Aggregator

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

A newly disclosed Linux kernel vulnerability dubbed Fragnesia allows any local unprivileged user to escalate privileges to root without requiring a race condition, making it one of the more reliable local privilege escalation exploits seen in recent years. Discovered by William Bowling of the V12 security team, Fragnesia joins a growing class of dangerous kernel […]

The post Fragnesia Linux Vulnerability Let Attackers Gain Root Privileges – PoC Released appeared first on Cyber Security News.

’‘三人言市有虎，王信之乎？’王曰：‘寡人信之矣。’

Currently trending CVE - Hype Score: 4

Currently trending CVE - Hype Score: 4

Currently trending CVE - Hype Score: 4 - A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive CPU usage; affecting the following packages: react-server-dom-webpack, ...

Currently trending CVE - Hype Score: 1

Currently trending CVE - Hype Score: 1

Currently trending CVE - Hype Score: 1

Currently trending CVE - Hype Score: 1

Currently trending CVE - Hype Score: 1

Currently trending CVE - Hype Score: 1 - In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP ...

Currently trending CVE - Hype Score: 1 - xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability ...

Signal is adding new protections for users following recent phishing and social engineering attacks. In March, the FBI and CISA issued a warning stating that Signal had become a primary target of Russian intelligence-linked hackers. Dutch and German security authorities were among the first to identify phishing campaigns targeting Signal users. The scheme centered on Signal’s “linked devices” feature. Attackers contacted targets while posing as trusted entities, including support teams or known contacts. Victims were … More →

The post Signal responds to phishing attacks with new in-app security warnings appeared first on Help Net Security.

Tuskira has announced the launch of Kairo, a breach modeling capability that detects deep, hidden breach paths by leveraging its security data mesh and digital twin technology. Kairo helps security teams improve breach resilience by modeling how attackers can leverage new AI models to laterally move across an environment, identifying deep hidden kill chains across cloud, IT & OT infrastructure. Kairo also validates detected breach paths against existing security controls if attackers can also bypass … More →

The post Tuskira’s Kairo exposes hidden AI-driven breach paths appeared first on Help Net Security.

Used primarily for resource management, cgroups unlock valuable telemetry for investigating malicious processes on Linux

Key Points Introduction The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. Its operators advertise the service across multiple underground forums, promoting their ransomware platform and inviting penetration testers and other technically skilled actors to join as affiliates. In 2026, based on victims listed on the data leak site (DLS), […]

The post Thus Spoke…The Gentlemen appeared first on Check Point Research.

Foxconn, the world's largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. [...]

Apricorn has announced enhancements to its Aegis Secure Key 3.0 (ASK3), delivering faster performance and new environmental protection capabilities designed to secure the device and its data in the most demanding physical circumstances. The ASK3 was updated to meet and exceed the latest NIST Cryptographic Module Validation Program (CMVP) for FIPS 140-3 Level 3 validation, for which it has formally been submitted. This positions the ASK3 for use by government, defence contractors, and organisations across … More →

The post Apricorn hardens ASK3 encrypted USB drive for extreme conditions appeared first on Help Net Security.