Release Information for Veeam ONE 13.0.1 RTM Patch 0

Update Applicability This "Patch 0" update for Veeam ONE 13.0.1 is strictly intended for deployments using the RTM release build 13.0.1.5860. If Veeam ONE 13.0.1 GA build 13.0.1.5924 is installed, this update can be ignored as it is not needed. All resolved issues listed in this article were foun...

A Perfect Storm: DDoS Attack Hits Turkish Luxury Retailer During Fall Collection Launch

When high-stakes events meet unprecedented attack volumes, disruption can be devastating. A Turkish luxury retail platform experienced this firsthand when it was hit with a record-breaking application-layer DDoS attack, peaking at 14.2 million requests per second RPS. This marks the largest DDoS...

RUSTSEC-2025-0121 gcc crate is unmaintained

The gcc crate is deprecated and no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - cc...

macos-collector - Automated Collection of macOS Forensic Artifacts for DFIR

macos-collector.sh is a Shell script utilized to collect macOS Forensic Artifacts from a compromised macOS endpoint using primarily Aftermath by Jamf Threat Labs...

Updated botan2 packages fix security vulnerability

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

CVE-2025-64749

Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The /items/collection API returns different error messages for two cases: when a user...

Chinese Hackers Use Anthropic's AI to Launch Automated Cyber Espionage Campaign

State-sponsored threat actors from China used artificial intelligence AI technology developed by Anthropic to orchestrate automated cyber attacks as part of a "highly sophisticated espionage campaign" in mid-September 2025. "The attackers used AI's 'agentic' capabilities to an unprecedented degre...

SUSE CVE-2025-40150

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid migrating empty section It reports a bug from device w/ zufs: F2FS-fs dm-64: Inconsistent segment 173822 type 1, 0 in SSA and SIT F2FS-fs dm-64: Stopped filesystem due to reason: 4 Thread A Thread B -...

Intel CIP Information Disclosure Vulnerability (CNVD-2025-28673)

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an information disclosure vulnerability that stems from mismanagement of privileges, which can be exploited by an attacker to cause information...

Intel CIP Improper Access Control Vulnerability

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an Improper Access Control vulnerability that can be exploited by an attacker to cause information disclosure...

Intel CIP Code Issue Vulnerability

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP has a code issue vulnerability that stems from an unrestricted upload of dangerous types of files, which can be exploited by attackers to cause data tampering...

Intel CIP elevation of privilege vulnerability (CNVD-2025-28675)

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from an uncontrolled search path, which can be exploited by an attacker to cause elevation of...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990919)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990919 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: adapt set backend to use GC transaction API Use the GC transaction API to...

Directus Vulnerable to Information Leakage in Existing Collections

Summary: An observable difference in error messaging was found in the Directus REST API. The /items/collection API returns different error messages for these two cases: 1. A user tries to access an existing collection which they are not authorized to access. 2. A user tries to access a non-existi...

CVE-2025-64749

Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The /items/collection API returns different error messages for two cases: when a user...

CVE-2025-64749

Directus REST API (version

CVE-2025-64749 Directus Vulnerable to Information Leakage in Existing Collections

Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The /items/collection API returns different error messages for two cases: when a user...

CVE-2025-64749 Directus Vulnerable to Information Leakage in Existing Collections

Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The /items/collection API returns different error messages for two cases: when a user...

CVE-2025-64749 Directus Vulnerable to Information Leakage in Existing Collections

Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The /items/collection API returns different error messages for two cases: when a user...

CVE-2025-40150

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid migrating empty section It reports a bug from device w/ zufs: F2FS-fs dm-64: Inconsistent segment 173822 type 1, 0 in SSA and SIT F2FS-fs dm-64: Stopped filesystem due to reason: 4 Thread A Thread B -...