Aggregator

A vulnerability classified as critical was found in Linux Kernel up to 6.1.128/6.6.75/6.12.12/6.13.1. The impacted element is the function free_netdev. Executing manipulation can lead to use after free. This vulnerability is handled as CVE-2025-21715. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.12/6.13.1. Affected by this issue is the function __xa_cmpxchg in the library lib/refcount.c. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-21714. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.12/6.13.1. The affected element is the function spapr_tce_set_window. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-21713. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.12.12/6.13.1. Affected by this vulnerability is the function bitmap_get_stats. Executing manipulation can lead to improper initialization. This vulnerability appears as CVE-2025-21712. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

Cybersecurity researchers have uncovered a sophisticated ransomware campaign where Agenda group threat actors are deploying Linux-based ransomware binaries directly on Windows systems, targeting VMware virtualization infrastructure and backup environments. This cross-platform execution technique challenges traditional security assumptions and demonstrates how ransomware operators are adapting to bypass endpoint detection systems that primarily focus on Windows-native threats. […]

The post Agenda Ransomware Actors Deploying Linux RAT on Windows Systems Targeting VMware Deployments appeared first on Cyber Security News.

A vulnerability described as problematic has been identified in Simple Registration for WooCommerce Plugin up to 1.5.8 on WordPress. Affected by this vulnerability is an unknown functionality of the file includes/display-role-admin.php. Executing manipulation can lead to cross-site request forgery. The identification of this vulnerability is CVE-2025-12095. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in ShopEngine Elementor WooCommerce Builder Addon Plugin up to 4.8.4 on WordPress. It has been classified as critical. The impacted element is the function post_deactive/post_activate of the component License Status Update Handler. The manipulation leads to improper authorization. This vulnerability is documented as CVE-2025-11888. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Tutor LMS Pro Plugin up to 3.8.3 on WordPress. It has been declared as critical. This affects the function tutor_assignment_submit. The manipulation results in improper control of resource identifiers. This vulnerability is reported as CVE-2025-6639. The attack can be launched remotely. No exploit exists.

A vulnerability identified as critical has been detected in WP VR Plugin up to 8.5.41 on WordPress. Affected by this vulnerability is an unknown functionality of the component Setting Handler. Performing manipulation results in improper authorization. This vulnerability is known as CVE-2025-12005. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability marked as problematic has been reported in Tutor LMS Plugin up to 3.8.3 on WordPress. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-6680. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability has been found in Gutenberg Blocks Plugin up to 3.3.4 on WordPress and classified as problematic. This affects an unknown function. The manipulation of the argument Marker Title/Marker Description leads to cross site scripting. This vulnerability is listed as CVE-2025-8588. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Listeo Plugin up to 2.0.8 on WordPress. It has been classified as problematic. Affected is the function soundcloud of the component Shortcode Handler. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2025-8413. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Testimonial Carousel for Elementor Plugin up to 11.6.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Widget. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-8666. The attack can be executed remotely. There is not any exploit available.

Троян работает полностью незаметно и сохраняет привычный интерфейс оригинального мессенджера.

A sophisticated text message phishing campaign originating from China has emerged as one of the most extensive cybersecurity threats targeting users worldwide. The operation, attributed to a threat collective known as the Smishing Triad, represents a massive escalation in SMS-based fraud, impersonating services across banking, healthcare, law enforcement, e-commerce, and government sectors. What began as […]

The post New Text Message Based Phishing Attack from China Targeting Users Around the Globe appeared first on Cyber Security News.

Работа из дома больше не будет выглядеть как «я в офисе, просто онлайн».

Airport Baggage Carousels Are Weapons, in the Right Hands
Consider the airport baggage carousel. It's big, clunky and tedious to wait by. But look at it like a war planner does, and it's suddenly very different: An almost certainly poorly secured technology system that foreign adversaries could exploit to disrupt military mobilization across the United States.

March Breach Affected Nearly 5.6 Million; NextGen Proposed Settlement Also Reached
Connecticut's largest healthcare network - Yale New Haven Health System - has agreed to pay $18 million to settle class action litigation filed in the aftermath of a March hack affecting nearly 5.6 million people. The incident ranks as the biggest health data breach reported so far in 2025.

Pension Funds Say Fortinet Leaders Misled Market With Overly Rosy Refresh Outlook
Public pension funds filed securities fraud lawsuits claiming Fortinet misled investors by overstating the value and timing of a major firewall refresh cycle. The lawsuits allege the refresh involved outdated products and had limited business impact, contradicting Fortinet's upbeat public messaging.

Forrester's Brent Ellis and Dario Maisto on Lessons Learned for Large Enterprises
The cascading outage across the U.S. East Coast triggered this week by a domain name system failure in an AWS DynamoDB service demonstrates the risks of deep architectural dependencies and the challenges of building true multi-region cloud resilience, said Forrester's Brent Ellis and Dario Maisto.