Aggregator

A vulnerability identified as critical has been detected in Linux Kernel up to 6.1.150/6.6.104/6.12.45/6.16.5/6.17-rc4. Impacted is the function __cfg80211_connect_result of the component wifi. This manipulation causes memory corruption. This vulnerability appears as CVE-2025-39849. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

New York, New York, September 19th, 2025, CyberNewsWire BreachLock, the global leader in offensive security, has been recognized as a Sample Vendor for Penetration Testing as a Service (PTaaS) in the 2025 Gartner Hype Cycle for Application Security. The company was also recognized as a sample vendor for Adversarial Exposure Validation (AEV) in the Gartner […]

The post BreachLock Named Sample Vendor for PTaaS and AEV in Two New 2025 Gartner® Reports appeared first on Cyber Security News.

华为和浙江大学合作使用华为昇腾芯片和 MindSpeedLLM 等框架发布了 DeepSeek R1 模型的安全加强版 DeepSeek-R1-Safe（中国联通也有相似名字的安全版本模型）。源代码发表在 GitHub 等平台上。研究人员称他们基于国内外法律法规与核心价值观，构建了中英文双语的安全语料。其中语料不仅包含了带有安全思维链的标注，还提供了相应的安全回复，可用于大模型的安全训练、微调以及测试。测试结果表明，DeepSeek-R1-Safe 针对有毒有害言论、政治敏感内容、违法行为教唆等14个维度的普通有害问题整体防御成功率近 100%，针对情境假设、角色扮演、加密编码等多个越狱模式整体防御成功率超过40%。其综合安全防御能力达83%，在同样测试设置下超过Qwen-235B和DeepSeek-R1-671B等多个同期模型8%至15%。此外，在MMLU、GSM8K、CEVAL等通用能力基准测试中，DeepSeek-R1-Safe相比于DeepSeek-R1的性能损耗在1%以内。这些结果表明DeepSeek-R1-Safe不仅显著提升了安全防护能力，也保障了模型的可用性，达成了安全能力与通用性能之间的有效平衡。

A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.17-rc4. This issue affects the function alloc_skb. The manipulation of the argument new_skb results in memory leak. This vulnerability is reported as CVE-2025-39847. The attacker must have access to the local network to execute the attack. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.150/6.6.104/6.12.45/6.16.5/6.17-rc4. It has been rated as critical. This vulnerability affects the function ocfs2_delete_osb. The manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2025-39842. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.17-rc4. It has been declared as critical. This affects an unknown part of the component scsi. Executing manipulation can lead to use after free. This vulnerability is registered as CVE-2025-39841. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.16.5/6.17-rc4. It has been classified as critical. Affected by this issue is the function audit_compare_dname_path. Performing manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2025-39840. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 6.17-rc4 and classified as critical. Affected by this vulnerability is the function batadv_nc_skb_decode_packet. Such manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2025-39839. The attack must be carried out from within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.17-rc4 and classified as critical. Affected is the function ax25_kiss_rcv of the component ax25. This manipulation causes denial of service. This vulnerability is tracked as CVE-2025-39848. The attack is only possible within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.45/6.16.5/6.17-rc4. This impacts an unknown function of the component VXLAN. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-39850. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.12.45/6.16.5/6.17-rc4. This affects the function tcp_ao_copy_all_matching. The manipulation leads to memory leak. This vulnerability is referenced as CVE-2025-39852. The attack needs to be initiated within the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.16.5/6.17-rc4. The impacted element is the function asus_wmi_register_driver. Executing manipulation can lead to race condition. The identification of this vulnerability is CVE-2025-39837. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.17-rc4. The affected element is the function __iodyn_find_io_region of the component pcmcia. Performing manipulation results in null pointer dereference. This vulnerability was named CVE-2025-39846. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 6.17-rc4. Impacted is the function __populate_section_memmap in the library linux/pgtable.h. Such manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-39844. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.17-rc4. This issue affects the function arch_sync_kernel_mappings. This manipulation causes memory corruption. This vulnerability is handled as CVE-2025-39845. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.150/6.6.104/6.12.45/6.16.5/6.17-rc4. This vulnerability affects the function set_track_prepare of the component slub. The manipulation results in allocation of resources. This vulnerability is known as CVE-2025-39843. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

Phishing campaigns have long relied on social engineering to dupe unsuspecting users, but recent developments have elevated these attacks to a new level of sophistication. Attackers now harness advanced content-generation platforms to craft highly personalized emails and webpages, blending genuine corporate branding with contextually relevant messages. These platforms analyze public social media profiles, corporate press […]

The post Phishing Attacks Using AI-Powered Platforms to Misleads Users and Evades Security Tools appeared first on Cyber Security News.

An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn. Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It's assessed to be affiliated with Iran's Islamic

Так была ли жизнь на Красной планете?

利用ASPM在大型证券企业实现应用运行态安全观测 by ourren

MPAF：基于多阶段属性指纹的加密流量分类 by ourren

更多最新文章，请访问SecWiki