Security update for nvidia-open-driver-G06-signed

This update for nvidia-open-driver-G06-signed fixes the following issues: Update CUDA variant to 570.133.20 Update non-CUDA variant to 570.144 bsc1241231 Update non-CUDA variant to 570.133.07 bsc1239653 removed obsolete kernel-firmware-nvidia-gspx-G06-cuda; firmware has moved to nvidia-common-G06...

Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. The Wordfence Threat Intelligence team recently discovered an interestin...

CVE-2025-32492

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Eliot Akira Admin Menu Post List admin-menu-post-list allows Stored XSS.This issue affects Admin Menu Post List: from n/a through = 2.0.7...

SUSE CVE-2023-52997

In the Linux kernel, the following vulnerability has been resolved: ipv4: prevent potential spectre v1 gadget in ipmetricsconvert if !type continue; if type RTAXMAX return -EINVAL; ... metricstype - 1 = val; @type being used as an array index, we need to prevent cpu speculation or risk leaking...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a Spectre v1 attack risk in netlink attribute parsing...

China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation

Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Centr...

Linux Distros Unpatched Vulnerability : CVE-2022-29901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary...

New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection

A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of...

python-django: Potential denial-of-service in django.utils.translation.get_supported_language_variant()

A vulnerability was found in Python-Django in the getsupportedlanguagevariant function. The issue triggers when parsed with very long strings, including a specific set of characters, leading to a potential denial of service attack...

DEBIAN-CVE-2025-25188

Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validati...

CVE-2021-37649

TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...

CVE-2025-21677

In the Linux kernel, the following vulnerability has been resolved: pfcp: Destroy device along with udp socket's netns dismantle. pfcpnewlink links the device to a list in devnetdev instead of net, where a udp tunnel socket is created. Even when net is removed, the device stays alive on devnetdev...

Active Exploitation: New Aquabot Variant Phones Home

...

Active Exploitation: New Aquabot Variant Phones Home

...

New Mirai Variant Murdoc_Botnet Launches DDoS Attacks via IoT Exploits

This article explores the recent campaign of MurdocBotnet, a malware variant of Mirai targeting vulnerable AVTECH and Huawei…...

The vulnerability of the Demon Routing Protocol Daemon (RPD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the Demon Routing Protocol Daemon RPD in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to insufficient handling of exceptional states. Exploiting this vulnerability allows a malicious actor to trigger a Denial-of-Service attack by sending...

FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks

Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten aka Tsunami variant called CAPSAICIN. "These botnets are frequently spread through documented D-Link...

PT-2024-40510 · Glib · Glib

Name of the Vulnerable Software and Affected Versions: glib versions 0.15.0 and later Description: The VariantStrIter::impl get function was unsound, resulting in undefined behavior due to an immutable reference being passed to a C function that mutates the pointer in-place. This caused crashes d...

BellaCPP: Discovering a new BellaCiao variant written in C++

Introduction BellaCiao is a .NET-based malware family that adds a unique twist to an intrusion, combining the stealthy persistence of a webshell with the power to establish covert tunnels. It surfaced for the first time in late April 2023 and has since been publicly attributed to the APT actor...

The vulnerability of the es_browser_get_variant() function in the universal monitoring system Zabbix allows a attacker to trigger a Denial-of-Service Attack (DoS).

The vulnerability of the esbrowsergetvariant function in the universal monitoring system Zabbi is related to the use of memory after it is freed. Exploiting this vulnerability could allow a attacker to trigger a Denial-of-Service attack...