Aggregator

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. This impacts the function ctucan_err_interrupt. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2025-21775. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.15/6.13.3/6.14-rc2. Affected is the function nr_subbufs of the component ring-buffer. The manipulation results in buffer overflow. This vulnerability is known as CVE-2025-21777. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.1.128/6.6.78/6.12.15/6.13.3/6.14-rc2. The affected element is the function put_dev_sector. Such manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2025-21772. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.78/6.12.15/6.13.3/6.14-rc2. The impacted element is an unknown function of the component etas_es58x. Performing a manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-21773. The attacker must have access to the local network to execute the attack. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.15/6.13.3/6.14-rc2. This affects the function rkcanfd_handle_rx_fifo_overflow_int. Executing a manipulation can lead to null pointer dereference. This vulnerability appears as CVE-2025-21774. The attacker needs to be present on the local network. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.12.15/6.13.3/6.14-rc2. It has been rated as problematic. This affects the function scx_move_task of the file kernel/sched/ext.c. This manipulation causes information disclosure. This vulnerability is registered as CVE-2025-21771. The attack requires access to the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability identified as problematic has been detected in Linux Kernel up to 6.12.15/6.13.3/6.14-rc2. Impacted is the function iopf_queue_remove_device. This manipulation causes memory leak. This vulnerability is registered as CVE-2025-21770. It is feasible to perform the attack on the physical device. No exploit is available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.13.3/6.14-rc2. The affected element is the function vmclock_miscdev_fops. Executing a manipulation can lead to privilege escalation. The identification of this vulnerability is CVE-2025-21769. The attack needs to be done within the local network. There is no exploit available. You should upgrade the affected component.

Submit #814103 / VDB-365481

«SQL Developer скачать бесплатно» — и добро пожаловать в КСИР.

YoroTrooper 针对独联体及周边目标实施定向攻击。攻击链路以 Telegram 投递恶意压缩包为入口，随后通过名称混淆注册伪装 Windows 系统服务实现持久化，并释放多款定制反向 Shell（含 TLS 加密与反分析机制）建立隐蔽远控通道。本文还原攻击流程并给出 IOC。

A vulnerability identified as critical has been detected in changmingxie tcc-transaction up to 2.1.0. This issue affects the function Fastjson.parseObject of the component Fastjson AutoType REST API. This manipulation causes deserialization. The identification of this vulnerability is CVE-2026-9497. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #814092 / VDB-365480

A vulnerability categorized as critical has been discovered in Acer Care Center up to 4.00.3058. This vulnerability affects unknown code of the component ACCSvc Service. The manipulation results in improper privilege management. This vulnerability was named CVE-2026-9490. The attack needs to be approached locally. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Apache ECharts up to 6.0.x. It has been rated as problematic. This affects an unknown part of the component Lines Series Tooltip Rendering. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-45249. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader. "DPAPILoader decrypts and

隧道藏暗控——Cloudflare合法工具被黑产用于远程控制

The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI

历经一年筹备，第九届PANDA大会将于2026年7月13—14日在深圳举办。