Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2025-1261)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1261 advisory. Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file CVE-2025-5601 Tenable has extracted the preceding descripti...

Medium: wireshark

Issue Overview: Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file CVE-2025-5601 Affected Packages: wireshark Issue Correction: Run dnf update wireshark --releasever 2023.9.20251110 or dnf update --advisory...

Android malware steals your card details and PIN to make instant ATM withdrawals

The Polish Computer Emergency Response Team CERT Polska analyzed a new Android-based malware that uses NFC technology to perform unauthorized ATM cash withdrawals and drain victims' bank accounts. Researchers found that the malware, called NGate, lets attackers withdraw cash from ATMs Automated...

GPT-5 at CTFs: Case Studies from Top-Tier Cybersecurity Events

OpenAI and DeepMind's AIs recently got gold at the IMO math olympiad and ICPC programming competition. We show frontier AI is similarly good at hacking by letting GPT-5 compete in elite CTF cybersecurity competitions. In one of this year's hardest events, it outperformed 93% of humans finishing...

x86-exploitation-lab

It is an offensive tool for x86 exploitation. This repository co...

Creating a Linux Application Using VSCodium, Cline, OpenRouter, and Claude

In March I created a Windows Application Using Visual Studio Code, Cline, OpenRouter, and Claude. This was a program that created square screen captures. The user doesn't need to manually ensure the dimensions are a square. The program makes the window grow and shrink while keeping the length equ...

New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea

The North Korea-linked threat actor known as Kimsuky has distributed a previously undocumented backdoor codenamed HttpTroy as part of a likely spear-phishing attack targeting a single victim in South Korea. Gen Digital, which disclosed details of the activity, did not reveal any details on when t...

PT-2025-44887

Name of the Vulnerable Software and Affected Versions watchOS versions prior to 26.1 iOS versions prior to 26.1 iPadOS versions prior to 26.1 visionOS versions prior to 26.1 Description A privacy issue existed where a malicious application could potentially capture screenshots of sensitive...

Astra Linux - уязвимость в wireshark

Memory handling issue in editcap could cause denial of service via crafted capture file...

Astra Linux - уязвимость в wireshark

Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file...

Astra Linux - уязвимость в wireshark

FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file...

Astra Linux - уязвимость в wireshark

Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file...

Astra Linux - уязвимость в wireshark

GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file...

CVE-2025-64149

A cross-site request forgery CSRF vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

drm/i915: Fix request ref counting during error capture & debugfs dump

...

CVE-2025-64149

A cross-site request forgery CSRF vulnerability in Jenkins Publish to Bitbucket Plugin 0.4 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Jenkins Publish to Bitbucket Plugin 安全漏洞

Jenkins Publish to Bitbucket Plugin is an automated publishing plugin for Jenkins open source. A security vulnerability exists in Jenkins Publish to Bitbucket Plugin version 0.4 and earlier, which stems from vulnerability to a cross-site request forgery attack that could lead to the capture of...

PT-2025-44298

Name of the Vulnerable Software and Affected Versions Jenkins Publish to Bitbucket Plugin versions 0.4 and earlier Description A cross-site request forgery CSRF flaw exists in the Jenkins Publish to Bitbucket Plugin. This issue allows attackers to connect to a URL specified by the attacker,...

Covert Surveillance in Smart Devices: A SCOUR Framework Analysis of Youth Privacy Implications

This paper investigates how smart devices covertly capture private conversations and discusses in more in-depth the implications of this for youth privacy. Using a structured review guided by the PRISMA methodology, the analysis focuses on privacy concerns, data capture methods, data storage and...

Exploit for CVE-2025-59287

wsus-decoy Defensive proof of concept decoy for CVE-2025-5928...