Unmasking the new persistent attacks on Japan

Cisco Talos discovered malicious activities conducted by an unknown attacker since as early as January 2025, predominantly targeting organizations in Japan. The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution RCE flaw in the PHP-CGI implementation of PHP on Windows...

Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in ...

U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations

The U.S. Department of Justice DoJ has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally. The individuals include two officers of the People's Republic of China's PRC Ministr...

Malicious code in totem-project-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d8e4f8906dbfdd2a20cc7cd9a3d92b2b079381e8440c9d434a5ad4767dbc176f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux Distros Unpatched Vulnerability : CVE-2024-23944

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching ...

Malicious code in analyzer_plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 747a848e1740f146ea6c00cc1bcc451280f4685bd6cf84e635361504de761cfe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Black Basta and Cactus Ransomware Groups Add BackConnect Malware to Their Arsenal

In this blog entry, we discuss how the Black Basta and Cactus ransomware groups utilized the BackConnect malware to maintain persistent control and exfiltrate sensitive data from compromised machines...

Malicious code in mep-widget-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd0595287736afbcd4a5eb42eee88ad6ac547864009d19dfcb6c2ecc108e526c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2025-21778

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap of persistent ring buffer When trying to mmap a trace instance buffer that is attached to reservemem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8 PF: supervisor read...

CVE-2025-21778

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap of persistent ring buffer When trying to mmap a trace instance buffer that is attached to reservemem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8 PF: supervisor read...

DEBIAN-CVE-2025-21778

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap of persistent ring buffer When trying to mmap a trace instance buffer that is attached to reservemem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8 PF: supervisor read...

UBUNTU-CVE-2025-21778

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap of persistent ring buffer When trying to mmap a trace instance buffer that is attached to reservemem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8 PF: supervisor read...

CVE-2025-21778 tracing: Do not allow mmap() of persistent ring buffer

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap of persistent ring buffer When trying to mmap a trace instance buffer that is attached to reservemem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8 PF: supervisor read...

CVE-2025-21778 tracing: Do not allow mmap() of persistent ring buffer

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap of persistent ring buffer When trying to mmap a trace instance buffer that is attached to reservemem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8 PF: supervisor read...

CVE-2025-21778

CVE-2025-21778 : In the Linux kernel, a fault occurs when mmap() is used on a trace ring buffer attached to reserve_mem. The mapping relied on virt_to_page() which does not work with vmap’d memory, causing a kernel oops during access. The fix disables mmap() for such persistent ring buffers (rese...

CVE-2025-21778

In the Linux kernel, the following vulnerability has been resolved: tracing: Do not allow mmap of persistent ring buffer When trying to mmap a trace instance buffer that is attached to reservemem, it would crash: BUG: unable to handle page fault for address: ffffe97bd00025c8 PF: supervisor read...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from tracing not properly handling mmap for persistent ring buffers, which could lead to a crash...

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: kyverno-policy-reporter-kyverno-plugin, kustomize, docker-credential-gcr, harbor-registry, terraform, direnv, aws-signer-notation-plugin, velero-plugin-for-aws, sftpgo-plugin-pubsub, kubernetes, gitness, petname, victoriametrics-operator, restic, vault-benchmark,...

CVE-2019-8900

CVE-2019-8900 concerns a SecureROM vulnerability in some Apple devices that allows an unauthenticated local attacker to execute arbitrary code on boot. Exploitation requires physical access: device must be connected to a computer and booted in DFU mode; the change is not persistent across reboots...

Malicious code in sally-fn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4d8f992872ff1926200839cd344c09dfc137f063e5f7e5f87f54d62b1d758202 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...