280Articles
6Categories
2026-02-21Date
🚨 CISA KEV 1[−]
21 Feb KEVCISA Adds Two Actively Exploited Roundcube Flaws to KEV CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below …THEHACKERNEWS.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 270[−]
21 FebCVE-2025-21846 acct: perform last write from workqueueInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-21863 io_uring: prevent opcode speculationInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-58088 bpf: Fix deadlock when freeing cgroup storageInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-21856 s390/ism: add release function for struct deviceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-2953 PyTorch torch.mkldnn_max_pool2d denial of serviceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-21855 ibmvnic: Don't reference skb after sending to VIOSInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68758 backlight: led-bl: Add devlink to supplier LEDsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68771 ocfs2: fix kernel BUG in ocfs2_find_victim_chainInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71133 RDMA/irdma: avoid invalid read in irdma_net_eventInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68755 staging: most: remove broken i2c driverInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-13034 No QUIC certificate pinning with GnuTLSInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-14017 broken TLS options for threaded LDAPSInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-15224 libssh key passphrase bypass without agent setInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-14524 bearer token leak on cross-protocol redirectInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-15079 libssh global known_hosts overrideInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-14819 OpenSSL partial chain store policy bypassInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-68823 ublk: fix deadlock when reading partition tableInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71081 ASoC: stm32: sai: fix OF node leak on probeInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2025-71074 functionfs: fix the open/removal racesInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2019-14584 Null pointer dereference in Tianocore EDK2Information published.MSRC.MICROSOFT.COM
21 FebCVE-2022-24791 Use after free in WasmtimeInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2022-3996 X.509 Policy Constraints Double LockingInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2022-3064 Excessive resource consumption in gopkg.in/yaml.v2Information published.MSRC.MICROSOFT.COM
21 FebCVE-2023-5824 Squid: dos against http and httpsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2023-46847 Squid: denial of service in http digest authenticationInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-56538 drm: zynqmp_kms: Unplug DRM device before removalInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-56598 jfs: array-index-out-of-bounds fix in dtReadFirstInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-53186 ksmbd: fix use-after-free in SMB request handlingInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-47814 use-after-free when closing buffers in VimInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49965 ocfs2: remove unreasonable unlock in ocfs2_read_blocksInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49973 r8169: add tally counter fields added with RTL8125Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-9355 Golang-fips: golang fips zeroed bufferInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49998 net: dsa: improve shutdown sequenceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50073 tty: n_gsm: Fix use-after-free in gsm_cleanup_muxInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49950 Bluetooth: L2CAP: Fix uaf in l2cap_connectInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-49963 mailbox: bcm2835: Fix timeout during suspend modeInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50001 net/mlx5: Fix error path in multi-packet WQE transmitInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50007 ALSA: asihpi: Fix potential OOB array accessInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-8925 Erroneous parsing of multipart form dataInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-9026 PHP-FPM logs from children may be alteredInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50010 exec: don't WARN for racy path_noexec checkInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50072 x86/bugs: Use code segment selector for VERW operandInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44965 x86/mm: Fix pti_clone_pgtable() alignment assumptionInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44991 tcp: prevent concurrent execution of tcp_sk_exit_batchInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44996 vsock: fix recursive ->recvmsg callsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45012 nouveau/firmware: use dma non-coherent allocatorInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45016 netem: fix return value if duplicate enqueue failsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45019 net/mlx5e: Take state lock during tx timeout reporterInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45030 igb: cope with large MAX_SKB_FRAGSInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46689 soc: qcom: cmd-db: Map shared memory as WC not WBInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46693 soc: qcom: pmic_glink: Fix race during initializationInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46709 drm/vmwgfx: Fix prime with external buffersInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46720 drm/amdgpu: fix dereference after null checkInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46722 drm/amdgpu: fix mc_data out-of-bounds read warningInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46741 misc: fastrpc: Fix double free of 'buf' in error pathInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46763 fou: Fix null-ptr-deref in GRO.Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46770 ice: Add netif_device_attach/detach into PF reset flowInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46798 ASoC: dapm: Fix UAF for snd_soc_pcm_runtime objectInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46806 drm/amdgpu: Fix the warning division or modulo by zeroInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46809 drm/amd/display: Check BIOS images before it is usedInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46821 drm/amd/pm: Fix negative array index readInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46853 spi: nxp-fspi: fix the KASAN report out-of-bounds bugInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46855 netfilter: nft_socket: fix sk refcount leaksInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44949 parisc: fix a possible DMA corruptionInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44960 usb: gadget: core: Check for unset descriptorInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-44969 s390/sclp: Prevent release of buffer in I/OInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45018 netfilter: flowtable: initialise extack before useInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45020 bpf: Fix a kernel verifier crash in stacksafe()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-45029 i2c: tegra: Do not mark ACPI devices as irq safeInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46676 nfc: pn533: Add poll mod list filling checkInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46678 bonding: change ipsec_lock from spin lock to mutexInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46692 firmware: qcom: scm: Mark get_wq_ctx() as atomic callInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46710 drm/vmwgfx: Prevent unmapping active read buffersInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46721 apparmor: fix possible NULL pointer dereferenceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46723 drm/amdgpu: fix ucode out-of-bounds read warningInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46725 drm/amdgpu: Fix out-of-bounds write warningInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46731 drm/amd/pm: fix the Out-of-bounds read warningInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46740 binder: fix UAF caused by offsets overwriteInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46765 ice: protect XDP configuration with a mutexInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46773 drm/amd/display: Check denominator pbn_div before usedInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46782 ila: call nf_unregister_net_hooks() soonerInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46795 ksmbd: unset the binding mark of a reused connectionInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46797 powerpc/qspinlock: Fix deadlock in MCS queueInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46800 sch/netem: fix use after free in netem_dequeueInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46805 drm/amdgpu: fix the waring dereferencing hiveInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46807 drm/amd/amdgpu: Check tbo resource pointerInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46829 rtmutex: Drop rt_mutex::wait_lock before schedulingInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46843 scsi: ufs: core: Remove SCSI host only if addedInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46844 um: line: always fill *error_out in setup_one_line()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46845 tracing/timerlat: Only clear timer if a kthread existsInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46848 perf/x86/intel: Limit the period on HaswellInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46854 net: dpaa: Pad packets to ETH_ZLENInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-46861 usbnet: ipheth: do not stop RX on failing RX callbackInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-43835 virtio_net: Fix napi_skb_cache_put warningInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-43817 net: missing check virtioInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-43834 xdp: fix invalid wait context of page_pool_destroy()Information published.MSRC.MICROSOFT.COM
21 FebCVE-2024-42122 drm/amd/display: Add NULL pointer check for kzallocInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-50130 netfilter: bpf: must hold reference on net namespaceInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-26984 nouveau: fix instmem race condition around ptr storesInformation published.MSRC.MICROSOFT.COM
21 FebCVE-2024-26973 fat: fix uninitialized field in nostale filehandlesInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 6[−]
21 FebAgentic AI Security Is Broken and How To Fix It: Ido Shlomo, Co-founder and CTO of Token SecurityJim Love discusses how rapid adoption of agentic AI is repeating the industry pattern of shipping technology without security, citing issues like vulnerabilities in Anthropic's MCP and insecure open-source agent tools. He interviews Ido Shlomo, co-founder and CTO of Token Securit…CYBERSECURITYTODAY.LIBSYN.COM
21 FebAI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 CountriesA Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries. That's according to new findings from Amazon Threat Intellige…THEHACKERNEWS.COM
21 FebAnthropic Launches Claude Code Security for AI-Powered Vulnerability ScanningArtificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security, is currently available in a limited research …THEHACKERNEWS.COM
21 FebEC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and SecurityWith $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce readiness. EC-Council, creator of the world-renowned Certified Ethical Hacker (CEH) cre…THEHACKERNEWS.COM
21 FebAI Threats: What Could Go Wrong?Palo Alto Networks' report reveals that most successful attacks stem from preventable errors and poor identity controls. AI attackers can quickly exploit these vulnerabilities, posing a significant threat. How can organizations strengthen their defenses against AI-driven attacks?…YOUTUBE.COM
21 FebFrance's Ministry of Economy disclosed that attackers used stolen official credentials to access FICOBA, the national bank account registry, exposing data on 1.2 million accountssubmitted by Innerworld to cybersecurity 3 points | 1 comments https://www.securityweek.com/french-government-says-1-2-million-bank-accounts-exposed-in-breach/INFOSEC.PUB
🔥 INCIDENT REPORTING 1[−]
21 FebWhat Happens If I Click A Phishing Link?Phishing is the most prominent form of cyber-attack, regularly prompting email recipients into disclosing their personal information, credentials, downloading malware, or paying fraudulent invoices . Phishing can result in cybercriminals gaining unauthorized access to organizatio…KNOWBE4.COM
🕵️ THREAT INTELLIGENCE 1[−]
21 FebWhat is OAuth?submitted by cm0002 to cybersecurity 6 points | 2 comments https://leaflet.pub/p/did:plc:3vdrgzr2zybocs45yfhcr6ur/3mfd2oxx5v22bINFOSEC.PUB
📡 INFOSEC NEWS 1[−]
21 Feb7 days until ticket prices rise for TechCrunch Disrupt 2026Lowest ticket prices to TechCrunch Disrupt 2026 end February 27. Up to $680 off individual passes and up to 30% off group passes. Register before they go up to join 10,000 founders, tech operators, and VCs.TECHCRUNCH.COM