Aggregator

A vulnerability was found in Linux Kernel up to 6.17-rc2. It has been classified as critical. Affected by this issue is the function resctrl_cpu_detect. This manipulation causes divide by zero. This vulnerability appears as CVE-2025-39681. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Mitsubishi Electric ICONICS GENESIS64 10.97.0/10.97.1. Affected is an unknown function of the component URL Parameter Handler. Such manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2022-29834. The attack can be launched remotely. No exploit exists.

A vulnerability, which was classified as critical, has been found in Mitsubishi Electric ICONICS GENESIS64 and MC Works64. Affected by this issue is some unknown functionality of the component XAML Code Handler. This manipulation causes deserialization. This vulnerability is tracked as CVE-2022-33315. The attack is only possible within the local network. No exploit exists.

A vulnerability, which was classified as critical, was found in frdel Agent-Zero 0.8.x. Affected by this vulnerability is an unknown functionality of the file /api/download_work_dir_file.py. Executing a manipulation can lead to path traversal. This vulnerability is registered as CVE-2025-55523. The attack requires access to the local network. No exploit is available.

A vulnerability has been found in frdel Agent-Zero 0.8.x and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to permission issues. This vulnerability is documented as CVE-2025-55524. The attack requires being on the local network. There is not any exploit available.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.17-rc2. This affects an unknown function of the component iommu. Executing a manipulation of the argument str can lead to stack-based buffer overflow. This vulnerability is handled as CVE-2025-38676. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.147/6.6.100/6.12.40/6.15.8. Affected by this issue is some unknown functionality of the component i2c. The manipulation leads to unchecked return value. This vulnerability is listed as CVE-2025-38671. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.147/6.6.100/6.12.40/6.15.8. Affected is the function regulator_lock_recursive of the component regulator. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-38668. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.16.3. This impacts the function f2fs_get_dnode_of_data. The manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2025-38677. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

文章介绍了如何开始学习道德黑客，推荐了基础技能（网络、Linux、编程）、学习平台（TryHackMe、Hack The Box）、课程认证（CompTIA Trifecta）、方法论（OWASP）及社区支持（r/ethicalhacking）。

The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country. "As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR)

FBI警告朝鲜支持的网络攻击组织Kimsuky利用恶意二维码进行钓鱼攻击，针对美国及外国政府机构、智库和学术机构。攻击者通过伪造邮件诱导受害者扫描二维码访问恶意网站或下载恶意软件。该手法可绕过传统安全措施，并通过窃取会话令牌绕过多因素认证，入侵云账户。

Network administrators worldwide reported widespread crashes in Cisco small business switches on January 8, 2026, triggered by fatal errors in the DNS client service. Devices entered reboot loops every few minutes, disrupting operations until DNS configurations were removed.​ The issue surfaced around 2 AM UTC, affecting models like CBS250, C1200, CBS350, SG350, and SG550X series […]

The post Cisco Small Business Switches Face Global DNS Crash Outage appeared first on Cyber Security News.

根据 Netblocks 的监测，伊朗全国范围内断网，至今已持续逾 12 小时。自 2025 年 12 月起，伊朗发生了一系列抗议活动，起因是民众对通货膨胀飙升、食品价格上涨以及伊朗里亚尔大幅贬值感到不满。示威活动最初由店主和市场商贩发起，进入新年后，抗议规模日益扩大，目前有至少数十人死亡，逾千人被捕。

好的，我现在需要帮用户总结一篇文章的内容，控制在一百个字以内。首先，我得仔细阅读用户提供的文章内容。文章提到Netblocks监测到伊朗全国断网超过12小时，自2025年12月以来，伊朗发生了抗议活动，起因是通货膨胀、食品价格上涨和里亚尔贬值。抗议最初由店主和商贩发起，进入新年后规模扩大，导致数十人死亡，上千人被捕。 接下来，我要确定用户的需求。用户希望用中文总结，不需要特定的开头，直接描述内容即可。所以我的总结应该简洁明了，涵盖主要事件：断网、抗议活动的时间、原因、规模和后果。 然后，我需要确保在100字以内表达清楚这些要点。可能的结构是先说明断网情况，然后介绍抗议活动的背景、原因、发展和结果。 最后，检查是否有遗漏的重要信息，并确保语言流畅自然。这样就能提供一个准确且符合要求的总结了。 伊朗全国断网已超12小时。自2025年12月起，民众因通货膨胀、食品价格上涨及货币贬值举行抗议活动，规模扩大后致数十人死亡、千余人被捕。

文章介绍了开始道德黑客之旅所需的资源和方法，包括基础技能（网络、Linux、编程）、学习平台（TryHackMe、Hack The Box）、课程认证（CompTIA Trifecta）以及方法论（OWASP、MITRE ATT&CK）。

🔥只需3步！无需修改现有Web Agent、无需邮件联系、直接开箱即用的Web Agent安全自动化测试靶场已正式上线！网站地址：http://security.fudan.edu.cn/webagent

Wi-Fi networks are taking on heavier workloads, more devices, and higher expectations from users who assume constant access everywhere. A new Wireless Broadband Alliance industry study shows that this expansion is reshaping priorities around security, identity, and trust, alongside adoption of new Wi-Fi standards. Wi-Fi access point shipments to the MDU vertical world markets, forecast: 2024 to 2030 (Source: Wireless Broadband Alliance) Wi-Fi 7 moves quickly into the field Wi-Fi 7 adoption advanced faster than … More →

The post Wi-Fi evolution tightens focus on access control appeared first on Help Net Security.

Злоумышленники делают так, что фишинговые письма выглядят как внутренние сообщения компании, и это ломает привычную осторожность сотрудников.

假如未来某个凌晨，格陵兰岛首府努克的因纽特居民被一阵低沉的轰鸣惊醒。MV-22"鱼鹰"倾转旋翼机的阴影掠过冰