Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The U.S. Department of Justice DoJ on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service DDoS botnet known as Kimwolf. In tandem, Jacob Butler aka Dort, 23, Ottawa, Canada, has been charged with offenses related to the developmen...

CLSA-2026-1779366970 tomcat6: Fix of CVE-2026-41284

CVE-2026-41284: tomcat6: WebDAV LOCK/PROPFIND unbounded request body DoS...

PT-2026-42812

Name of the Vulnerable Software and Affected Versions ImageMagick affected versions not specified Description A race condition in the magick -distribute-cache service allows a remote attacker to hijack a file descriptor within the server process. Recommendations At the moment, there is no...

PT-2026-42813

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The distributed pixel cache was originally designed to operate without a challenge-response authentication model, which is a security mechanism where one party...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: dlmfs: fixed error handling of userdlmdestroylock When userdlmdestroylock failed, it did not clean up the flags it set before exiting. For USERLOCKINTEARDOWN, if this function fails because the lock is still in use, the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drbd: fixed a null pointer dereferencing issue during local read operations In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix race in lowcomms This patch fixes a race condition between queuework in dlmlowcommscommitmsg and srcureadunlock. queuework may take the final reference to a dlmmsg, causing msg-idx to contain garbage, as indicated by...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drbd: Only clone the bio if there is a backing device available. The commit c347a787e34cb drbd: changed -bibdev to -bibdev in drbdreqnew moved the biosetdev call which has since been removed to an earlier stage, from...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: A condition was added for scheduling kszmibreadwork. When the ksz module is installed or removed using rmmod, the kernel crashes with a null pointer dereference error. During rmmod, the kszswitchremove functi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: fs: dlm: fixed use-after-free in midcomms commit While working on processing dlm messages in the softirq context, I encountered the following KASAN use-after-free warnings: 151.760477...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: dsa: Fixed a panic that occurred when the DSA master device unbinds during shutdown. Rafael reported that on a system with LX2160A and Marvell DSA switches, if a reboot occurs while the DSA master dpaa2-eth is active, the...

Astra Linux - уязвимость в linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fixed the potential issue of using “glock” after a file system unmount. When a DLM lockspace is released and there are still locks in that lockspace, the DLM will automatically unlock those locks. Commit fb6791d100d1b...

USN-8277-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

CVE-2026-44159

Tyler Identity Local TID-L uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021...

CVE-2026-44159

Technical details about CVE-2026-44159 are not publicly available in the provided documents. Monitor for updates from NVD/CVE records.

EUVD-2026-30937

Tyler Identity Local TID-L uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021...

Fifty Shades of Darknet

The Invisible Internet Project I2P is a peer-to-peer anonymous overlay network whose architecture includes a structurally distinct sublayer not characterized in existing security literature. We term this sublayer the Exclusive Network: nodes here host operational services and draw on I2P's routin...

GHSA-27W2-87XV-37C6 nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT

Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a TaggedSigned with a signature field whose byte length is not exactly 64. When the victim node's DHT verifier calls TaggedSigned::verify, execution reaches...

CVE-2026-41970

Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-41970

Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability...