From summer camp to grind season

Welcome to this week's edition of the Threat Source newsletter. This is the way the world ends This is the way the world ends This is the way the world ends Not with a bang but a whimper. - T.S. Eliot So this is how Summer Camp 2025 ends, not with a bang but a whimper. We've put the summer behind...

CVE-2025-41033

creationtimestamp| type| source ---|---|--- 2025-09-04 13:15:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxza3abjzu2n...

Moderate: Red Hat Security Advisory: qt5-qt3d security update

An update for qt5-qt3d is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CISA Adds TP-Link Wi-Fi and WhatsApp Spyware Flaws to KEV List

CISA updates its KEV List with TP-Link Wi-Fi extender and WhatsApp spyware flaws, urging users and agencies to…...

PT-2025-35879

Name of the Vulnerable Software and Affected Versions: Android WLAN versions prior to 2025-09-05 on Google Pixel devices Description: A privilege escalation issue exists in the WLAN component of Android on Google Pixel devices. This allows for unauthorized access to system resources...

PT-2025-35887

Name of the Vulnerable Software and Affected Versions: Android WLAN versions prior to 2025-09-05 on Google Pixel devices Description: A privilege escalation issue exists in the WLAN component of Android running on Google Pixel devices. This allows for unauthorized elevation of privileges...

PayPal users targeted in account profile scam

A co-worker forwarded this rather convincing PayPal scam to me. Thanks Elena. A highly sophisticated email scam is targeting PayPal users with the subject line of "Set up your account profile." We decided to see what the scammers are after. First thing to do is to look at the headers: The sender...

Ubuntu: Security Advisory (USN-7726-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7729-1: KDE PIM vulnerabilities

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that the KMail application of KDE PIM could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Und...

Linux Distros Unpatched Vulnerability : CVE-2025-2092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions 2.3.0p29, 2.2.0p41 and =2.1.0p49 EOL causes remote site authentication secre...

xillen-exploit-dev

Xillen Exploit Dev Инструмент для разработки и тестирован...

Travelers to the UK targeted in ETA scams

Since January 8, 2025, travelers from most countries, including the US, Australia, and Canada have to apply for an Electronic Travel Authorisation ETA for visa free travel to the UK. You can apply for an Electronic Travel Authorisation using the ETA App, or via an online form. When you apply for ...

USN-7725-2: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Overlay file system; - Network traffic control; CVE-2025-21887, CVE-2024-57996, CVE-2025-38350, CVE-2025-37752...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2021-23336...

MAL-2025-41487 Malicious code in @twork-data-services/compnay-api-v1-company-rosbank-cib (npm)

--- -= Per source details. Do not edit below this line.=-...

Ethereum Crypto Wallets under Address Poisoning: How Usable and Secure Are They?

Blockchain address poisoning is an emerging phishing attack that crafts "similar-looking" transfer records in the victim's transaction history, which aims to deceive victims and lure them into mistakenly transferring funds to the attacker. Recent works have shown that millions of Ethereum users...

Intel Local Manageability Service Advisory - Lenovo Support US

No description provided...

Exploit for Code Injection in Xwiki

CVE-2025-24893 - XWiki Remote Code Execution RCE An updated...

OESA-2025-1878 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence,...

Assessment of Quantitative Cyber-Physical Reliability of SCADA Systems in Autonomous Vehicle to Grid (V2G) Capable Smart Grids

The integration of electric vehicles EVs into power grids via Vehicle-to-Grid V2G system technology is increasing day by day, but these phenomena present both advantages and disadvantages. V2G can increase grid reliability by providing distributed energy storage and ancillary services. However, o...