Aggregator

CVE-2025-22225 | VMware ESXi VMX Process access control (Nessus ID 226453)

Vuldb Updates
1 day 3 hours ago
A vulnerability identified as critical has been detected in VMware ESXi, Cloud Foundation, Telco Cloud Platform and Telco Cloud Infrastructure. Affected is an unknown function of the component VMX Process. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-22225. Local access is required to approach this attack. Moreover, an exploit is present. You should upgrade the affected component.
vuldb.com

CVE-2026-23064 | Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6 sched tcf_ife_encode null pointer dereference

VulDB Recent Entries
1 day 3 hours ago
A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. The affected element is the function tcf_ife_encode of the component sched. Executing a manipulation can lead to null pointer dereference. The identification of this vulnerability is CVE-2026-23064. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2026-23062 | Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6 hp-bioscfg min_length_show null pointer dereference

VulDB Recent Entries
1 day 3 hours ago
A vulnerability identified as critical has been detected in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. Impacted is the function min_length_show of the component hp-bioscfg. Performing a manipulation results in null pointer dereference. This vulnerability was named CVE-2026-23062. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.
vuldb.com

CVE-2026-23063 | Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6 uacce put_queue state issue

VulDB Recent Entries
1 day 3 hours ago
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.6.121/6.12.67/6.18.7/6.19-rc6. This issue affects the function put_queue of the component uacce. Such manipulation leads to state issue. This vulnerability is uniquely identified as CVE-2026-23063. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2026-23057 | Linux Kernel up to 6.12.67/6.18.7/6.19-rc6 vsock virtio_vsock_alloc_linear_skb uninitialized pointer

VulDB Recent Entries
1 day 3 hours ago
A vulnerability was found in Linux Kernel up to 6.12.67/6.18.7/6.19-rc6. It has been rated as critical. This vulnerability affects the function virtio_vsock_alloc_linear_skb of the component vsock. This manipulation causes uninitialized pointer. This vulnerability is handled as CVE-2026-23057. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2026-23055 | Linux Kernel up to 6.12.66/6.18.6/6.19-rc5 riic suspend_late state issue

VulDB Recent Entries
1 day 3 hours ago
A vulnerability was found in Linux Kernel up to 6.12.66/6.18.6/6.19-rc5. It has been declared as critical. This affects the function suspend_late of the component riic. The manipulation results in state issue. This vulnerability is known as CVE-2026-23055. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

ACFW firewall test prologue – still failing at the basics

Security Boulevard
1 day 3 hours ago

The results of our soon-to-be-published Advanced Cloud Firewall (ACFW) test are hard to ignore. Some vendors are failing badly at the basics like SQL injection, command injection, Server-Side Request Forgery (SSRF) and API abuse with block percentages under 20%, sometimes way under. Those are just the application-based threats, never mind the vulnerability-based attacks.  While it’s […]

The post ACFW firewall test prologue – still failing at the basics appeared first on Security Boulevard.

Cameron Camp

False Negatives Are a New SOC Headache. Here’s the Fast Way to Fix It 

Cyber Security News
1 day 3 hours ago

False negatives are becoming the most expensive “quiet” failure in SOCs. In 2026, AI-generated phishing and multi-stage malware chains are built to look clean on the outside, behave normally at first, and only reveal intent after real interaction. The result is brutal for security leaders: real attacks get labeled “benign,” “low risk,” or “no verdict,” and the […]

The post False Negatives Are a New SOC Headache. Here’s the Fast Way to Fix It  appeared first on Cyber Security News.

Balaji N

Significant Ransomware & Firewall Misconfiguration Breach

Security Boulevard
1 day 4 hours ago

When “Secure by Design” Fails at the Edge Firewalls are still widely treated as the first and final line of defense. Once deployed, configured, and updated, they are often assumed to be a stable control that quietly does its job in the background. Recent ransomware incidents suggest that the assumption is becoming dangerous. In early

The post Significant Ransomware & Firewall Misconfiguration Breach appeared first on Seceon Inc.

The post Significant Ransomware & Firewall Misconfiguration Breach appeared first on Security Boulevard.

Kriti Tripathi

When Documents Become the Attack Vector: Inside APT28’s Latest Microsoft Office Exploit

Security Boulevard
1 day 4 hours ago

Email attachments remain one of the most trusted entry points into enterprise environments. Despite years of awareness training and secure email gateways, attackers continue to rely on documents because they blend seamlessly into everyday workflows. New reporting from The Hacker News details how APT28, a Russia-linked threat actor, is actively exploiting a newly disclosed Microsoft

The post When Documents Become the Attack Vector: Inside APT28’s Latest Microsoft Office Exploit appeared first on Seceon Inc.

The post When Documents Become the Attack Vector: Inside APT28’s Latest Microsoft Office Exploit appeared first on Security Boulevard.

Aditya Kumar

Incognito dark web drug market operator gets 30 years in prison

Help Net Security
1 day 4 hours ago

Rui-Siang Lin, a Taiwanese national, was sentenced to 30 years in U.S. federal prison for operating Incognito Market, one of the world’s largest illicit online narcotics marketplaces. Incognito Market splash page and graphical interface Incognito Market operated on the dark web from October 2020 until it closed in March 2024. The platform functioned as a centralized marketplace accessible through the Tor browser and supported drug sales to buyers around the world. Vendors used the site … More →

The post Incognito dark web drug market operator gets 30 years in prison appeared first on Help Net Security.

Sinisa Markovic

Managed ad