CVE-2025-4277

Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level...

Linux Distros Unpatched Vulnerability : CVE-2025-38451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix GPF in bitmapgetstats The commit message of commit 6ec1f0239485...

Linux Distros Unpatched Vulnerability : CVE-2022-49876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix general- protection-fault in ieee80211subifstartxmit When device is...

Linux Distros Unpatched Vulnerability : CVE-2025-38117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: MGMT: Protect mgmtpending list with its own lock This uses a mutex to protect from concurrent access of mgmtpending list which can cause crashes like...

Linux Distros Unpatched Vulnerability : CVE-2021-47055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOC...

Linux Distros Unpatched Vulnerability : CVE-2022-48822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: ffs: Fix use-after-free for epfile Consider a case where ffsfuncepsdisable is called fr...

Malicious code in auth-jwt-csrf-kinetic (npm)

The package auth-jwt-csrf-kinetic was found to contain malicious code...

MAL-2025-15085 Malicious code in auth-jwt-csrf-kinetic (npm)

The package auth-jwt-csrf-kinetic was found to contain malicious code...

CVE-2025-24835

Protection mechanism failure in the IntelR Graphics Driver for the IntelR ArcTM B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of service via local access...

Have You Turned Off Your Virtual Oven?

You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlike...

New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits

Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication NFC to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil. "PhantomCard relays NFC data from a victim's banking card t...

CVE-2025-5998

The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...

PT-2025-33295 · Espec North America · Espec North America Web Controller 3

Name of the Vulnerable Software and Affected Versions: ESPEC North America Web Controller 3 versions prior to 3.3.8 Description: An attacker with physical access can gain elevated privileges due to the lack of protection for GRUB and the BIOS. Recommendations: Update ESPEC North America Web...

PT-2025-33136 · WordPress · Ppwp – Password Protect Pages

Name of the Vulnerable Software and Affected Versions: PPWP – Password Protect Pages WordPress plugin versions prior to 1.9.11 Description: The PPWP – Password Protect Pages WordPress plugin prior to version 1.9.11 allows site content to be placed behind password authorization; however, users wit...

ROS-20250814-01

A vulnerability in the MediaWiki hypertext environment implementation software exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow an attacker, acting remotely, to conduct a cross-site scripting XSS attack...

Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics

Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East's public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of...

MetaGuardian: Enhancing Voice Assistant Security through Advanced Acoustic Metamaterials

We present MetaGuardian, a voice assistant VA protection system based on acoustic metamaterials. MetaGuardian can be directly integrated into the enclosures of various smart devices, effectively defending against inaudible, adversarial and laser attacks without relying on additional software...

CVE-2025-24835

Protection mechanism failure in the IntelR Graphics Driver for the IntelR ArcTM B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of service via local access...

UBUNTU-CVE-2025-22889

Improper handling of overlap between protected memory ranges for some IntelR XeonR 6 processor with IntelR TDX may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2025-24835

Protection mechanism failure in the IntelR Graphics Driver for the IntelR ArcTM B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of service via local access...