GHSA-V39F-C9JJ-8W7H

creationtimestamp| type| source ---|---|--- 2025-02-27 17:25:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5720 2025-02-27 18:18:44+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114077225711677534...

Elon Musk’s DOGE Is Being Sued Under the Privacy Act: What to Know

At least eight ongoing lawsuits related to the so-called Department of Government Efficiency’s alleged access to sensitive data hinge on the Watergate-inspired Privacy Act of 1974. But it’s not airtight...

On Generative AI Security

Microsoft's AI Red Team just published "Lessons from Red Teaming 100 Generative AI Products." Their blog post lists "three takeaways," but the eight lessons in the report itself are more useful: 1. Understand what the system can do and where it is applied. 2. You don't have to compute gradients t...

CGA-HPHQ-2HMC-336V

Bulletin has no description...

CVE-2024-56788

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: oatc6: fix tx skb race condition between reference pointers There are two skb pointers to manage tx skb's enqueued from n/w stack. waitingtxskb pointer points to the tx skb which needs to be processed and...

CVE-2024-56788 net: ethernet: oa_tc6: fix tx skb race condition between reference pointers

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: oatc6: fix tx skb race condition between reference pointers There are two skb pointers to manage tx skb's enqueued from n/w stack. waitingtxskb pointer points to the tx skb which needs to be processed and...

CVE-2025-22139

creationtimestamp| type| source ---|---|--- 2025-01-08 18:31:23+00:00| seen| https://infosec.exchange/users/cve/statuses/113794159917395964 2025-01-08 19:16:05+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfausq4ppg2m 2025-01-08 19:48:16+00:00| seen|...

CVE-2024-12302

creationtimestamp| type| source ---|---|--- 2025-01-06 06:03:27+00:00| seen| https://infosec.exchange/users/cve/statuses/113779894279783962 2025-01-06 06:15:32+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf2ib65k4k22 2025-01-06 06:40:14+00:00| seen|...

CVE-2024-11716

While assignment of a user to a team bracket in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releas...

PT-2025-3335

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between reference pointers in the Linux kernel's ethernet oa tc6 module. This issue arises from the management of two skb pointers: waiting tx skb and ongoing tx...

CVE-2024-10704

creationtimestamp| type| source ---|---|--- 2024-11-29 06:04:04+00:00| seen| https://infosec.exchange/users/cve/statuses/113564728926318669...

CVE-2024-11677

creationtimestamp| type| source ---|---|--- 2024-11-26 01:38:11+00:00| seen| https://infosec.exchange/users/cve/statuses/113546696559074476...

GHSA-42W6-R45M-9W9J

creationtimestamp| type| source ---|---|--- 2024-11-15 16:54:49+00:00| seen| https://infosec.exchange/users/cve/statuses/113488015417639445...

DeltaPrime Suffers $5.98M Loss as Hacker Exploits Admin Key on Arbitrum

The attack is ongoing...

The Facts About Continuous Penetration Testing and Why It's Important

What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing CASPT is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital...

CVE-2022-48901 btrfs: do not start relocation until in progress drops are done

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our file systems in production. I reproduced this locally by injecting errors into snapshot delete with...

SUSE CVE-2024-37078

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeback end routine...

PocketBase performs password auth and OAuth2 unverified email linking

In order to be exploited you must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: - a malicious actor register with the targeted user's email it is unverified - at some later point in time the targeted user stumble on your app and decides to sign-up with...

CVE-2024-38351 Password auth and OAuth2 unverified email linking

Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...

Truist bank confirms data breach

On Wednesday June 12, 2024, a well-known dark web data broker and cybercriminal acting under the name "Sp1d3r" offered a significant amount of data allegedly stolen from Truist Bank for sale. Truist is a US bank holding company and operates 2,781 branches in 15 states and Washington DC. By assets...