Aggregator

A vulnerability classified as critical has been found in Intel CIP Software. This affects an unknown part. The manipulation leads to improper access controls. This vulnerability is listed as CVE-2025-24314. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in SuiteCRM up to 7.14.7/8.9.0. This vulnerability affects unknown code of the component Deactivation Handler. Such manipulation leads to improper privilege management. This vulnerability is listed as CVE-2025-64489. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in SuiteCRM up to 7.14.7/8.9.0. This issue affects some unknown processing of the component Related Module. Performing manipulation results in incorrect authorization. This vulnerability is cataloged as CVE-2025-64490. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in SuiteCRM up to 7.14.7. It has been declared as problematic. This issue affects some unknown processing. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-64491. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Chrome and classified as critical. Affected is an unknown function of the component V8. This manipulation causes out-of-bounds write. This vulnerability is registered as CVE-2025-12727. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The affected component should be upgraded.

论坛以"智能时代网络安全学科发展"为主题，深入探讨新一代智能技术驱动下的学科转型与升级。

由于攻击成功率极高，ClickFix已被各层级网络犯罪分子广泛采用，且不断迭代进化，所用诱骗手段的技术复杂度与迷惑性也日益提升。

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

Cyber attackers often succeed not because they are inventive, but because the systems they target are old. A new report by Cisco shows how unsupported technology inside national infrastructure creates openings that attackers can exploit repeatedly. The findings show how widespread this problem has become and how much it influences national resilience. A growing problem that is hard to ignore Nearly half of global business network assets were already ageing or obsolete as far back … More →

The post Your critical infrastructure is running out of time appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-27, 22 days ago. The vendor is given until 2026-03-27 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'soiax' was reported to the affected vendor on: 2025-11-27, 24 days ago. The vendor is given until 2026-03-27 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'awxylitol' was reported to the affected vendor on: 2025-11-27, 21 days ago. The vendor is given until 2026-03-27 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Recommend

A new Malware-as-a-Service (MaaS) threat named “Olymp Loader” appeared in June 2025, aggressively advertised on underground hacker forums like XSS and HackForums. Advertised by an operator known as “OLYMPO,” this malware is marketed as a sophisticated tool written entirely in Assembly language. This marketing strategy aims to attract cybercriminals by claiming high performance and resistance […]

The post New Malware-as-a-Service Olymp Loader Advertised on Hacker Forums with It’s Anti-analysis and Detection Features appeared first on Cyber Security News.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.1.2. This affects the function propagate_mnt of the component pnode. The manipulation results in null pointer dereference. This vulnerability is cataloged as CVE-2022-50280. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.85/6.0.15/6.1.1 and classified as critical. Affected by this issue is some unknown functionality of the component btrfs. The manipulation results in improper update of reference count. This vulnerability is identified as CVE-2022-50293. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.0.2. This affects the function of_get_ddr_timings of the component memory. The manipulation results in improper update of reference count. This vulnerability was named CVE-2022-50249. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.4.214/5.10.145/5.15.70/5.19.11/6.0. The affected element is the function ext4_ext_binsearch_idx of the file fs/ext4/extents.c. The manipulation leads to privilege escalation. This vulnerability is referenced as CVE-2022-48631. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.0.16/6.1.2. This issue affects the function kexec of the component IRQ Handler. Executing manipulation can lead to improper initialization. This vulnerability is tracked as CVE-2022-50236. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is advised.