Aggregator

A vulnerability described as critical has been identified in Linux Kernel up to 6.1.164/6.6.127/6.12.74/6.18.13/6.19.3. Affected by this issue is the function ocelot_port_xmit_inj. Executing a manipulation can lead to injection. This vulnerability is registered as CVE-2026-45849. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.19.3. The affected element is an unknown function of the component net. The manipulation results in privilege escalation. This vulnerability was named CVE-2026-45847. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 6.19.3. The impacted element is the function aa_sock_file_perm of the component apparmor. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2026-45848. The attack needs to be done within the local network. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.19.3 and classified as critical. Affected by this issue is the function ntfs_read_folio of the component ntfs3. This manipulation causes deadlock. This vulnerability appears as CVE-2025-71309. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.12.74/6.18.13/6.19.3 and classified as critical. This affects the function longest_match_std of the component ntfs3. Such manipulation leads to uninitialized pointer. This vulnerability is traded as CVE-2025-71311. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19.3. It has been classified as critical. This vulnerability affects the function ntfs_fill_super of the component ntfs3. Performing a manipulation results in memory leak. This vulnerability is known as CVE-2025-71312. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.19.3. Affected by this vulnerability is the function aie_destroy_context. The manipulation results in null pointer dereference. This vulnerability is reported as CVE-2025-71308. The attacker must have access to the local network to execute the attack. No exploit exists. You should upgrade the affected component.

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex meeting page that leveraged

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been att

Попытки доказать системе, что кредит уже закрыт, превращается в настоящий тест на терпение.

微软被控向美国众议院泄漏了荷兰监管机构公务员的信息。这一指控再次加剧了欧洲对依赖美国技术的担忧，有助于进一步推动欧洲数据主权运动。荷兰媒体 NL Times 报道，被泄漏信息的公务员任职于监管机构荷兰消费者与市场管理局（Authority for Consumers and Markets）和荷兰数据保护局（Dutch Data Protection Authority），负责执行欧盟的消费者保护法律 Digital Services Act。微软提供了公务员发送的电子邮件、会议记录和邀请函，而且没有删除他们的名字。荷兰政府官员已就此事会见了美国驻荷兰大使 Joe Popolo。

微软被控向美国众议院泄漏了荷兰监管机构公务员的信息。这一指控再次加剧了欧洲对依赖美国技术的担忧，有助于进一步推动欧洲数据主权运动。荷兰媒体 NL Times 报道，被泄漏信息的公务员任职于

Malware analysts spend a lot of time deciding which signals from a sandbox run are worth keeping. A sample executed in a controlled environment can generate hundreds of measurable attributes covering file structure, registry edits, process behavior, and network traffic. Most of those attributes add noise. A recent study works through this problem in detail, and the part that earns attention from working defenders is the feature selection, not the deep learning model attached to … More →

The post The behavioral signals that sharpen Trojan malware detection appeared first on Help Net Security.

2026年5月29日 13:30软件资讯00.76K

A Google software engineer has been charged in the United States for allegedly using confidential internal data to generate more than $1.2 million in profits through prediction market trading. The case highlights growing concerns around insider threats and misuse of privileged access in large technology organizations. According to the U.S. Attorney’s Office for the Southern […]

The post Google Employee Charged for Making $1.2 Million With Confidential Information appeared first on Cyber Security News.

Именно так выглядит подготовка к атаке, которой ещё не существует.

2026年5月，弗吉尼亚州阿什本FBI特工在翻开那扇普通民宅大门的那一刻，清点到了303根黄金砖。每根一公斤

2001年2月18日，美国弗吉尼亚州一个公园里，FBI探员罗伯特·汉森把一个装有机密材料的垃圾袋放进预设“死信

A vulnerability labeled as problematic has been found in Linux Kernel 5.2.14. The impacted element is an unknown function of the file drivers/gpu/drm/radeon/radeon_display.c. Executing a manipulation of the argument alloc_workqueue as part of Return Value can lead to null pointer dereference. This vulnerability is handled as CVE-2019-16230. The attack can be executed remotely. There is not any exploit available. The presence of this vulnerability remains uncertain at this time.

A vulnerability marked as critical has been reported in libxslt 1.1.33. This affects the function xsltCopyText of the file transform.c. This manipulation as part of Variable causes use after free. The identification of this vulnerability is CVE-2019-18197. It is possible to initiate the attack remotely. There is no exploit available.