Aggregator

A vulnerability described as critical has been identified in Huawei HarmonyOS and EMUI. This affects an unknown function of the component App Multiplier Module. The manipulation results in permission issues. This vulnerability is reported as CVE-2024-9136. The attack requires a local approach. No exploit exists.

A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been declared as problematic. Affected by this issue is some unknown functionality of the component App Lock Module. The manipulation results in information management error. This vulnerability is reported as CVE-2025-46589. The attack requires a local approach. No exploit exists.

因内容安全类漏洞奖励金额已达上限，内容安全定额奖励活动即日起暂停。

「攻界智汇，技破万防」第十五期「度安讲」技术沙龙及BSRC极客之夜，在热烈的技术碰撞与互动狂欢中顺利落幕。

Переговоры с Китаем ещё не начались, но США их уже проиграли.

A vulnerability was found in LDAPAccountManager lam up to 9.2. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component Profile Section. Performing manipulation of the argument profile name results in cross site scripting. This vulnerability is known as CVE-2025-58174. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 6.0.2 and classified as critical. This impacts the function ext4_write_info of the component ext4. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-50344. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability classified as problematic was found in matrix-org matrix-js-sdk up to 38.1.x. This issue affects the function MatrixClient::getJoinedRooms. Such manipulation leads to insufficient verification of data authenticity. This vulnerability is listed as CVE-2025-59160. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

A critical vulnerability in Microsoft’s Entra ID could have allowed an attacker to gain complete administrative control over any tenant in Microsoft’s global cloud infrastructure. The flaw, now patched, was discovered in July 2025 and has been assigned CVE-2025-55241. The vulnerability, described by the researcher as the most impactful he will probably ever find, resided […]

The post Critical Microsoft’s Entra ID Vulnerability Allows Attackers to Gain Complete Administrative Control appeared first on Cyber Security News.

SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON 32 last year, warning the security community of 20+ attacks that allow attackers to bypass all major SASE/SSE solutions and smuggle malware through the browser. Despite responsible disclosures to all major SASE/SSE providers, no vendor has made an official statement to warn its […]

The post Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

SquareX first discovered and disclosed Last Mile Reassembly attacks at DEF CON 32 last year, warning the security community of 20+ attacks that allow attackers to bypass all major SASE/SSE solutions and smuggle malware through the browser. Despite responsible disclosures to all major SASE/SSE providers, no vendor has made an official statement to warn its […]

The post Palo Alto Networks Acknowledges SquareX Research on Limitations of SWGs Against Last Mile Reassembly Attacks appeared first on Cyber Security News.

In August, Qilin once again reigned supreme in the global ransomware arena, claiming 104 victims and nearly doubling the total of second-place Akira, which reported 56 attacks. This marks the fourth time in five months that Qilin topped the list, underscoring the group’s relentless expansion and sophisticated affiliate recruitment strategy. Yet security teams cannot afford […]

The post Qilin Ransomware Attack Impacts 104 Organizations in August appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #653689 / VDB-324813

The Everest ransomware group has claimed a major breach at Bayerische Motoren Werke AG (BMW), alleging the theft of 600,000 lines of sensitive internal documents. The group has posted BMW on its leak site, complete with a countdown timer and instructions that threaten to make the stolen audit reports, financial records, and engineering files public […]

The post BMW Reportedly Hit by Everest Ransomware, Internal Files Stolen appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #653437 / VDB-324812

Submit #653365 / VDB-324811

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.12.44/6.16.4/6.17-rc3. This issue affects the function macb_remove of the file fs/kernfs/dir.c of the component Netdev Call Handler. Such manipulation leads to privilege escalation. This vulnerability is documented as CVE-2025-39805. The attack requires being on the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.44/6.16.4/6.17-rc3. Affected by this issue is some unknown functionality. Executing manipulation can lead to buffer overflow. The identification of this vulnerability is CVE-2025-39815. The attack needs to be done within the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.44/6.16.4/6.17-rc3. Affected by this vulnerability is the function setup_mm_hdr of the component efi. Performing manipulation results in allocation of resources. This vulnerability was named CVE-2025-39836. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.