Aggregator

A vulnerability was found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. It has been rated as critical. This affects the function to_user. The manipulation leads to improper update of reference count. This vulnerability is listed as CVE-2022-49272. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1 and classified as problematic. This impacts the function vm_access. This manipulation causes out-of-bounds read. The identification of this vulnerability is CVE-2022-49261. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.15.32/5.16.18/5.17.1. This vulnerability affects the function CONFIG_DM_CRYPT of the component octeontx2. Executing manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2022-49262. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.4.188/5.10.109/5.15.32/5.16.18/5.17.1. This affects the function snd_dma_free_pages. The manipulation results in null pointer dereference. This vulnerability was named CVE-2022-49268. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.4.188/5.10.109/5.15.32/5.16.18/5.17.1 and classified as critical. This issue affects the function brcmf_pcie_setup. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2022-49263. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. Affected is the function free_watch. The manipulation results in memory leak. This vulnerability is reported as CVE-2022-49256. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.10.109/5.15.32/5.16.18/5.17.1. Affected by this vulnerability is the function __free_page of the component watch_queue_set_size. This manipulation causes null pointer dereference. This vulnerability appears as CVE-2022-49257. The attacker needs to be present on the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in withastro astro up to 4.16.0. It has been rated as problematic. This affects an unknown part. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2024-47885. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

Matrix 首页推荐 Matrix 是少数派的写作社区，我们主张分享真实的产品体验，有实用价值的经验与思考。我们会不定期挑选 Matrix 最优质的文章，展示来自用户的最真实的体验和观点。 文章代表

三菱電機製GX Works 2では、プロジェクトファイルの保護に使用される認証情報が平文で保存されています。

Morning HighlightsThermaltake unveils the TPM-O49CDQ monitorAlibaba releases two smart gla

ソニー株式会社が提供するINZONE HubのインストーラにはDLL読み込みに関する脆弱性が存在します。

#云计算 在发生 DNS 系统大规模中断后亚马逊 AWS 构建备用 DNS 系统增强可用性，新功能名为 Amazon Route 53 加速恢复方案。该方案免费提供，如果亚马逊 DNS

Currently trending CVE - Hype Score: 19 - Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

#硬件设备 希捷使用热辅助磁记录技术在实验室构建 6.9TB 的单盘存储，在同等尺寸下可以使用该盘片构建单个硬盘高达 69TB 的存储容量。不过这种盘片要到 2030 年才会投产，希捷

RedExt is a sophisticated browser data analysis framework designed for authorized red team operations. It combines a Manifest

The post RedExt: New Red Team Tool Uses Chrome Extension for Covert Browser Data Exfiltration appeared first on Penetration Testing Tools.

HackerNews 编译，转载请注明出处： OpenAI 向部分用户发出警告，分析公司 Mixpanel 遭遇网络攻击，可能导致这些用户的数据泄露。 Mixpanel 是一款产品分析平台，企业可通过该平台了解用户与自身应用或网站的交互情况。众多科技公司借助 Mixpanel 收集数据，为功能优化、性能提升及用户旅程设计等决策提供依据。 OpenAI 就 Mixpanel 数据泄露事件向部分用户告知潜在风险。这家分析服务提供商于 11 月 8 日检测到一起钓鱼短信攻击，但试图淡化此次安全事件的严重性，称其仅影响少数客户。 OpenAI 表示，自身系统未遭入侵，ChatGPT 对话记录、提示词、API 数据、密码、密钥及支付信息均保持安全。攻击者实际窃取的是 Mixpanel 中有限的数据集，包含来自 platform.openai.com 的用户档案详情 —— 姓名、邮箱地址、大致地理位置、操作系统 / 浏览器信息、机构或用户 ID，以及引荐网站。OpenAI 提醒，这些数据可能被用于钓鱼攻击和社会工程学诈骗。 OpenAI 声明：“作为安全调查的一部分，我们已在生产环境中移除 Mixpanel 服务，核查了受影响数据集，并正与 Mixpanel 及其他合作伙伴密切合作，以全面了解事件详情及影响范围。我们正在直接通知受影响的机构、管理员及用户。目前尚未发现证据表明 Mixpanel 环境外的系统或数据受到影响，但我们会持续密切监控是否存在滥用风险。” 相应地，OpenAI 已在生产环境中停用 Mixpanel，核查了受影响数据，并在通知相关用户及机构的同时，持续监控数据滥用情况。 Mixpanel 在数据泄露通知中称：“2025 年 11 月 8 日，Mixpanel 检测到一起钓鱼短信攻击，并立即启动了事件响应流程。我们采取了全面措施遏制并清除未授权访问，保障受影响用户账户的安全。同时，我们已联合外部网络安全合作伙伴开展漏洞修复及事件响应工作。” Mixpanel 采取了多项措施保障系统安全并保护受影响客户：加固遭入侵的账户，撤销所有活跃会话，更换泄露的凭证；封禁攻击相关的恶意 IP 地址，并在安全监控平台中添加攻击特征指标。 为强化内部安全，Mixpanel 要求所有员工重置全球范围内的账户密码，聘请第三方取证团队协助遏制攻击并清理风险；同时对受影响账户的身份验证日志、会话日志及导出日志进行了详细的取证分析。 为防范类似事件再次发生，Mixpanel 已部署新的安全控制措施，旨在未来能检测并拦截此类恶意活动。该公司目前正与执法部门及外部网络安全顾问合作推进相关工作。 已收到 Mixpanel 通知的客户应遵照邮件中的指示操作；未收到任何通知的用户则未受此次事件影响，无需采取进一步措施。   消息来源：securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

error code: 521

New York State's stringent new cybersecurity requirements for many hospitals will have a ripple effect, raising the security bar and expectations for healthcare providers across many other states, predicts Chris Stucker, deputy CISO at Wisconsin-based Froedtert ThedaCare Health.

Ground Stations a Top Target in Any Future Conflict, Warns Intelligence Official
Space is becoming a domain of warfare, with private sector companies' planet-side infrastructure on the front lines - and the first shots will likely be fired in cyberspace, a senior U.S. intelligence official warned this month. "If someone owns the ground station, they own the satellite."