#c++

A security-relevant race between mremap() and THP code has been discovered. Reaching the buggy code typically requires the ability to create unprivileged namespaces. The bug leads to installing physical address 0 as a page table, which is likely exploitable in several ways: For example, triggering the bug in multiple processes can probably lead to unintended page table sharing, which probably can lead to stale TLB entries pointing to freed pages.

Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East — led by Saudi Arabia and other Gulf nations — have adopted mature frameworks and regulations amid escalating volumes of attacks.

SteelFox malware targets software pirates through fake activation tools, stealing credit card data and deploying crypto miners. Learn…

The malware combines a miner and data stealer, and it packs functions that make detection and mitigation a challenge.

A threat actor with ties to the Democratic People's Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices. Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as

An ongoing phishing campaign is employing copyright infringement-related themes to trick victims into downloading a newer version of the Rhadamanthys information stealer since July 2024. Cybersecurity firm Check Point is tracking the large-scale campaign under the name CopyRh(ight)adamantys. Targeted regions include the United States, Europe, East Asia, and South America. "The campaign

A lot of time and effort is put into writing security-focused software. Hardware vendors routinely add new features that help software developers increase the security of their software. Memory safe languages like Rust that help developers write safer code are becoming more and more popular. However, advancements in software security can be rendered useless if the supply chain for delivering software is compromised. As we’ve seen with the recent xz incident, a supply chain vulnerability can be exploited with malicious intent. In the LLVM project, we've been working to secure our own sof

Sysax Multi Server version 6.9.9 suffers from an SSH related denial of service vulnerability.

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said. "Through