UBUNTU-CVE-2023-53781

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in tcpwritetimerhandler. With Eric's ref tracker, syzbot finally found a repro for use-after-free in tcpwritetimerhandler by kernel TCP sockets. 0 If SMC creates a kernel socket in smccreate, the kernel...

PT-2025-49641

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0-rc4-01174-gb5d54eb5899a 7 Description The Linux kernel contains a use-after-free issue within the tcp write timer handler function. This occurs when the SMC SMC socket creates a kernel socket and the kernel...

How phishers hide banking scams behind free Cloudflare Pages

During a recent investigation, we uncovered a phishing operation that combines free hosting on developer platforms with compromised legitimate websites to build convincing banking and insurance login portals. These fake pages don't just grab a username and password–they also ask for answers to...

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak...

MAL-2025-192365 Malicious code in python-tg-bot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5397ab6595b8237172e9a49952d092803e03526e3dda8277c64dc4d26ae45ff2 During importing, a dependency with infostealer is loaded and package attempts to exfiltrate credentials. --- Category: MALICIOUS - The campaign has clearly...

EUVD-2025-201590

Malicious code in python-tg-bot PyPI...

CVE-2025-40284

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed meshsenddone timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like oth...

Web Technologies Security in the AI Era: A Survey of CDN-Enhanced Defenses

The modern web stack, which is dominated by browser-based applications and API-first backends, now operates under an adversarial equilibrium where automated, AI-assisted attacks evolve continuously. Content Delivery Networks CDNs and edge computing place programmable defenses closest to users and...

Malicious code in rendom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1effe6d94e0635864c22ea960a22b40294c3f2e510550046139bcd78f62a33fa The package contains a Telegram bot to perform remote control of the computer. The package name additionally suggests typosquatting against standard random...

MAL-2025-192323 Malicious code in rendom (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1effe6d94e0635864c22ea960a22b40294c3f2e510550046139bcd78f62a33fa The package contains a Telegram bot to perform remote control of the computer. The package name additionally suggests typosquatting against standard random...

CVE-2025-40223

In the Linux kernel, the following vulnerability has been resolved: most: usb: Fix use-after-free in hdmdisconnect hdmdisconnect calls mostderegisterinterface, which eventually unregisters the MOST interface device with deviceunregisteriface-dev. If that drops the last reference, the device core...

Cloudflare Has Blocked 416 Billion AI Bot Requests Since July 1

Cloudflare CEO Matthew Prince claims the internet infrastructure company’s efforts to block AI crawlers are already seeing big results...

📄 Discord Language Sloth Bot Directory Traversal Scanner / Payload Generator

The Language Sloth Discord bot contains a critical directory traversal vulnerability allowing attackers to read arbitrary files on the server hosting the bot through improperly sanitized user input in file path operations. This is an automated scanner with payload generation...

PT-2025-49087

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the mptcp pm del add timer function, which can lead to a race condition. Specifically, the function may call sk stop timer sync while another process ...

’Tis the Season to Be Cyber-Wary: How Thales Protects Against Account Takeover During Peak Shopping Season

The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush to place orders, cybercriminals use the distraction and volume to blend in. Account Takeover ATO attacks spike sharply in November and December,...

CVE-2025-65957

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys SUPABASEAPIKEY, TOKEN are loaded using environment variables, but there are cases in code error handling, summaries, webhooks where configuration summaries may inadvertently leak sensitiv...

Exploit for CVE-2025-65321

CVE-2025-65321 The Language Sloth Discord bot is vulnerable to...

📄 Language Sloth Directory Traversal

The Language Sloth Discord bot has been found susceptible to a directory traversal vulnerability. CVE-2025-65321 The Language Sloth Discord bot is vulnerable to Directory Traversal in the gif and png functions. The functions build file paths using unsanitized user input for the 'name' parameter,...

CVE-2025-13381

CVE-2025-13381 (AYS & WordPress) Vulnerability exists in the AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress due to a missing capability check in the ays_chatgpt_save_wp_media function through version 2.7.0, enabling unauthenticated users to upload media files. Wordfence...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads vulnerability

Missing Authorization to Unauthenticated Media File Uploads vulnerability discovered by blue0x1 in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.0...