New Android Banking Trojan "Klopatra" Uses Hidden VNC to Control Infected Smartphones

A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan RAT in late August 2025, sa...

kernel: ipv6: mcast: extend RCU protection in igmp6_send()

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6send igmp6send can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use...

Securing IoT Devices in Smart Cities: A Review of Proposed Solutions

Privacy and security in Smart Cities remain at constant risk due to the vulnerabilities introduced by Internet of Things IoT devices. The limited computational resources of these devices make them especially susceptible to attacks, while their widespread adoption increases the potential impact of...

PT-2025-40133

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s mm/uffd module. Specifically, a warning can occur when PTE MARKER UFFD WP is not compiled in, potentially leading to unexpected behavior. The issue...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the failure to lock-protect the numrdy parameter, which could lead to data contention...

PT-2025-40224

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.3.0.neta Description The Linux kernel contains a flaw in the tipc Trusted Inter-Process Communication subsystem related to Maximum Transmission Unit MTU negotiation. A malicious peer could potentially send an...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of mutual exclusion lock protection and could cause the kernel to crash...

SUSE CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

Imperva Enhances Client-Side Protection to Help You Stay Ahead of PCI-DSS Compliance

When the latest PCI DSS 4.0 requirements came into full effect in March 2025, organizations processing cardholder data faced new obligations to protect payment pages from client-side risks. Requirements such as 6.4.3 script inventory, authorization, and integrity monitoring and 11.6.1 detection o...

kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

Google’s Latest AI Ransomware Defense Only Goes So Far

Google has launched a new AI-based protection in Drive for desktop that can shut down an attack before it spreads—but its benefits have their limits...

CVE-2025-8118

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: logincount and logintimeout. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting those cookies. This issue...

CVE-2025-8118

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: logincount and logintimeout. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting those cookies. This issue...

CVE-2025-8118 Bruteforce Protection Bypass in PAD CMS

PAD CMS implements weak client-side brute-force protection by utilizing two cookies: logincount and logintimeout. Information about attempt count or timeout is not stored on the server, which allows a malicious attacker to bypass this brute-force protection by resetting those cookies. This issue...

Hitachi Energy MSM

SUMMARY Hitachi Energy is aware of open-source software vulnerabilities that affect MSM product versions listed below. If exploited, these vulnerabilities could result in XSS and DoS attacks, potentially causing confidentiality, integrity and availability impact to MSM. Please refer to the...

kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix race condition on qfqaggregate A race condition can occur when 'agg' is modified in qfqchangeagg called during qfqenqueue while other threads access it concurrently. For example, qfqdumpclass may trigger a...

PT-2025-39967

Name of the Vulnerable Software and Affected Versions PAD CMS affected versions not specified Description The software utilizes weak client-side brute-force protection relying on cookies, specifically login count and login timeout. The attempt count and timeout information are not stored...

Polska Akademia Dostępności CMS 安全漏洞

Polska Akademia Dostępności CMS is an accessible web content management system from Polska Akademia Dostępności, Poland. A security vulnerability exists in Polska Akademia Dostępności CMS that stems from a weak client-side brute force protection mechanism that can be bypassed by an attacker by...

CVE-2025-56132

LiquidFiles pre-4.2 is affected by a user-enumeration vulnerability in the password reset flow. Distinguishable responses to valid vs. invalid emails allow unauthenticated attackers to enumerate registered users. Upgrading to 4.2+ remedies this with user-based lockout and less informative errors;...

ROS-20250929-09

AMD processor firmware vulnerability is related to insufficient protection of service data. data. Exploitation of the vulnerability could allow an intruder to disclose protected information AMD processor firmware vulnerability is related to insufficient protection of service data. data...