Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics

In this blog entry, Trend™ Research analyses the layered command-and-control approaches that Lumma Stealer uses to maintain its ongoing operations while enhancing collection of victim-environment data...

PT-2025-46915

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus REST API exhibits differing error messages when accessing existing but unauthorized collections versus non-existent collections via the /items/collection API endpoint. This discrepancy...

PT-2025-46914

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus allows authenticated users to search concealed or sensitive fields when they have read permissions. While the actual values are masked, successful matches can be detected through returned...

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from a REST API error message discrepancy that could lead to the disclosure of unauthorized...

EUVD-2025-124933

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid migrating empty section It reports a bug from device w/ zufs: F2FS-fs dm-64: Inconsistent segment 173822 type 1, 0 in SSA and SIT F2FS-fs dm-64: Stopped filesystem due to reason: 4 Thread A Thread B -...

CVE-2025-40150

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid migrating empty section It reports a bug from device w/ zufs: F2FS-fs dm-64: Inconsistent segment 173822 type 1, 0 in SSA and SIT F2FS-fs dm-64: Stopped filesystem due to reason: 4 Thread A Thread B -...

UBUNTU-CVE-2025-40150

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid migrating empty section It reports a bug from device w/ zufs: F2FS-fs dm-64: Inconsistent segment 173822 type 1, 0 in SSA and SIT F2FS-fs dm-64: Stopped filesystem due to reason: 4 Thread A Thread B -...

CVE-2025-40150 f2fs: fix to avoid migrating empty section

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid migrating empty section It reports a bug from device w/ zufs: F2FS-fs dm-64: Inconsistent segment 173822 type 1, 0 in SSA and SIT F2FS-fs dm-64: Stopped filesystem due to reason: 4 Thread A Thread B -...

CVE-2025-40150 f2fs: fix to avoid migrating empty section

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid migrating empty section It reports a bug from device w/ zufs: F2FS-fs dm-64: Inconsistent segment 173822 type 1, 0 in SSA and SIT F2FS-fs dm-64: Stopped filesystem due to reason: 4 Thread A Thread B -...

CVE-2025-40150

The CVE-2025-40150 entries describe a Linux kernel F2FS issue where a race between fallocate on a pinning file and block allocation can migrate a just-allocated segment, causing mismatch between in-memory SIT and on-disk SSA (example segno 173822). The root cause is a race in garbage collection t...

PT-2025-46625

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the f2fs filesystem related to segment migration. A race condition can occur during file allocation and garbage collection, specifically when a...

kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections

In the Linux kernel, the following vulnerability has been resolved: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections A report in 2019 by the syzbot fuzzer was found to be connected to two errors in the HID core associated with Resolution Multipliers. One of the...

kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections

In the Linux kernel, the following vulnerability has been resolved: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections A report in 2019 by the syzbot fuzzer was found to be connected to two errors in the HID core associated with Resolution Multipliers. One of the...

Introducing Nylon Face Mask Attacks: A Dataset for Evaluating Generalised Face Presentation Attack Detection

Face recognition systems are increasingly deployed across a wide range of applications, including smartphone authentication, access control, and border security. However, these systems remain vulnerable to presentation attacks PAs, which can significantly compromise their reliability. In this wor...

PT-2025-49020

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s AF UNIX garbage collection mechanism could incorrectly collect a receive queue of an active socket. This occurs due to a failure to initialize the scc index in the uni...

Exploit for OS Command Injection in Vsftpd_Project Vsftpd

Task-4-Exploitation-System-Security Internship: ApexPlanet —...

CVE-2025-64338 ClipBucket's Manage Photos Feature is Vulnerable to Stored XSS via Collection Name

ClipBucket v5 is an open source video sharing platform. In versions 5.5.2 - 156 and below, an authenticated regular user can create a photo collection whose Collection Name contains HTML/JavaScript payloads, which making ClipBucket’s Manage Photos feature vulnerable to Stored XSS. The payload is...

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service

A denial of service flaw has been discovered in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete...

tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Denial of service

A denial of service flaw has been discovered in Apache Tomcat. If an error occurred including exceeding limits during the processing of a multipart upload, temporary copies of the uploaded parts written to disc were not cleaned up immediately but left for the garbage collection process to delete...

CVE-2025-62715

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-147 and below contain a stored Cross-Site Scripting XSS vulnerability in ClipBucket’s Collection tags feature. An authenticated normal user can create a tag containing HTML or JavaScript, which is later rendered unescaped in...