Aggregator

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.121/6.12.66/6.18.6. This affects the function range_is_hole_in_parent of the component btrfs. Executing a manipulation of the argument disk_bytenr can lead to memory corruption. This vulnerability appears as CVE-2026-23141. The attacker needs to be present on the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.5. It has been rated as critical. Affected by this issue is some unknown functionality of the component tracing. Performing a manipulation results in uncontrolled recursion. This vulnerability is reported as CVE-2026-23138. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.18.7. It has been declared as critical. Affected by this vulnerability is the function dma_free_coherent of the component wifi. Such manipulation leads to allocation of resources. This vulnerability is documented as CVE-2026-23133. The attack requires being on the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.122/6.12.68/6.18.8. It has been classified as critical. Affected is the function vega10_ih_sw_init of the component amdgpu. This manipulation of the argument ring[] causes null pointer dereference. This vulnerability is registered as CVE-2026-23163. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.18.8 and classified as critical. This impacts the function auxiliary_device_init of the file drm/xe/ of the component nvm. The manipulation results in double free. This vulnerability is cataloged as CVE-2026-23162. The attack must originate from the local network. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.6.121/6.12.67/6.18.7 and classified as critical. This affects the function dma_free_coherent of the component wifi. The manipulation leads to allocation of resources. This vulnerability is listed as CVE-2026-23135. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.18.8. The impacted element is the function io_schedule_timeout of the component btrfs. Executing a manipulation can lead to deadlock. This vulnerability is tracked as CVE-2026-23157. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.18.8. The affected element is the function net_device of the component sfc. Performing a manipulation results in deadlock. This vulnerability is identified as CVE-2026-23165. The attack can only be performed from the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.122/6.12.68/6.18.8. Impacted is the function octep_device_setup of the component octeon_ep. Such manipulation leads to memory leak. This vulnerability is referenced as CVE-2026-23160. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.12.68/6.18.8. This issue affects the function mutex_unlock of the component gpio. This manipulation causes use after free. The identification of this vulnerability is CVE-2026-23158. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.6.122/6.12.68/6.18.8. This vulnerability affects the function gs_usb_receive_bulk_callback. The manipulation results in information exposure through error message. This vulnerability was named CVE-2026-23155. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is recommended.

Неизвестные методично проверяют на прочность каждый открытый вход.

Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340. [...]

Session 12C: Membership Inference

Authors, Creators & Presenters: Yan Pang (University of Virginia), Tianhao Wang (University of Virginia)

PAPER
Black-box Membership Inference Attacks against Fine-tuned Diffusion Models

With the rapid advancement of diffusion-based image-generative models, the quality of generated images has become increasingly photorealistic. Moreover, with the release of high-quality pre-trained image-generative models, a growing number of users are downloading these pre-trained models to fine-tune them with downstream datasets for various image-generation tasks. However, employing such powerful pre-trained models in downstream tasks presents significant privacy leakage risks. In this paper, we propose the first scores-based membership inference attack framework tailored for recent diffusion models, and in the more stringent black-box access setting. Considering four distinct attack scenarios and three types of attacks, this framework is capable of targeting any popular conditional generator model, achieving high precision, evidenced by an impressive AUC of 0.95.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Black-Box Membership Inference Attacks Against Fine-Tuned Diffusion Models appeared first on Security Boulevard.

通过代码生成LLM对软件包幻觉进行全面分析 by ourren

评估与增强大语言模型解决夺旗赛挑战的能力 by ourren

PentestAgent：将LLM代理融入自动化渗透测试 by ourren

2025年全球身份认证攻击风险研究报告 by ourren

JoySafeter：AI驱动安全（AISecOps）新范式 by ourren

更多最新文章，请访问SecWiki

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an BeyondTrust RS and PRA vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), to its Known Exploited Vulnerabilities (KEV) catalog. This week BeyondTrust released security updates to […]

Отключаем сбор данных в Uber, Делимобиле, Яндекс. Такси и других сервисах.

刷网页、读长文时，你一定见过页面上那个醒目的 “用 AI 总结全文” 按钮。

Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks. [...]