RVTools Official Site Hacked to Deliver Bumblebee Malware via Trojanized Installer

The official site for RVTools has been hacked to serve a compromised installer for the popular VMware environment reporting utility. "Robware.net and RVTools.com are currently offline. We are working expeditiously to restore service and appreciate your patience," the company said in a statement...

Malicious code in babel-loader-fs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1700e85206eea0c06ca2bedd5155e402644feb176d29155bb5194ebaa3096336 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3985 Malicious code in babel-loader-fs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1700e85206eea0c06ca2bedd5155e402644feb176d29155bb5194ebaa3096336 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AZL-61877 CVE-2025-4802 affecting package glibc for versions less than 2.38-14

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

DEBIAN-CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

SUSE CVE-2025-4664

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

Updated June 5, 2025 CISA is continually collaborating with partners across government and the private sector. Through this collaboration, CISA learned that CVE-2025-4664 has not been exploited and there is insufficient evidence to keep this CVE on the KEV and that the best course of action is to...

New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy

Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 CVSS score: 4.3, has been characterized as a case of insufficient policy...

Information Exposure

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Information Exposure via the Loader component. An attacker can leak sensitive cross-origin data by crafting...

DEBIAN-CVE-2025-4664

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google to provide a fast and secure browsing experience. Google Chrome suffers from an information disclosure vulnerability that stems from insufficient policy enforcement in Loader. An attacker can exploit the vulnerability to obtain cross-origin data...

VulnCheck KEV: CVE-2025-4664

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

grub2: fs/hfs+: refcount can be decremented twice

A flaw was found in grub2. When failing to mount an HFS+ grub, the hfsplus filesystem driver doesn't properly set an ERRNO value. This issue may lead to a NULL pointer access...

grub2 security update

An update is available for grub2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a...

RLSA-2025:2867 Important: grub2 security update

The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2: net:...

Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal

During our monitoring of Agenda ransomware activities, we uncovered campaigns that made use of the SmokeLoader malware and a new loader we've named NETXLOADER...

graphql-ruby: Remote code execution when loading a crafted GraphQL schema

A flaw was found in graphql-ruby. In affected versions of graphq-ruby, loading a malicious schema definition in the GraphQL::Schema.fromintrospection or the GraphQL::Schema::Loader.load can cause remote code execution. Any system that loads a schema by JSON from an untrusted source is vulnerable,...

UBUNTU-CVE-2025-47256

Libxmp through 4.6.2 has a stack-based buffer overflow in depackpha in loaders/prowizard/pha.c via a malformed Pha format tracker module in a .mod file...

Malicious code in haml-jst-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0d8ca2db3fdc34877d4cbc9c4b109a713c2d744251b47b95621df2db46fc5fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3622 Malicious code in haml-jst-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0d8ca2db3fdc34877d4cbc9c4b109a713c2d744251b47b95621df2db46fc5fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...