149 matches found
Malicious code in genetic_tick_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f542971b5f5954a674616d1206253605e8d0402229823361f3e8aa14ba195bdf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990497)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990497 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Mark legacy PIC interrupts with IRQLEVEL Baoquan reported that after triggering a cras...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989126)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989126 advisory. In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport init-annotated ticknohzfullsetup EXPORTSYMBOL and init is a bad combination...
⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More
Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: RCU: Fixed a deadloop in rcureadunlock due to IRQ work. During rcureadunlockspecial, if this occurs during irqexit, we may get locked up if an IPI is issued. This is because the IPI itself triggers the irqexit path, causing a...
China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems
The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick. The vulnerability, tracked as CVE-2025-61932 CVSS score: 9.3, allows remote attackers to execute arbitrary commands with SYSTEM privileg...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986295)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986295 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit...
EUVD-2025-28967
Malicious code in bioql PyPI...
SUSE CVE-2025-39744
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcureadunlock deadloop due to IRQ work During rcureadunlockspecial, if this happens during irqexit, we can lockup if an IPI is issued. This is because the IPI itself triggers the irqexit path causing a recursive lock up...
CVE-2025-39744
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcureadunlock deadloop due to IRQ work During rcureadunlockspecial, if this happens during irqexit, we can lockup if an IPI is issued. This is because the IPI itself triggers the irqexit path causing a recursive lock up...
UBUNTU-CVE-2025-39744
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcureadunlock deadloop due to IRQ work During rcureadunlockspecial, if this happens during irqexit, we can lockup if an IPI is issued. This is because the IPI itself triggers the irqexit path causing a recursive lock up...
brick-node (>=0.0.0 <=0.0.17), change-object (=0.0.0) +9 more potentially affected by unknown CVE via pause-function (=0.0.1)
pause-function NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on pause-function and may be impacted: - brick-node =0.0.0, =1.16.0, =0.0.0, =1.0.1 - stream-format =0.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-28923...
big-integer-max (=1.0.0), big-integer-min (>=1.0.0 <=1.0.1) +25 more potentially affected by unknown CVE via just-next-tick (=0.0.0)
just-next-tick NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on just-next-tick and may be impacted: - big-integer-max =1.0.0 - big-integer-min =1.0.0, =0.0.3, =0.0.0, =0.0.0, =0.0.0, =0.0.1, =0.0.9 and more Source cves: unknown CVE...
Malicious code in just-next-tick (npm)
The package just-next-tick was found to contain malicious code...
change-object (=0.0.0), cli-qa (=2.0.0) +7 more potentially affected by unknown CVE via run-serially (=0.0.0)
run-serially NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on run-serially and may be impacted: - change-object =0.0.0 - cli-qa =2.0.0 - comma-list =0.0.0 - fd-select =1.0.0 - frp-tick =1.0.0 - innkeeper =1.0.4 - limited-parallel-loop...
brick (=0.0.0), brick-node (>=0.0.8 <=0.0.17) +30 more potentially affected by unknown CVE via show-help (>=0.0.0 <=2.0.1)
show-help NPM version =0.0.0, =0.0.8, =0.0.0, =0.0.5, =0.0.0, =0.0.0, =0.0.7, =0.0.9, =1.1.0, =1.1.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-33162...
MAL-2025-24119 Malicious code in just-next-tick (npm)
The package just-next-tick was found to contain malicious code...
PT-2025-37203
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to rcu read unlock. Specifically, a potential deadlock can occur during rcu read unlock special when invoked within the irq exit path, trigger...
SUSE CVE-2023-52993
In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Mark legacy PIC interrupts with IRQLEVEL Baoquan reported that after triggering a crash the subsequent crash-kernel fails to boot about half of the time. It triggers a NULL pointer dereference in the periodic tick code...
UBUNTU-CVE-2023-52993
In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Mark legacy PIC interrupts with IRQLEVEL Baoquan reported that after triggering a crash the subsequent crash-kernel fails to boot about half of the time. It triggers a NULL pointer dereference in the periodic tick code...