Aggregator

A vulnerability was found in Linux Kernel up to 6.16.3/6.17-rc2 and classified as critical. The affected element is the function tasdevice_priv of the component ALSA. Executing manipulation can lead to memory corruption. This vulnerability is registered as CVE-2025-39696. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.43/6.16.3/6.17-rc2. It has been declared as critical. This affects the function io_futex_wait. The manipulation results in allocation of resources. This vulnerability is reported as CVE-2025-39698. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.148/6.6.102/6.12.43/6.16.3/6.17-rc2. Impacted is an unknown function. This manipulation causes privilege escalation. This vulnerability is handled as CVE-2025-39694. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.43/6.16.3/6.17-rc2. Affected by this vulnerability is an unknown functionality. The manipulation leads to privilege escalation. This vulnerability is listed as CVE-2025-39695. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in Unlimited Elements for Elementor Plugin up to 2.0 on WordPress. Affected by this issue is some unknown functionality of the component SVG File Parser. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-13692. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in Simple SA Wirtualna Uczelnia. The impacted element is the function redirectToUrl. This manipulation of the argument redirectUrlParameter causes improper neutralization of directives in dynamically evaluated code. This vulnerability appears as CVE-2025-12140. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in SDMC NE6037. This affects an unknown function of the component Diagnostics Tools. Such manipulation leads to os command injection. This vulnerability is traded as CVE-2025-8890. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in Devolutions Server up to 2025.2.15.0. It has been classified as problematic. This issue affects some unknown processing of the component Security Dashboard. This manipulation causes denial of service. The identification of this vulnerability is CVE-2025-11958. It is possible to initiate the attack remotely. There is no exploit available.

The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June 2025 with the goal of delivering NetSupport RAT. As of October 2025, the activity has expanded to also single out Uzbekistan, Group-IB researchers Amirbek Kurbanov and Volen Kayo said in a report published in collaboration with Ukuk, a state enterprise under the

Специализированная модель для задач и теорем показывает результаты сильнее многих людей и открывает новую гонку в математическом ИИ.

Rural and small community hospitals are continuing to face growing cyber challenges driven by limited and shrinking resources, staffing shortages, and increasingly sophisticated cyber threats, said Jackie Mattingly, senior director at privacy and security consulting firm Clearwater.

LSEG's Nej D'Jelal on AI-Driven Efficiency in Financial Services
Nej D'Jelal of the London Stock Exchange Group explains how agentic AI is transforming workflows for bankers, traders and analysts by boosting accuracy, speeding up research and simplifying context switching.

Businesses That Inherit SSL VPNs Through M&A Activity Falling Victim, Warn Experts
Multiple large enterprises that inherited SonicWall SSL VPN devices when they acquired a smaller entity have fallen victim to the Akira ransomware group, security researchers warn. Investigations of multiple intrusions found they began when attackers used "unmonitored and unrotated" credentials.

Bipartisan Bill Seeks Sanctions and Industry Coordination to Defend Undersea Cables
A bipartisan Senate bill would elevate the U.S. role in defending subsea fiber-optic cables against mounting threats from China and Russia, expanding diplomatic efforts, industry coordination and sanctions targeting foreign sabotage of the internet's global backbone.

Симулятор человека показал, как мозг держит равновесие — и как вернуть его людям с нейродегенерацией.

Scattered LAPSUS$ Hunters admin "Rey," allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim.