Inside the attack chain: Threat activity targeting Azure Blob Storage

Azure Blob Storage, like any object data service, is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads. Organizations of all sizes use Blob Storage to support key workloads—such as AI, high...

CVE-2025-40016

CVE-2025-40016 affects the Linux kernel uvcvideo path. The fix marks entities with invalid IDs (UVC_INVALID_ENTITY_ID) to enforce non-zero unique IDs for Units and Terminals as required by UVC 1.1+. The change aims to prevent invalid or duplicate IDs (e.g., 0x00 or repeated IDs) from propagating ...

kernel: sunrpc: fix client side handling of tls alerts

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...

CVE-2025-40004

In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying allows a malicious...

CVE-2025-40004 net/9p: Fix buffer overflow in USB transport layer

In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying allows a malicious...

CVE-2025-40004

CVE-2025-40004 describes a Linux kernel vulnerability in the USB 9pfs transport layer (net/9p) where buffer overflow can occur due to inconsistent size validation between header parsing and data copying. Specifically, usb9pfs_rx_header() validates only the declared packet size, while usb9pfs_rx_c...

kernel: sunrpc: fix handling of server side tls alerts

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tlsalertrecv due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-da...

SUSE-SU-2025:03646-1 Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP7)

This update for the Linux Kernel 6.4.0-15070078 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...

F5 BIG-IP SSL/TLS Profile Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A denial-of-service vulnerability exists in the SSL/TLS module of BIG-IP. The vulnerability arises because when configuring a...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the flow control management process while overriding onAboveWriteBufferHighWatermark and onBelowWriteBufferLowWatermark callbacks. An attacker can cause a crash of the TCP connection pool by sending large...

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

CVE-2025-61951

Undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. This issue may occur when a Datagram Transport Layer Security DTLS 1.2 virtual server is enabled with a Server SSL profile that is configured with a certificate, key, and the SSL Sign Hash set to ANY, and the backe...

CVE-2025-61974

When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-6338 Possible denial of service with multiple incoming connections to a Schannel based server with a TLS backend

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2...

CVE-2025-6338 Possible denial of service with multiple incoming connections to a Schannel based server with a TLS backend

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2...

Malicious Package

Overview notification-layer is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2025-55084

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check innxsecuretlsprocclienthellosupportedversionsextension in the extension version field...

Information Disclosure

typo3/cms-core is vulnerable to Information Disclosure. The vulnerability is due to improper handling of error messages in the File Abstraction Layer, which exposes full file paths during failed file-system operations, allowing an attacker to disclose sensitive system information...

CVE-2025-55084 Out of bound read in _nx_secure_tls_proc_clienthello_supported_versions_extension()

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check innxsecuretlsprocclienthellosupportedversionsextension in the extension version field...

CVE-2025-55084 Out of bound read in _nx_secure_tls_proc_clienthello_supported_versions_extension()

In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check innxsecuretlsprocclienthellosupportedversionsextension in the extension version field...