Read Time:6 Second
The UK and its Five Eyes partners have launched new security guidance for edge device manufacturers and network defenders
Yearly Archives: 2025
Cybercriminals Eye DeepSeek, Alibaba LLMs for Malware Development
Read Time:4 Second
Check Point has observed cybercriminals toy with Alibaba’s Qwen LLM to develop infostealers
Destructive Attacks on Financial Institutions Surge
Read Time:4 Second
Contrast Security reveals a 12.5% annual increase in destructive cyber-attacks on banks
ZDI-25-084: Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-1052.
ZDI-25-085: Logsign Unified SecOps Platform Authentication Bypass Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-1044.
USN-7257-1: Kerberos vulnerability
Read Time:21 Second
Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc
Stevens, and Adam Suhl discovered that Kerberos incorrectly authenticated
certain responses. An attacker able to intercept communications between a
RADIUS client and server could possibly use this issue to forge responses,
bypass authentication, and access network devices and services.
This update introduces support for the Message-Authenticator attribute in
non-EAP authentication methods for communications between Kerberos and a
RADIUS server.
USN-7255-1: OpenJDK 23 vulnerability
Read Time:11 Second
It was discovered that the Hotspot component of OpenJDK 23 did not properly
handle API access under certain circumstances. An unauthenticated attacker
could possibly use this issue to access unauthorized resources and expose
sensitive information.
USN-7254-1: OpenJDK 21 vulnerability
Read Time:11 Second
It was discovered that the Hotspot component of OpenJDK 21 did not properly
handle API access under certain circumstances. An unauthenticated attacker
could possibly use this issue to access unauthorized resources and expose
sensitive information.
USN-7253-1: OpenJDK 17 vulnerability
Read Time:11 Second
It was discovered that the Hotspot component of OpenJDK 17 did not properly
handle API access under certain circumstances. An unauthenticated attacker
could possibly use this issue to access unauthorized resources and expose
sensitive information.
USN-7252-1: OpenJDK 11 vulnerability
Read Time:11 Second
It was discovered that the Hotspot component of OpenJDK 11 did not properly
handle API access under certain circumstances. An unauthenticated attacker
could possibly use this issue to access unauthorized resources and expose
sensitive information.