1157 matches found
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the moniker StrikeShark , said the...
CVE-2026-53113
A flaw was found in the Linux kernel's ath11k Wi-Fi driver. Specifically, the ath11kmacsetupbcntmplema and ath11kmacsetupbcntmplmbssid functions, responsible for setting up beacon templates, fail to release allocated memory when an error occurs during parameter setup. This oversight can lead to...
MAL-2026-6512 Malicious code in react-context-form-tdsss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a53e75a65681ee9ea818634ddee1ed52c6c8398dbd68e2b6abca255b24aaf37 [email protected] is a dependency-confusion payload. package.json declares scripts.preinstall="node index.js", and index.js issues an...
EUVD-2026-38981
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leaks in beacon template setup The functions ath11kmacsetupbcntmplema and ath11kmacsetupbcntmplmbssid allocate memory for beacon templates but fail to free it when parameter setup returns an error. Since...
EUVD-2026-38980
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never...
Malicious code in hs-locale-management (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d717c264a1c338c3b3fee43c13e43eba24cafbdabf34f62108bbd99e05c6b1b Package targets the internal-sounding name 'hs-locale-management' on the public npm registry at an inflated version 99.99.99-poc3, the canonical...
MAL-2026-6394 Malicious code in hs-locale-management (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d717c264a1c338c3b3fee43c13e43eba24cafbdabf34f62108bbd99e05c6b1b Package targets the internal-sounding name 'hs-locale-management' on the public npm registry at an inflated version 99.99.99-poc3, the canonical...
MAL-2026-6295 Malicious code in kdrive-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7d5af5ddf22d4481fca4847a45189e6160a723341b32dcbb6bf51b49f53943 package.json declares a preinstall lifecycle script that auto-executes on npm install and runs wget -q -O-...
Malicious code in kdrive-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e7d5af5ddf22d4481fca4847a45189e6160a723341b32dcbb6bf51b49f53943 package.json declares a preinstall lifecycle script that auto-executes on npm install and runs wget -q -O-...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed an out-of-bounds read during the parsing of the OnBeacon Extended Supported Rates ESR extension. The handling of the ESR extension during the OnBeacon phase involves accessing p + 1 + ielen and p + 2 +...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Do not finalize the CSA in IBSS mode if the state is disconnected. When we are not connected to a channel, sending the “switch” announcement doesn’t make any sense. The BSS list is empty in that case. This causes...
Astra Linux – Vulnerabilities in Linux, Linux-6.1, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: wfx: Fixed a possible NULL pointer dereferencing in wfxsetmfpap. Since 'ieee80211beaconget' may return NULL, wfxsetmfpap should check the return value before examining the skb data. Therefore, the latter function should...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211: A use-after-free issue was addressed in the cmpbss function. This issue was introduced due to a quiriness related to the bssfree function introduced in commit 776b3580178f „cfg80211: Properly track hidden SSID...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtw89 – fixed the potential zero beacon interval in beacon tracking. During fuzz testing, it was discovered that bssconf-beaconint might be zero, which could lead to a division by zero error in subsequent calculations. If t...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: rt2x00 – The beacon queue is restarted when a hardware reset occurs. When a hardware reset is triggered, all registers are reset, causing all queues to be stopped in the hardware interface. However, mac80211 does not...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames sent to non-broadcast addresses Beacon frames are required to be sent to the broadcast address. See IEEE Std 802.11-2020, 11.1.3.1: “The ‘Address 1’ field of the Beacon frame shall be set to...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8192e: Fixed a deadlock in rtllibbeaconsstop. There is a deadlock in rtllibbeaconsstop, as shown below: Thread 1 | Thread 2 | rtllibsendbeacon rtllibbeaconsstop | modtimer spinlockirqsave //1 | Wait for a whi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: wifi: ath12k: Avoid accessing uninitialized arvif-ar during beacon missed situations. During beacon missed handling, the ath12k driver iterates over active virtual interfaces vifs and attempts to access the radio object ar via...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mac80211-hwsim: fixed the handling of late hrtimer events. Thomas explained in https://loreKernel.org/r/87mtoeb4hb.ffs@tglx that our current handling of hrtimer is incorrect. If the timer fires late—for example, due to vCPU...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9khtc: Abort software beacon handling if disabled. A malicious USB device can send an WMISWBAEVENTID event from an ath9khtc-managed device before beaconing is enabled. This causes a device-by-zero error in the driver,...