Aggregator

Starting in mid-to-late October 2026, Microsoft will enhance the security of the Entra ID authentication system against external script injection attacks. [...]

Samourai Wallet founders Keonne Rodriguez and William Hill were sentenced to 4 and 5 years for laundering $237M via their crypto mixer.

A sophisticated ClickFix campaign dubbed “JackFix” that uses fake adult websites to hijack screens with realistic Windows Update prompts, tricking users into running multistage malware payloads. Attackers mimic popular adult sites like xHamster clones to lure victims, likely via malvertising on shady platforms. Interaction with the phishing page triggers a full-screen overlay resembling a critical […]

The post New “JackFix” Attack Leverages Windows Updates into Executing Malicious Commands appeared first on Cyber Security News.

Специалисты показали, как один символ в URL позволяет обходить сетевую защиту и подменять ответы ИИ-браузеров.

A cybersecurity incident is affecting at least three London councils, including local authorities governing some of the capital’s wealthiest districts.

A vulnerability described as critical has been identified in Linux Kernel up to 6.6.102/6.12.42/6.15.10/6.16.1. Affected is the function hfs_find_init of the component hfs. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-38716. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.16.3/6.17-rc2. It has been declared as critical. This affects the function vm_bind_ioctl. Such manipulation leads to double free. This vulnerability is traded as CVE-2025-38731. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.42/6.15.10/6.16.1/6.17-rc1. Affected by this issue is the function kcm_unattach. Executing manipulation can lead to race condition. This vulnerability is handled as CVE-2025-38717. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.42/6.15.10/6.16.1/6.17-rc1. It has been rated as critical. The affected element is the function export_dmabuf of the component habanalabs. Performing manipulation results in information disclosure. This vulnerability is identified as CVE-2025-38722. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.42/6.15.10/6.16.1. This vulnerability affects the function phy_disconnect. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-38726. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.15.10/6.16.1/6.17-rc1. This vulnerability affects the function reset_prepare of the component Hibmcge Driver. Executing manipulation can lead to deadlock. The identification of this vulnerability is CVE-2025-38720. The attack needs to be done within the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.102/6.12.43/6.15.10/6.16.1/6.17-rc1. Affected by this issue is the function io_uring. The manipulation results in buffer overflow. This vulnerability is cataloged as CVE-2025-38730. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.42/6.15.10/6.16.1. This impacts the function dir_e_read of the component gfs2. Such manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2025-38710. The attack can only be initiated within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.16.1/6.17-rc1. Affected by this vulnerability is an unknown functionality of the component netfilter. The manipulation results in privilege escalation. This vulnerability is cataloged as CVE-2025-38678. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.12.40/6.15.8/dd4c2a174994238d55ab54da2545543d36f4e0d0. This vulnerability affects the function state_ptrs of the component xfrm. The manipulation leads to improper initialization. This vulnerability is documented as CVE-2025-38675. The attack requires being on the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability identified as problematic has been detected in WP Pipes Plugin up to 1.4.1 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument x1 leads to cross site scripting. This vulnerability is traded as CVE-2024-12283. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability marked as critical has been reported in Icinga icinga2 up to 2.11.11/2.12.10/2.13.9/2.14.2. Affected is an unknown function of the component TLS Certificate Handler. Performing manipulation of the argument client_cn results in improper certificate validation. This vulnerability is known as CVE-2024-49369. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Easy Hosting Control Panel EHCP 20.04.1.b. This impacts the function listdomains. The manipulation of the argument arananalan results in sql injection. This vulnerability is cataloged as CVE-2025-50860. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.41/6.15.9/6.16.0. Impacted is the function parse_longname. Executing manipulation can lead to memory corruption. This vulnerability is handled as CVE-2025-38660. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15.8. Affected is the function dmi_system_id. This manipulation causes privilege escalation. This vulnerability appears as CVE-2025-38661. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.