Aggregator

A vulnerability was found in Linux Kernel up to 6.6.71/6.12.9/6.13-rc6. It has been classified as critical. Affected is the function ipvlan_get_iflink of the component ipvlan. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-21652. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.71/6.12.9 and classified as problematic. Affected by this issue is some unknown functionality of the component dwmac-tegra. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-21663. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.6.4/17.7.3/17.8.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Personal Access Token Handler. The manipulation leads to session expiration. This vulnerability is known as CVE-2025-1198. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle Communications Cloud Native Core Policy up to 23.1.8/23.2.4. Affected is an unknown function of the component Install/Upgrade. The manipulation leads to protection mechanism failure. This vulnerability is traded as CVE-2023-4039. It is possible to launch the attack remotely. There is no exploit available.

A Threat Actor Claims to have Leaked Data of Pemerintah Kota Tangerang Selatan

Minister Ruben Brekelmans was vandaag bij de NAVO-bijeenkomst van defensieministers in Brussel. Daar had hij onder meer een ontmoeting met de nieuwe Amerikaanse defensieminister Pete Hegseth. Verder tekende Brekelmans met ambtsgenoten intentieverklaringen, bijvoorbeeld op het gebied van luchtverdediging.

North Korean state-sponsored group Kimsuky (aka Emerald Sleet, aka VELVET CHOLLIMA) is attempting to deliver malware to South Korean targets by leveraging the so-called “ClickFix” tactic. A relatively new tactic The ClickFix social engineering tactic has been dubbed thus because of the initial pretext used by malware peddlers: the users, wanting to read a webpage or document or join a video call, are shown a fake browser notice saying that the page or doc cannot … More →

The post North Korean hackers spotted using ClickFix tactic to deliver malware appeared first on Help Net Security.

A vulnerability was found in lakejason0 mediawiki-skins-Lakeus up to 1.3.1/1.4.0/1.8.0/1.39/1.42 on MediaWiki. It has been classified as problematic. Affected is an unknown function of the file themeDesigner.js of the component System Message Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-25287. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in TP-LINK TL-WR841ND and classified as problematic. This issue affects some unknown processing of the file /userRpm/WanStaticIpV6CfgRpm.htm of the component Packet Handler. The manipulation of the argument ip leads to denial of service. The identification of this vulnerability is CVE-2025-25897. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability has been found in TP-LINK TL-WR841ND and classified as problematic. This vulnerability affects unknown code of the file /userRpm/WanDynamicIpV6CfgRpm.htm of the component Packet Handler. The manipulation of the argument gw leads to denial of service. This vulnerability was named CVE-2025-25899. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in TP-LINK TL-WR841ND. This affects an unknown part of the file /userRpm/WlanSecurityRpm.htm of the component Packet Handler. The manipulation of the argument pskSecret leads to denial of service. This vulnerability is uniquely identified as CVE-2025-25898. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in whisperfish libsignal-service-rs. Affected by this issue is some unknown functionality. The manipulation of the argument was_encrypted leads to improper authentication. This vulnerability is handled as CVE-2025-24904. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/bwdates-reports-details.php of the component POST Request Parameter Handler. The manipulation of the argument todate leads to sql injection. This vulnerability is known as CVE-2025-25356. The attack can be launched remotely. There is no exploit available.

The life of a Security Operations Center (SOC) analyst is often compared to navigating a vast and dangerous ocean. While tools like Intrusion Detection Systems (IDS), Cloud-Native Application Protection Platforms (CNAPP), and Endpoint Detection and Response (EDR) provide visibility into many attack vectors, a critical blindspot remains: the application layer. This gap leaves SOC teams feeling like they're sailing blindfolded, vulnerable to unseen threats lurking beneath the surface. 

The post Application Detection and Response (ADR) Gives the SOC Deep Visibility into the Application Layer | Contrast Security appeared first on Security Boulevard.

A vulnerability was found in TP-LINK TL-WR841ND V11. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /userRpm/PPPoEv6CfgRpm.htm. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-25900. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as critical has been found in Instaclustr Cassandra-Lucene-Index plugin up to 4.0.16-1.0.0/4.1.8-1.0.0. Affected is an unknown function of the component RBAC. The manipulation leads to authentication bypass using alternate channel. This vulnerability is traded as CVE-2025-26511. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in lakejason0 mediawiki-skins-Lakeus up to 1.3.1/1.4.0/1.8.0/1.39/1.42 on MediaWiki. It has been classified as problematic. Affected is an unknown function of the file themeDesigner.js of the component System Message Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-25287. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PHPGurukul Land Record System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/bwdates-reports-details.php of the component POST Request Parameter Handler. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-25355. The attack may be initiated remotely. There is no exploit available.

探索AI驱动的代码审计：设计方案