Aggregator

A vulnerability was found in Linux Kernel up to 6.6.99/6.12.39/6.15.7. It has been classified as critical. This affects the function bpf_arch_text_poke. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-38489. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 and classified as critical. Affected by this issue is the function crypt_message of the component smb. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-38488. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.15.7 and classified as critical. Affected by this vulnerability is the function set_channel_map of the component BRK Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-38486. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. Affected is the function COMEDI_INSNLIST. The manipulation of the argument n_insns leads to buffer overflow. This vulnerability is traded as CVE-2025-38481. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This issue affects the function __nf_conntrack_find_get of the component netfilter. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2025-38472. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

The women-only dating safety app Tea has suffered a significant cybersecurity incident, with hackers gaining unauthorized access to approximately 72,000 user images, including 13,000 sensitive selfies and identification documents used for account verification.  The breach, which represents one of the most serious data exposures in the dating app ecosystem, has raised critical concerns about biometric […]

The post Women’s Dating App Tea Exposes Selfie Images of 13,000 Users appeared first on Cyber Security News.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7/2277d7cbdf47531b2c3cd01ba15255fa955aab35. This vulnerability affects the function tls_strp_check_rcv of the component tls. The manipulation leads to use after free. This vulnerability was named CVE-2025-38471. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.99/6.12.39/6.15.7. This affects the function timerlat_dump_stack in the library lib/string_helpers.c. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-38493. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. It has been rated as critical. Affected by this issue is the function unregister_vlan_dev of the component 8021q Module. The manipulation leads to memory leak. This vulnerability is handled as CVE-2025-38470. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.39/6.15.7/6654efe264b014d8ea9fc38f79efb568b1b79069/609937aa962a62e93acfc04dd370b665e6152dfb. It has been declared as critical. Affected by this vulnerability is the function __mptcp_do_fallback in the library net/mptcp/protocol.h of the component mptcp. The manipulation leads to infinite loop. This vulnerability is known as CVE-2025-38491. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. It has been classified as critical. Affected is the function l2cap_sock_resume_cb of the file include/linux/instrumented.h of the component Bluetooth. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-38473. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.39/6.15.7 and classified as critical. This issue affects the function cipso_v4_sock_setattr of the component smc. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-38475. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.99/6.12.39/6.15.7 and classified as problematic. This vulnerability affects the function kmalloc_array of the component KVM. The manipulation leads to privilege escalation. This vulnerability was named CVE-2025-38469. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

В Германии найден новый способ управления транзистором.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. This affects the function htb_enqueue. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-38468. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. Affected by this issue is the function rpl_do_srh_inline. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-38476. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7. Affected by this vulnerability is the function misc_deregister of the file /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind of the component soc. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-38487. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Malware-as-a-service (MaaS) platforms like PhantomOS and Nebula are democratizing Android device attacks because they provide pre-built, subscription-based malware kits for as little as $300 per month, marking a fundamental shift in the cybercrime scene. These services eliminate the need for coding expertise, providing cybercriminals with fully functional Android trojans equipped with advanced capabilities like two-factor […]

The post Android Malware-as-a-Service Gets Cheaper, Packing 2FA Interception appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Oyster malware, also known as Broomstick or CleanupLoader, has resurfaced in attacks disguised as popular tools like PuTTY, KeyPass, and WinSCP. This malware, active since at least 2023, tricks users into downloading malicious installers, potentially paving the way for ransomware infections such as Rhysida. CyberProof Threat Researchers recently uncovered a real-world instance in the […]

The post Oyster Malware as PuTTY, KeyPass Attacking IT Admins by Poisoning SEO Results appeared first on Cyber Security News.