Aggregator

以伊冲突彰显“字节和叙事”在战争中与“炸弹和导弹”同等重要

最近一起针对意大利数字身份系统SPID用户的钓鱼攻击被曝光。攻击者通过伪造的域名和紧急邮件诱骗用户提供敏感信息，包括凭证、身份证件副本及面部识别视频。这些数据被恶意收集用于身份盗窃或非法访问服务。

国产漏洞管理新方案！ 针对漏洞信息碎片化、共享难、扫描弱困境，摄星玄猫推出国产产品安全漏洞数据集。通过统一命名、整合漏洞、智能标记，实现高效管理，提升安全运营与供应链风险管控，护航国产化。

A vulnerability has been found in Foswiki up to 1.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to numeric error. This vulnerability is known as CVE-2012-6330. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Linux Kernel up to 6.14.2. It has been rated as problematic. This issue affects the function crc_t10dif_arch. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2025-23153. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. Affected is the function nvmet_ctrl_state_show. The manipulation of the argument csts_state_names[] leads to out-of-bounds read. This vulnerability is traded as CVE-2025-39778. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-22076. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.24/6.14.3. This issue affects the function enable_streams. The manipulation leads to state issue. The identification of this vulnerability is CVE-2025-37870. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.1 and classified as problematic. Affected by this issue is the function msm_parse_deps of the component gem. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2025-22096. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. Affected is the function may_goto of the component bpf. The manipulation of the argument interpreters[] leads to improper validation of array index. This vulnerability is traded as CVE-2025-22087. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.25/6.14.4/6.15-rc3. Affected is the function test_progs of the component riscv. The manipulation leads to insufficiently random values. This vulnerability is traded as CVE-2025-37822. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.12.23/6.13.11/6.14.2/6.15-rc1. Affected by this vulnerability is the function dmam_free_coherent. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2025-37837. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.14.2/6.15-rc1. This affects the function erratum_1386_microcode. The manipulation leads to improper null termination. This vulnerability is uniquely identified as CVE-2025-37751. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.24/6.14.3/6.15-rc2. It has been declared as critical. Affected by this vulnerability is the function txgbe_probe of the component net. The manipulation leads to double free. This vulnerability is known as CVE-2025-37872. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

安全运营已经具备广泛且成熟应用的条件，成为组织数字化转型的有力保障，支撑数字化业务发展。但什么样的安全运营才能真正符合数字化组织的需求，才能够有效的帮助组织完成安全目标、体现安全运营的真正价值，这是摆在产业界面前的一道必答题。

Система растёт быстрее, чем её пытаются разрушить.

当前环境出现异常，需完成验证后才能继续访问。

让代码审计更精准、更高效！

当前环境异常，需完成验证后方可继续访问。

近日，绿盟科技CERT监测到IBM发布安全公告，修复了WebSphere Application Server远程代码执行漏洞（CVE-2025-36038）。CVSS评分9.0，请相关用户尽快采取措施进行防护。