Aggregator

A vulnerability classified as problematic has been found in kube-controller-manager. The impacted element is an unknown function of the component HPA v1 Manifest Handler. The manipulation leads to denial of service. This vulnerability is documented as CVE-2024-0793. The attack requires being on the local network. There is not any exploit available.

A vulnerability marked as problematic has been reported in Kubernetes kube-apiserver up to 1.27.12/1.28.8/1.29.3. Affected is an unknown function of the component Mountable Secrets Policy. This manipulation of the argument envFrom causes information disclosure. The identification of this vulnerability is CVE-2024-3177. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

工信部首批两款 L3 级自动驾驶车型准入许可；当当创始人李国庆宣布「60 岁再创业」；iOS 26 曝光离奇 BUG。

Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database containing user information. [...]

Google is discontinuing its "dark web report" security tool, stating that it wants to focus on other tools it believes are more helpful. [...]

Japanese e-commerce giant Askul Corporation has confirmed that RansomHouse hackers stole around 740,000 customer records in the ransomware attack it suffered in October. [...]

5 шагов от скриншота до суда — полная инструкция для жертв травли в 2025.

A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection. [...]

Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. [...]

F6: в публичном доступе в 2025 году оказалось более 760 млн строк с данными россиян.

2 More Vulnerabilities Need Patching in React Server Components, Warns Vercel
Mass exploitation of the "React2Shell" - CVE-2025-55182 - vulnerability remains underway by nation-state hackers tied to China, North Korea and Iran, as well as financially motivated cybercriminals running everything from cryptomining malware to DDoS services, security experts warn.

Currently trending CVE - Hype Score: 19

Currently trending CVE - Hype Score: 18

Currently trending CVE - Hype Score: 19

Currently trending CVE - Hype Score: 19

Currently trending CVE - Hype Score: 19

Currently trending CVE - Hype Score: 19

Currently trending CVE - Hype Score: 21

Currently trending CVE - Hype Score: 2 - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)