Aggregator

A vulnerability has been found in Linux Kernel up to 5.4.188/5.10.109/5.15.32/5.16.18/5.17.1 and classified as critical. This vulnerability affects the function __kmem_cache_shutdown. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2022-49220. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.4.187/5.10.108/5.15.31/5.16.17/5.17.0. Affected is the function try_get_ops of the file tpm-space.c. The manipulation of the argument tpm_mutex leads to privilege escalation. This vulnerability is traded as CVE-2022-49286. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.17.0. It has been rated as problematic. Affected by this issue is the function vmalloc. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2022-49292. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.110/5.15.33/5.16.19/5.17.2 and classified as problematic. Affected by this issue is the function pm8001_send_abort_all. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2022-49120. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.188/5.10.109/5.15.32/5.16.18/5.17.1. It has been classified as critical. This affects the function tcp_bpf_sendmsg of the file net/core/stream.c. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2022-49209. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. Microsoft has observed Node.js increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. Threat actors are increasingly using Node.js to deploy malware, shifting from traditional […]

Уязвимость в корне SSH ставит под удар устройства Cisco и Ericsson.

A vulnerability classified as critical has been found in Netgear WNR854T 1.5.2. This affects the function SetDefaultConnectionService. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-54808. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Netgear WNR854T 1.5.2 and classified as critical. This vulnerability affects the function parse_st_header of the component Header Parameter Handler. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2024-54809. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Password Protected Plugin up to 2.7.7 on WordPress. It has been declared as critical. This vulnerability affects the function password_protected_cookie. The manipulation leads to improper authentication. This vulnerability was named CVE-2025-3453. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-3015. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function Assimp::MDLImporter::ParseTextureColorData of the file code/AssetLib/MDL/MDLMaterialLoader.cpp of the component MDL File Handler. The manipulation of the argument mWidth/mHeight leads to resource consumption. This vulnerability was named CVE-2025-3016. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

长风万里，安全无疆

长风万里，安全无疆

Patients go to the facility where the doctor or treatment care they need is located. It might be a hospital, a medical building, an urgent care facility, or a clinic. Regardless of location, the expectation has always been a quality patient care experience: The medical professional they are dealing with will be able to...

A critical vulnerability in the widely adopted Model Context Protocol (MCP), an open standard for integrating generative AI (GenAI) tools with external systems, has exposed organizations to risks of data theft, ransomware, and unauthorized access. Security researchers demonstrated two proof-of-concept (PoC) attacks exploiting the flaw, raising alarms about emerging GenAI security challenges. What is MCP? […]

The post Model Context Protocol Flaw Allows Attackers to Compromise Victim Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Modern websites are under constant pressure from automated traffic: scraping, credential stuffing, inventory hoarding, and other malicious bot behaviors. While Cloudflare Bot Management is a powerful cloud-native solution that leverages massive data and machine learning, not every organization wants to rely on a cloud proxy. For teams seeking data autonomy, self-hosted control, and enterprise-grade protection, SafeLine offers a compelling alternative. Cloudflare Bot Management: Cloud power with centralized control Cloudflare manages around 20% of all global … More →

The post SafeLine Bot Management: Self-hosted alternative to Cloudflare appeared first on Help Net Security.

China has announced a significant step forward in its partnership with Russia, with plans to expand their cooperation in the field of cybersecurity. In an article published by Sputnik News, Chinese Ambassador to Russia Zhang Hanhui outlined Beijing’s intention to deepen its collaboration, emphasizing the shared importance both countries place on digital security and the […]

The post China Plans Expanded Cybersecurity Cooperation with Russia appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #553722 / VDB-305399

A new ransomware variant known as “Ghost” (also referred to as Cring) has emerged as a significant danger. Since its first appearance in 2021, the FBI and CISA have issued a joint advisory on February 2025, highlighting its growing menace, particularly after a sharp increase in attacks on critical infrastructure, healthcarbe facilities, and financial institutions […]

The post Ghost Ransomware Targets Organizations Across 70+ Countries appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.