Aggregator

A vulnerability classified as critical was found in tar-fs up to 1.16.3/2.1.1/3.0.7. Affected by this vulnerability is an unknown functionality of the file index.js of the component Tar File Handler. The manipulation leads to link following. This vulnerability is known as CVE-2024-12905. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.8. Affected is an unknown function of the component ovl. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2023-53004. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.166/5.15.91/6.1.9. It has been rated as critical. This issue affects the function skb_segment_list of the component net. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2023-52991. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Cloud Pak System up to 2.3.36. It has been declared as problematic. This vulnerability affects unknown code of the component CLI. The manipulation leads to channel accessible by non-endpoint. This vulnerability was named CVE-2023-38272. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Cloud Pak System up to 2.3.36. It has been classified as problematic. This affects an unknown part. The manipulation leads to missing encryption of sensitive data. This vulnerability is uniquely identified as CVE-2023-37405. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LabRedesCefetRJ WeGIA up to 3.2.5 and classified as critical. Affected by this issue is some unknown functionality of the file /WeGIA/controle/control.php. The manipulation of the argument nextPage leads to sql injection. This vulnerability is handled as CVE-2025-30367. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in LabRedesCefetRJ WeGIA up to 3.2.7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /WeGIA/html/socio/sistema/controller/query_geracao_auto.php. The manipulation of the argument Query leads to sql injection. This vulnerability is known as CVE-2025-30365. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

NAB's Anthony Hope on How Banks Are Preparing for the March 2026 Deadline
Australia's anti-money laundering and counter-terrorism financing legislation is undergoing its first major revision since 2006. Anthony Hope, group head of AML, CTF and fraud risk at NAB, explains what this "generational change" means for financial institutions.

Dennis Giese on Reverse Engineering, Flawed Authentication, Poor Threat Modeling
IoT security flaws expose users and businesses to serious risks. Weak authentication methods allow attackers to manipulate devices, leading to data breaches and privacy violations. Reverse engineering highlights these weaknesses, said Dennis Giese, IoT security and privacy researcher.

Newcomer VanHelsing and a Supposedly Revitalized LockBit Enter Victim-Hunting Fray
While the vast majority of ransomware attacks lately trace to relatively long-running groups, researchers see new operators entering the fray, lately including a ransomware-as-a-service group calling itself VanHelsing, as well as a fresh version of LockBit.

Also: The Treasury Department Lifts Tornado Cash Sanctions
This week, Abracadabra hack, updates on Tornado Cash and Bybit, $7M scam money recovery, man faces prison for stabbing crypto CEO, movie director charged for swindle, Ripple-SEC case wrap-up, Grinex is the new Garantex, Gotbit plea deal, Coinbase in supply chain hack and Binance insider risk threat.

NAB's Anthony Hope on How Banks Are Preparing for the March 2026 Deadline
Australia's anti-money laundering and counter-terrorism financing legislation is undergoing its first major revision since 2006. Anthony Hope, group head of AML, CTF and fraud risk at NAB, explains what this "generational change" means for financial institutions.

Dennis Giese on Reverse Engineering, Flawed Authentication, Poor Threat Modeling
IoT security flaws expose users and businesses to serious risks. Weak authentication methods allow attackers to manipulate devices, leading to data breaches and privacy violations. Reverse engineering highlights these weaknesses, said Dennis Giese, IoT security and privacy researcher.

Newcomer VanHelsing and a Supposedly Revitalized LockBit Enter Victim-Hunting Fray
While the vast majority of ransomware attacks lately trace to relatively long-running groups, researchers see new operators entering the fray, lately including a ransomware-as-a-service group calling itself VanHelsing, as well as a fresh version of LockBit.

Also: The Treasury Department Lifts Tornado Cash Sanctions
This week, Abracadabra hack, updates on Tornado Cash and Bybit, $7M scam money recovery, man faces prison for stabbing crypto CEO, movie director charged for swindle, Ripple-SEC case wrap-up, Grinex is the new Garantex, Gotbit plea deal, Coinbase in supply chain hack and Binance insider risk threat.

Backdoored Juniper networking devices are at the center of two major cybersecurity stories that highlight the ongoing vulnerability and active targeting of network infrastructure by cyber adversaries. J-Magic and TINYSHELL The first story broke in January 2025, when researchers at Black Lotus Labs, a research arm of the ISP Lumen Technologies, revealed information about an […]

The post Juniper Routers, Network Devices Targeted with Custom Backdoors appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Juniper Routers, Network Devices Targeted with Custom Backdoors appeared first on Security Boulevard.

A vulnerability, which was classified as critical, was found in LabRedesCefetRJ WeGIA up to 3.2.7. Affected is an unknown function of the file /WeGIA/html/funcionario/remuneracao.php. The manipulation of the argument id_funcionario leads to sql injection. This vulnerability is traded as CVE-2025-30364. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in LabRedesCefetRJ WeGIA up to 3.2.5. This issue affects some unknown processing of the file control.php. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-30361. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.15.90/6.1.8. This vulnerability affects the function nfsd4_ssc_setup_dul. The manipulation leads to use after free. This vulnerability was named CVE-2023-53025. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.10.165/5.15.90/6.1.8. This affects the function l2tp_tunnel_register. The manipulation leads to improper initialization. This vulnerability is uniquely identified as CVE-2023-53020. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.