Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/gup: Rejects FOLLSPLITPMD with hugetlb VMAs. The patch series “mm: fixes for device-exclusive entries hmm”, version 2. While discussing the PageTail call in makedeviceexclusiverange, I recently discovered that device-exclusive...

Laurie Anderson Is Quoting Me

Not by name, but Laurie Anderson quotes me in one of the tracks of her new album: My favorite quote is from a cryptologist who said "If you think technology will solve your problems, you don't understand technology and you don't understand your problems." Also in interviews: "Of course, it's...

Agentic Fuzzing: Opportunities and Challenges

Fuzzers and static analyzers find many bugs but struggle with logic bugs in mature codebases. Triggering such a bug often requires multi-step reasoning that produces no distinctive execution feedback, and variants can appear across implementations too different for a single pattern to match. Rece...

Astra Linux - уязвимость в zabbix

A regular Zabbix user without access to the Monitoring - Problems view can still call the problem.view.refresh action, and thus still retrieve a list of active problems...

Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps

A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology OT networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues...

A Survey of Security Challenges and Solutions for Advanced Air Mobility and EVTOL Aircraft

This survey reviews the existing and envisioned security vulnerabilities and defense mechanisms relevant to Advanced Air Mobility AAM systems, with a focus on electric vertical takeoff and landing eVTOL aircraft. Drawing from vulnerabilities in the avionics in commercial aviation and the automate...

Gamifying Cyber Governance: A Virtual Escape Room to Transform Cybersecurity Policy Education

Serious games are gaining popularity as effective teaching and learning tools, providing engaging, interactive, and practical experiences for students. Gamified learning experiences, such as virtual escape rooms, have emerged as powerful tools in bridging theory and practice, fostering deeper...

CVE-2023-50948

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671...

CVE-2019-16649

On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to...

CVE-2024-2423

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output...

How to Integrate AI into Modern SOC Workflows

Artificial intelligence AI is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is because SOCs are adopting AI without an intentional approach to operational integration. Some teams...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper import of the iouring network vector buffer, which could lead to memory problems...

[SECURITY] Fedora 43 Update: GeographicLib-2.5.2-1.fc43

GeographicLib is a small set of C++ classes for performing conversions between geographic, UTM, UPS, MGRS, geocentric, and local Cartesian coordinates, for gravity e.g., EGM2008, geoid height and geomagnetic field e.g., WMM2010 calculations, and for solving geodesic problems. The emphasis is on...

GPT-5 at CTFs: Case Studies from Top-Tier Cybersecurity Events

OpenAI and DeepMind's AIs recently got gold at the IMO math olympiad and ICPC programming competition. We show frontier AI is similarly good at hacking by letting GPT-5 compete in elite CTF cybersecurity competitions. In one of this year's hardest events, it outperformed 93% of humans finishing...

Enhancing NTRUEncrypt Security Using Markov Chain Monte Carlo Methods: Theory and Practice

This paper presents a novel framework for enhancing the quantum resistance of NTRUEncrypt using Markov Chain Monte Carlo MCMC methods. We establish formal bounds on sampling efficiency and provide security reductions to lattice problems, bridging theoretical guarantees with practical...

Twin-Field Quantum Key Distribution: Protocols, Security, and Open Problems

Twin-Field Quantum Key Distribution TF-QKD has emerged as a potential protocol for long distance secure communication, overcoming the rate-distance limitations of conventional quantum key distribution without requiring trusted repeaters. By having two parties transmit phase encoded weak coherent...

CVE-2025-39999 blk-mq: fix blk_mq_tags double free while nr_requests grown

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix blkmqtags double free while nrrequests grown In the case user trigger tags grow by queue sysfs attribute nrrequests, hctx-schedtags will be freed directly and replaced with a new allocated tags, see blkmqtagupdatedept...

CVE-2025-49641

A regular Zabbix user with no permission to the Monitoring - Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems...

Linux Distros Unpatched Vulnerability : CVE-2025-49641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A regular Zabbix user with no permission to the Monitoring - Problems view is still able to call the problem.view.refresh action and therefore still retrieve a...

EUVD-2005-4821

Malware in sbrugna...