Aggregator

A vulnerability was found in Xen. It has been classified as critical. This vulnerability affects unknown code of the component SIM Page. Performing a manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-58142. The attack can only be performed from the local network. There is not any exploit available. It is suggested to install a patch to address this issue.

A vulnerability was found in Xen. It has been declared as problematic. This issue affects some unknown processing of the component Reference TSC Page. Executing a manipulation can lead to race condition. This vulnerability is tracked as CVE-2025-58143. The attack is only possible within the local network. No exploit exists. A patch should be applied to remediate this issue.

A vulnerability was found in Xen. It has been rated as critical. Impacted is an unknown function. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-58144. The attack must be carried out from within the local network. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

A vulnerability categorized as problematic has been discovered in Xen. The affected element is an unknown function of the component P2M Lock. The manipulation results in race condition. This vulnerability is cataloged as CVE-2025-58145. The attack must originate from the local network. There is no exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability was found in PCRE2Project pcre2 10.45. It has been declared as problematic. This affects the function pcre2_match of the file src/pcre2_match.c. The manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2025-58050. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Xen and classified as critical. This affects an unknown part of the component Reference TSC Area. Such manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2025-27466. The attack needs to be initiated within the local network. No exploit is available. Applying a patch is advised to resolve this issue.

彭博社报道，Discord 秘密提交了美国 IPO 申请。Discord 成立于 2015 年，提供了语音、视频和文字聊天功能，主要面向游戏玩家和主播。该平台拥有逾 2 亿月活用户。Discord 一大特色是名为服务器的群聊功能，服务器拥有者可以在服务器中创造属于自己的社群。

A vulnerability, which was classified as critical, has been found in Zoho ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and and SupportCenter Plus. This impacts an unknown function of the component Release Module. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2023-34197. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability has been found in Keyfactor EJBCA up to 7.x and classified as problematic. This issue affects some unknown processing of the file /ejbca/ra/cert of the component RA Web Certificate Distribution Servlet. This manipulation causes denial of service. This vulnerability is tracked as CVE-2023-34196. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability has been found in Insyde InsydeH2O up to 5.5 and classified as critical. Impacted is the function GetImage of the component SystemFirmwareManagementRuntimeDxe. This manipulation of the argument GetImageProgress causes code injection. This vulnerability appears as CVE-2023-34195. It is feasible to perform the attack on the physical device. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in Synacor Zimbra Collaboration 8.8.15 and classified as problematic. The impacted element is the function ClientUploader of the component File Upload Handler. Performing a manipulation results in information disclosure. This vulnerability is cataloged as CVE-2023-34193. The attack must originate from the local network. There is no exploit available.

European security and compliance teams spend a lot of time talking about regulation. A new forecast report from Kiteworks suggests the harder problem sits elsewhere. According to the report, many European organizations have strong regulatory frameworks on paper, driven by GDPR and upcoming AI rules, and weaker operational systems that show how those rules work in daily practice. The gap, the report argues, shows up in areas like AI incident response, supply chain visibility, and … More →

The post What European security teams are struggling to operationalize appeared first on Help Net Security.

1月24日9:00-1月26日9:00 重磅上线 !!!

Cofense Intelligence relies on over 35 million trained employees from around the world, therefore a considerable number of analyzed campaigns are written in languages other than English. This report covers from May 2023 to May 2025 and focuses on the overall themes of campaigns in the top five most commonly seen languages besides English that bypassed perimeter filtering such as Secure Email Gateways (SEGs). 

The post International Threats: Themes for Regional Phishing Campaigns appeared first on Security Boulevard.

SleepyDuck是一种极具威胁性的复杂远程访问木马（RAT）。

我们按时间倒序，回顾这一年那些敲响警钟的网络安全事件。

基于 Arch 的发行版 Manjaro 释出了 v26.0。主要变化包括： Linux 6.18、GNOME 49、KDE Plasma 6.5、Xfce 4.20 等。开发者建议，Plasma 6.5 和 GNOME 49 都默认使用 Wayland，仍然需要使用 X11 的用户可以选择 XFCE 版本。

A vulnerability was found in Erlang OTP up to 17.0/26.2.5.15/27.3.4.3/28.0.3. It has been classified as problematic. This impacts an unknown function in the library lib/ssh/src/ssh_sftpd.erl. This manipulation causes allocation of resources. The identification of this vulnerability is CVE-2025-48039. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in Erlang OTP up to 17.0/26.2.5.15/27.3.4.3/28.0.3. It has been declared as problematic. Affected is an unknown function in the library lib/ssh/src/ssh_sftpd.erl. Such manipulation leads to allocation of resources. This vulnerability is referenced as CVE-2025-48041. It is possible to launch the attack remotely. No exploit is available. It is best practice to apply a patch to resolve this issue.

A vulnerability was found in Erlang OTP up to 17.0/26.2.5.15/27.3.4.3/28.0.3. It has been rated as problematic. Affected by this vulnerability is an unknown functionality in the library lib/ssh/src/ssh_sftpd.erl. Performing a manipulation results in resource consumption. This vulnerability is identified as CVE-2025-48040. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.