in June, Microsoft Issues Warning appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.11.7. Affected is the function damon_feed_loop_next_input. The manipulation leads to unchecked return value. This vulnerability is traded as CVE-2024-50270. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.11.7. Affected is an unknown function of the component dcp. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2024-50281. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.11.7. It has been classified as critical. This affects the function blk_alloc_disk of the component dm. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-50277. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.