Technical Report: Exploring the Emerging Threats of the Agent Skill Ecosystem

We analyzed 3,984 AI agent skills from major marketplaces and found 76 confirmed malicious payloads, including credential theft, backdoor installation, and data exfiltration. 13.4% of all skills contain at least one critical-level security issue and at least 8 manually confirmed malicious skills...

CVE-2025-53475

creationtimestamp| type| source ---|---|--- 2025-07-10 10:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-191-08...

CVE-2025-38242

In the Linux kernel, the following vulnerability has been resolved: mm: userfaultfd: fix race of userfaultfdmove and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUGON in commit c50f8e6053b0, we may see the same BUGON if the filemap lookup...

CVE-2025-38242 mm: userfaultfd: fix race of userfaultfd_move and swap cache

In the Linux kernel, the following vulnerability has been resolved: mm: userfaultfd: fix race of userfaultfdmove and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUGON in commit c50f8e6053b0, we may see the same BUGON if the filemap lookup...

CVE-2022-50206

In the Linux kernel, the following vulnerability has been resolved: arm64: fix oops in concurrently setting insnemulation sysctls emulationprochandler changes table-data for procdointvecminmax and can generate the following Oops if called concurrently with itself: | Unable to handle kernel NULL...

TencentOS Server 3: thunderbird (TSSA-2023:0239)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0239 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Zero Critical Issues, Infinite Security Potential

Over 50% of Wiz customers have reduced their cloud risk by reaching Zero Critical Issues...

APSB25-52 : Security update available for Adobe ColdFusion

Adobe has released security updates for ColdFusion versions 2025, 2023 and 2021. These updates resolve critical, important and moderate vulnerabilities that could lead to arbitrary file system read, arbitrary code execution and privilege escalation...

Advisory ROSA-SA-2025-2797

Software: expat 2.2.5 OS: ROSA Virtualization 3.0 packageevrstring: expat-2.2.5-16.0.1.rv30 CVE-ID: CVE-2022-23990 BDU-ID: 2022-00999 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the doProlog function of the Expat library is related to integer overflow. Exploitation of the vulnerability could...

Ubuntu: Security Advisory (USN-7407-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-21984 mm: fix kernel BUG when userfaultfd_move encounters swapcache

In the Linux kernel, the following vulnerability has been resolved: mm: fix kernel BUG when userfaultfdmove encounters swapcache userfaultfdmove checks whether the PTE entry is present or a swap entry. - If the PTE entry is present, movepresentpte handles folio migration by setting: srcfolio-inde...

Ubuntu: Security Advisory (USN-7322-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-P269-768C-9733 vulnerabilities

Vulnerabilities for packages: chromium...

GHSA-VC4J-MG9W-74CH vulnerabilities

Vulnerabilities for packages: mysql...

GHSA-57MH-HH97-HPF2 vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-25-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-17-openj9...

GHSA-3VRW-MCG3-47V6 vulnerabilities

Vulnerabilities for packages: mysql...

Fast Deployments, Secure Code: Watch this Learn to Sync Dev and Sec Teams

Ever felt like your team is stuck in a constant battle? Developers rush to add new features, while security folks worry about vulnerabilities. What if you could bring both sides together without sacrificing one for the other? We invite you to our upcoming webinar, "Opening the Fast Lane for Secur...

Mageia: Security Advisory (MGASA-2025-0032)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-2VPQ-FH52-J3WV vulnerabilities

Vulnerabilities for packages: datadog-agent-fips, datadog-agent, airflow...

openSUSE: Security Advisory for gstreamer (SUSE-SU-2025:0070-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...