Aggregator

A vulnerability was found in Linux Kernel up to 6.1.8 and classified as critical. This issue affects the function dma_chan_get in the library lib/refcount.c of the component dmaengine. The manipulation leads to use after free. The identification of this vulnerability is CVE-2022-49753. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.163/5.15.88/6.1.6 and classified as problematic. This vulnerability affects unknown code of the component nft_payload. The manipulation leads to privilege escalation. This vulnerability was named CVE-2023-53033. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.4.230/5.10.165/5.15.90/6.1.8. This affects the function net_tx_action of the component sch_taprio. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2023-53021. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

​In May, Microsoft plans to roll out a new Windows scheduled task that launches automatically to help Microsoft Office apps load faster. [...]

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.1.10. Affected by this issue is the function xattr_ids. The manipulation leads to insufficient verification of data authenticity. This vulnerability is handled as CVE-2023-52933. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.1.7. Affected by this vulnerability is the function vmci_dispatch_dgs of the file drivers/misc/vmw_vmci/vmci_guest.c. The manipulation leads to deadlock. This vulnerability is known as CVE-2022-49759. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Square Units’ appeared first on Security Boulevard.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.8. Affected is the function local_cleanup of the component nfc. The manipulation leads to use after free. This vulnerability is traded as CVE-2023-53023. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.164/5.15.89/6.1.7. It has been rated as critical. This issue affects the function ieee80211_if_add. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2023-53028. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.10. It has been declared as problematic. This vulnerability affects the function find_pmd_or_thp_or_none. The manipulation leads to state issue. This vulnerability was named CVE-2023-52934. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. "The threat actor behind

The union received a spoofed email that led to the loss of $6.4 million, much of it transferred to other accounts or to a cryptocurrency exchange.

Newly identified CoffeeLoader uses multiple evasion techniques and persistence mechanisms to deploy payloads and bypass endpoint security

Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.

A recent security update for Windows Server 2025, released on February 11, 2025 (KB5051987), has caused a significant issue for users relying on Remote Desktop Protocol (RDP). The update, part of Microsoft’s February Patch Tuesday, has led to RDP sessions freezing shortly after connection, rendering mouse and keyboard inputs unresponsive. Microsoft has confirmed this problem, […]

The post Windows Server 2025 Security Update Freezes Remote Desktop Sessions Connection appeared first on Cyber Security News.

Alleged Sale of Cyber Mail Checker Tool

A new report sheds light on the most targeted WordPress plugin vulnerabilities hackers used in the first quarter of 2025 to compromise sites. [...]