KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception

...

atm: Fix NULL pointer dereference

...

KVM: x86: Reset IRTE to host control if *new* route isn't postable

...

KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop

...

KVM: arm64: Tear down vGIC on failed vCPU creation

...

KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses

...

x86/mce: use is_copy_from_user() to determine copy-from-user context

...

Entangled Threats: a Unified Kill Chain Model for Quantum Machine Learning Security

Quantum Machine Learning QML systems inherit vulnerabilities from classical machine learning while introducing new attack surfaces rooted in the physical and algorithmic layers of quantum computing. Despite a growing body of research on individual attack vectors - ranging from adversarial poisoni...

SUSE CVE-2025-38309

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xesvminit earlier In xevmcloseandput we need to be able to call xesvmfini, however during vm creation we can call this on the error path, before having actually initialised the svm state, leading to various splats...

Malicious code in jquery-zoomer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acbf4e3c76ef6d0551f9bcc3420755fcabf7d985871c714a3ea7cfdcb43a6d94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-21445

Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host...

CVE-2025-38322

CVE-2025-38322: Linux kernel perf/x86/intel crash fix. The issue caused a hard-lockup on Raptor Lake when perf metrics were invoked on cores not supporting perf, due to the is_topdown_event() function being used in place of is_topdown_count() during sample read after a regression introduced by co...

CVE-2025-38309 drm/xe/vm: move xe_svm_init() earlier

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xesvminit earlier In xevmcloseandput we need to be able to call xesvmfini, however during vm creation we can call this on the error path, before having actually initialised the svm state, leading to various splats...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from an attempt to recycle a poisoned page in x86/sgx, which could result in a machine check...

Phishing Detection in the Gen-AI Era: Quantized LLMs Vs Classical Models

Phishing attacks are becoming increasingly sophisticated, underscoring the need for detection systems that strike a balance between high accuracy and computational efficiency. This paper presents a comparative evaluation of traditional Machine Learning ML, Deep Learning DL, and quantized...

Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets

The Initial Access Broker IAB known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the monike...

Dell PowerFlex Manager VM 日志信息泄露漏洞

Dell PowerFlex Manager VM is a virtual machine software from Dell for managing and monitoring storage systems. A log information disclosure vulnerability exists in Dell PowerFlex Manager VM versions prior to 4.6.2.1. An attacker could exploit this vulnerability to obtain user credentials and then...

The vulnerability of the software platform for managing execution environments of Apache CloudStack, related to information disclosure, allows a hacker to gain unauthorized access to protected information.

The vulnerability of the software platform that manages virtual machine environments in Apache CloudStack is related to information disclosure. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

Malicious code in minicom-platform (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 438266ed92cf05a6d06935f682fe6a773b7f6217c6b66a0dcebfaea51e8c75d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-router-scroll-navar (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5e8e2c3b7417b2b59415f2f9ce55b82be6594510752b41c70e05cb8fff7fb243 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...