Aggregator

A vulnerability was found in Linux Kernel up to 6.0.5. It has been classified as critical. This vulnerability affects the function alloc_sk_msg in the library include/linux/sched/mm.h. This manipulation causes stack-based buffer overflow. The identification of this vulnerability is CVE-2022-50363. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 5.15.74/5.19.16/6.0.2 and classified as critical. This affects the function i2c_dw_xfer_msg of the component designware. The manipulation results in null pointer dereference. This vulnerability was named CVE-2022-50370. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.15/6.2.2 and classified as critical. Affected by this issue is the function unregister_netdev of the file net/core/dev.c. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2022-50361. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.0.2. Affected by this vulnerability is an unknown functionality of the component staging. Executing manipulation can lead to improper initialization. This vulnerability is handled as CVE-2022-50355. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.10.151/5.15.75/6.0.5. Affected is the function sfb_init of the component sched. Performing manipulation results in null pointer dereference. This vulnerability is known as CVE-2022-50356. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

The digital advertising ecosystem has become a prime hunting ground for cybercriminals, who are increasingly exploiting advertising technology companies to distribute malware and conduct malicious campaigns. Rather than simply abusing legitimate platforms, threat actors are now operating as the platforms themselves, creating a sophisticated web of deception that leverages the inherent complexity and fragmentation of […]

The post Threat Actors Abuse Adtech Companies to Target Users With Malicious Ads appeared first on Cyber Security News.

在发生多起与 ChatGPT 相关的青少年自杀案件之后，OpenAI 正引入更严格的安全措施。ChatGPT 将估计用户的年龄，如果认为用户未满 18 岁它可能会要求用户出示身份证件确认是否成年。本月初 OpenAI 已经为 ChatGPT 引入了家长控制功能。除了尝试估计或验证用户年龄，ChatGPT 还将接受训练，对青少年用户应用不同的规则，比如不会进行自杀或自残相关的讨论。如果未成年用户有自杀念头，OpenAI 将会尝试联系其父母或相关部门。

A vulnerability described as problematic has been identified in Linux Kernel up to 6.6.34/6.9.5. Impacted is the function __blk_mq_alloc_requests_batch. Executing manipulation can lead to improper initialization. This vulnerability is handled as CVE-2024-40925. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.1.94/6.6.34/6.9.5. Impacted is the function cachefiles_daemon_write of the file /dev/cachefiles. Executing manipulation can lead to improper update of reference count. This vulnerability is tracked as CVE-2024-40935. The attack is only possible within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in IDnow App up to 9.6.0 on Android and classified as problematic. This affects an unknown function of the file AndroidManifest.xml of the component de.idnow. Such manipulation leads to improper export of android application components. This vulnerability is documented as CVE-2025-7892. The attack needs to be performed locally. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Foresight News App up to 2.6.4 on Android. It has been classified as problematic. This impacts an unknown function of the file AndroidManifest.xml of the component pro.foresightnews.appa. Performing manipulation results in improper export of android application components. This vulnerability is reported as CVE-2025-7893. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Onyx up to 0.29.1. It has been declared as critical. Affected is the function generate_simple_sql of the file backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py of the component Chat Interface. Executing manipulation can lead to sql injection. This vulnerability appears as CVE-2025-7894. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in KoaJS Koa up to 3.0.0. It has been rated as problematic. This impacts the function back in the library lib/response.js of the component HTTP Header Handler. The manipulation of the argument Referrer leads to open redirect. This vulnerability is listed as CVE-2025-8129. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as problematic, was found in Dunamu StockPlus App up to 7.62.10 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.dunamu.stockplus. The manipulation results in improper export of android application components. This vulnerability is cataloged as CVE-2025-7890. The attack must be initiated from a local position. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in InstantBits Web Video Cast App up to 5.12.4 on Android and classified as problematic. The impacted element is an unknown function of the file AndroidManifest.xml of the component com.instantbits.cast.webvideo. This manipulation causes improper export of android application components. This vulnerability is registered as CVE-2025-7891. The attack needs to be launched locally. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in Linux Kernel up to 5.15.161/6.1.94/6.6.34/6.9.5. Affected is the function xhci_invalidate_cancelled_tds. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-40927. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.220/5.15.161/6.1.94/6.6.34/6.9.5. It has been declared as problematic. This vulnerability affects the function n_ssids of the component iwlwifi. Such manipulation leads to out-of-bounds read. This vulnerability is referenced as CVE-2024-40929. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.9.6 and classified as critical. Affected by this issue is the function BMIPS_GET_CBR of the component mips. Performing manipulation results in denial of service. This vulnerability is cataloged as CVE-2024-40963. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Portabilis i-Educar up to 2.10 and classified as critical. This affects an unknown part of the file /module/Api/matricula of the component Matricula API. Executing manipulation can lead to improper authorization. This vulnerability is registered as CVE-2025-9760. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The PureHVNC remote administration tool (RAT) has emerged as a sophisticated component of the Pure malware family, gaining prominence in mid-2025 amid an uptick in targeted intrusion campaigns. Originating from underground forums and Telegram channels, PureHVNC is marketed by its author, known as PureCoder, alongside companion tools such as PureCrypter, PureLogs, and PureMiner. Its adoption […]

The post PureHVNC RAT Developers Leverage GitHub Host Source Code appeared first on Cyber Security News.