Multiple vulnerabilities have been discovered in SonicWall SonicOS that could allow for authentication bypass. SonicOS is SonicWall’s operating system designed for their firewalls and other security devices. Successful exploitation of the most severe of these vulnerabilities could allow for authentication bypass on the affected system. Depending on the privileges associated with the system, an attacker could then; view, change, or delete data.
xen-4.19.1-3.fc41
work around debugedit bug to fix aarch64 builds
xen-hypervisor %post doesn’t load all needed grub2 modules
update to xen-4.19.1 which includes
Deadlock in x86 HVM standard VGA handling [XSA-463, CVE-2024-45818]
libxl leaks data to PVH guests via ACPI tables [XSA-464, CVE-2024-45819]
thunderbird-128.6.0-1.fc40
Update to 128.6.0
https://www.thunderbird.net/en-US/thunderbird/128.6.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-04/
thunderbird-128.6.0-1.fc41
Update to 128.6.0
https://www.thunderbird.net/en-US/thunderbird/128.6.0esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-04/
Ever wonder how those “free” browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and your favorite YouTubers with empty pockets.
Plus, we take a look at Kagi, the search engine you pay not to show you adverts, and discuss what you should do with your old, no-longer-wanted technology.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
The Space Bears ransomware gang stands out from the crowd by presenting itself better than many legitimate companies, with corporate stock images and a professional-looking leak site.
Read more in my article on the Tripwire State of Security blog.
Critical Fancy Product Designer plugin flaws risk remote code execution and SQL injection attacks on WordPress sites
Guido Vranken discovered that Go Networking handled input to the Parse
functions inefficiently. An attacker could possibly use this issue to
cause denial of service. This update addresses the issue in the
golang-golang-x-net and golang-golang-x-net-dev packages, as well as the
library vendored within adsys and juju-core.
Cyber-attacks by China-linked MirrorFace targeted Japan’s national security information in major campaigns operating since 2019
