Aggregator

Linus Torvalds 在内核邮件列表上宣布释出了 Linux 6.16-rc1，关闭了合并窗口，正式版预计将在 7 月底左右释出。Linux 6.16-rc1 的主变化包括：改进性能，支持 AMD 和英特尔的新硬件，Nouveau 驱动支持英伟达 Blackwell 和 Hopper GPU，英特尔 APX 初步支持，USB 音频分流（Offloading），sysfs 报告硬/软锁死次数的，OpenVPN DCO 驱动等等。

Submit #585750 / VDB-311662

Submit #585727 / VDB-311661

Операция Eagle Flush сорвала маску с международной схемы киберобучения аферистов.

A vulnerability was found in juliangruber brace-expansion up to 1.1.11. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. This vulnerability is handled as CVE-2025-5889. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. This vulnerability was named CVE-2025-5861. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Microhard IPn4Gii and Bullet-LTE up to 1.2.0-r1132. It has been rated as critical. Affected by this issue is some unknown functionality of the component AT+MFMAC Command Handler. The manipulation leads to argument injection. This vulnerability is handled as CVE-2025-35005. Local access is required to approach this attack. There is no exploit available.

A vulnerability classified as critical has been found in Microhard IPn4Gii and Bullet-LTE up to 1.2.0-r1132. This affects an unknown part of the component AT+MFPORTFWD Command Handler. The manipulation leads to argument injection. This vulnerability is uniquely identified as CVE-2025-35006. Attacking locally is a requirement. There is no exploit available.

A vulnerability classified as critical was found in Microhard IPn4Gii and Bullet-LTE up to 1.2.0-r1132. This vulnerability affects unknown code of the component AT+MFRULE Command Handler. The manipulation leads to argument injection. This vulnerability was named CVE-2025-35007. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Microhard IPn4Gii and Bullet-LTE up to 1.2.0-r1132. This issue affects some unknown processing of the component AT+MMNAME Command Handler. The manipulation leads to argument injection. The identification of this vulnerability is CVE-2025-35008. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The identification of this vulnerability is CVE-2025-5862. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #585717 / VDB-311660

A recent investigation by Genians Security Center (GSC) has uncovered a highly sophisticated, multi-channel cyber espionage campaign attributed to the North Korea-aligned advanced persistent threat (APT) group known as Kimsuky. Between March and April 2025, the group leveraged Facebook, email, and Telegram to infiltrate targets primarily within the defense sector, North Korea-related activists, and cryptocurrency […]

The post Kimsuky Strikes Again – Coordinated Attacks Target Facebook, Email, and Telegram appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-5888. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in jsnjfz WebStack-Guns 1.0. It has been classified as problematic. Affected is an unknown function of the file UserMgrController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. This vulnerability is traded as CVE-2025-5887. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #582920 / VDB-311659

Submit #582062 / VDB-311659

Submit #580744 / VDB-311658

微软正式宣布和华硕合作推出 Xbox 掌机 ROG Xbox Ally。类似 Steam Deck 的 SteamOS，ROG Xbox Ally 运行的是 Windows 11 操作系统，但为掌机体验进行了优化，微软称之为“Xbox Experience for Handheld”，操作系统最少化后台活动，限制了非必要任务。微软还计划学习 Valve 的掌机认证标签，推出为 Windows 掌机优化的认证程序。ROG Xbox Ally 基础版配备了 AMD Ryzen Z2 A 处理器、16 GB 内存、512 GB 存储空间和 60 Wh 电池；高级版 Xbox Ally X 配备了 AMD Ryzen AI Z2 Extreme 处理器、24 GB 内存、1 TB 存储空间和 80 Wh 电池，还配备了与 Xbox 手柄相同的脉冲扳机。两款掌机配置均采用 7 英寸、1080p@120 Hz IPS 显示屏，支持可变刷新率。Xbox Ally 的重量为 670 克，Xbox Ally X 比它重 45 克。价格等相关信息将在未来几个月公布。

A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post leads to cross site scripting. The identification of this vulnerability is CVE-2025-5886. The attack may be initiated remotely. Furthermore, there is an exploit available.