🐛 COMMON VULNERABILITIES AND EXPOSURES 20[−]
3 JanCVE-2025-61103 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.Information published.MSRC.MICROSOFT.COM
3 JanCVE-2025-61107 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.Information published.MSRC.MICROSOFT.COM
3 JanCVE-2025-61102 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.Information published.MSRC.MICROSOFT.COM
3 JanCVE-2025-61100 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.Information published.MSRC.MICROSOFT.COM
3 JanCVE-2025-61106 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.Information published.MSRC.MICROSOFT.COM
3 JanCVE-2025-61101 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.Information published.MSRC.MICROSOFT.COM
3 JanCVE-2025-61104 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.Information published.MSRC.MICROSOFT.COM
3 JanCVE-2025-61099 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.Information published.MSRC.MICROSOFT.COM
3 JanCVE-2025-32387 Helm Allows A Specially Crafted JSON Schema To Cause A Stack OverflowInformation published.MSRC.MICROSOFT.COM
3 JanCVE-2024-45310 runc can be confused to create empty files/directories on the hostInformation published.MSRC.MICROSOFT.COM
3 JanCVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creationInformation published.MSRC.MICROSOFT.COM
3 JanCVE-2025-34468 libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCEInformation published.MSRC.MICROSOFT.COM
3 JanCVE-2025-11961 OOBR and OOBW in pcap_ether_aton() in libpcapInformation published.MSRC.MICROSOFT.COM
3 JanCVE-2025-11964 OOBW in utf_16le_to_utf_8_truncated() in libpcapInformation published.MSRC.MICROSOFT.COM
3 JanCVE-2025-69277 libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.Information published.MSRC.MICROSOFT.COM
3 JanCVE-2025-15284 arrayLimit bypass in bracket notation allows DoS via memory exhaustionInformation published.MSRC.MICROSOFT.COM
3 JanCVE-2025-61594 URI Credential Leakage Bypass over CVE-2025-27221Information published.MSRC.MICROSOFT.COM
3 JanCVE-2023-52969 MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.Information published.MSRC.MICROSOFT.COM
3 JanCVE-2025-2912 HDF5 H5Omessage.c H5O_msg_flush heap-based overflowInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
3 JanI Found a Secret Hacker Team Fighting Cybercrime (they saved $1 billion) | video by NetworkChuck [26:56]submitted by onlinepersona to security 1 points | 0 comments https://tube.blueben.net/videos/watch/142099ff-5d45-4323-bc7d-8d0131f39378?isPeertubeContent=1 I stumbled upon this video and it’s mostly about using AI to fight against scammers and hackers that use AI themselves. Hidd…PROGRAMMING.DEV
3 JanMapping Cloud VulnerabilitiesCloud attack paths map vulnerabilities to potential breaches. Ignoring these paths could lead to serious data breaches. How can organizations better secure their cloud environments? Subscribe to our podcasts: https://securityweekly.com/subscribe #CloudSecurity #VulnerabilityMappi…YOUTUBE.COM
🔥 INCIDENT REPORTING 3[−]
3 JanFinnish Authorities Arrest Two Sailors in Probe Into Undersea Cable DisruptionFinnish authorities have detained a cargo vessel suspected of damaging an undersea telecommunications cable connecting Helsinki to Estonia. The incident has raised fresh concerns about potential hybrid warfare targeting critical infrastructure in the Baltic Sea region. The vessel…GBHACKERS.COM
3 JanShinyHunters claims Resecurity hack, firm says it’s a honeypotThe ShinyHunters hacking group claims it breached the systems of cybersecurity firm Resecurity and stole internal data, while Resecurity says the attackers only accessed a deliberately deployed honeypot containing fake information used to monitor their activity. [...]BLEEPINGCOMPUTER.COM
3 JanHackers claim to hack Resecurity, firm says it was a honeypotThe ShinyHunters hacking group claims it breached the systems of cybersecurity firm Resecurity and stole internal data, while Resecurity says the attackers only accessed a deliberately deployed honeypot containing fake information used to monitor their activity. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 2[−]
3 JanPresident Trump Orders Divestment in $2.9 Million Chips Deal to Protect US Security InterestsThe deal involved aerospace and defense specialist Emcore Corp. selling its computer chips and wafer fabrication operation. The post President Trump Orders Divestment in $2.9 Million Chips Deal to Protect US Security Interests appeared first on SecurityWeek .SECURITYWEEK.COM
3 JanThe Kimwolf Botnet is Stalking Your Local Networksubmitted by cm0002 to cybersecurity 1 points | 0 comments https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/INFOSEC.PUB
🎙️ PODCASTS 1[−]
3 JanFinal Encore Episode - Research, Cybersecurity Awareness and TrainingIn this episode, host Jim Love discusses the importance of cybersecurity awareness and training, featuring insights from Michael Joyce of the Human-Centric Cybersecurity Partnership at the University of Montreal and David Shipley of Beauceron Security. They explore the impact of …CYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 2[−]
3 JanBitfinex hacker Ilya Lichtenstein credits Trump for early release from prisonIlya Lichtenstein, who pled guilty to money laundering charges tied to his role in the massive hack of crypto exchange Bitfinex, has apparently been released early from prison.TECHCRUNCH.COM
3 JanCalifornia residents can use new tool to demand brokers delete their personal dataA new tool should make it easier for California residents to limit data brokers’ ability to store and sell their personal information.TECHCRUNCH.COM