254Articles
7Categories
2026-06-28Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 241[−]
28 JunCVE-2026-46245 drm/amd/display: Fix dc_link NULL handling in HPD initInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-46244 netfilter: nft_inner: Fix IPv6 inner_thoff desyncInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52953 iommu/vt-d: Fix oops due to out of scope accessInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53005 af_unix: Drop all SCM attributes for SOCKMAP.Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52912 netfilter: nf_queue: hold bridge skb->dev while queuedInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53213 drm/vc4: fix krealloc() memory leakInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52931 batman-adv: tp_meter: avoid use of uninit sender varsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52915 netfilter: ip6t_hbh: reject oversized option listsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53194 USB: serial: kl5kusb105: fix bulk-out buffer overflowInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53254 Bluetooth: RFCOMM: validate skb length in MCC handlersInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53120 PCI: use generic driver_override infrastructureInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52934 batman-adv: tvlv: reject oversized TVLV packetsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53267 netfilter: nft_ct: bail out on template ct in get evalInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53249 ipv4: restrict IPOPT_SSRR and IPOPT_LSRR optionsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53139 drm/v3d: Skip CSD when it has zeroed workgroupsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53177 bnxt_en: Fix NULL pointer dereferenceInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53214 ipv6: Fix a potential NPD in cleanup_prefix_route()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53107 wifi: libertas: don't kill URBs in interrupt contextInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53220 netfilter: revalidate bridge portsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53228 ipv6: sit: reload inner IPv6 header after GSO offloadsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53132 vsock/virtio: fix potential unbounded skb queueInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52937 tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDRInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53106 bpf: Do not allow deleting local storage in NMIInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53217 net: mvpp2: sync RX data at the hardware packet offsetInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52926 batman-adv: clear current gateway during teardownInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53157 net: phonet: free phonet_device after RCU grace periodInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-57452 Vim: Out-of-bounds Read with libsodium-encrypted FilesInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-55693 Vim: Out-of-bounds Write in Spell File Word CountInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53253 Bluetooth: bnep: reject short frames before parsingInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53025 greybus: raw: fix use-after-free on cdev closeInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53215 net: mvpp2: refill RX buffers before XDP or skb useInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-55892 Vim: Out-of-bounds Write in Spell File Prefix DumpInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-57454 Vim: Out-of-bounds Read with Text PropertiesInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-46243 smb: client: reject userspace cifs.spnego descriptionsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53227 net: openvswitch: fix possible kfree_skb of ERR_PTRInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52913 batman-adv: v: stop OGMv2 on disabled interfaceInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52921 netfilter: ipset: stop hash:* range iteration at endInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53270 ipvs: clear the svc scheduler ptr early on editInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-48142 NGINX ngx_http_charset_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53236 tcp: restrict SO_ATTACH_FILTER to priv usersInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53118 vdpa: use generic driver_override infrastructureInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53266 netfilter: bridge: make ebt_snat ARP rewrite writableInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53138 drm/amd/display: Bound VBIOS record-chain walk loopsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53182 wifi: nl80211: reject oversized EMA RNR listsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-11972 tarfile opened in streaming mode mishandles EOFInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handlingInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53018 f2fs: avoid reading already updated pages during GCInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53184 udp: clear skb->dev before running a sockmap verdictInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52923 ipc: limit next_id allocation to the valid ID rangeInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53192 ALSA: timer: Fix UAF at snd_timer_user_params()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52960 ceph: put folios not suitable for writebackInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53133 RDMA/umem: Fix truncation for block sizes >= 4GInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53009 ice: fix double-free of tx_buf skbInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53015 erofs: unify lcn as u64 for 32-bit platformsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52922 batman-adv: dat: handle forward allocation errorInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53000 netfilter: nat: use kfree_rcu to release opsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53225 sctp: fix uninit-value in __sctp_rcv_asconf_lookup()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53258 wifi: fix leak if split 6 GHz scanning failsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53183 mptcp: allow subflow rcv wnd to shrinkInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53226 gpio: rockchip: fix generic IRQ chip leak on removeInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53108 powerpc/64s: Fix unmap race with PMD migration entriesInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53091 net: pull headers in qdisc_pkt_len_segs_init()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53232 net: phy: clean the sfp upstream if phy probing failsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52962 ceph: fix a buffer leak in __ceph_setxattr()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53070 sctp: disable BH before calling udp_tunnel_xmit_skb()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53156 nvmem: core: fix use-after-free bugs in error pathsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-57451 Vim: Out-of-bounds Read in Text Property CountInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53296 mailbox: mailbox-test: free channels on probe errorInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53297 net: mana: Guard mana_remove against double invocationInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53293 drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REGInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53294 mailbox: mailbox-test: don't free the reused channelInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53295 mailbox: add sanity check for channel arrayInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53279 drm/gma500/oaktrail_lvds: fix hang on init failureInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-42123 drm/amdgpu: fix double free err_addr pointer warningsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-42155 s390/pkey: Wipe copies of protected- and secure-keysInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-42139 ice: Fix improper extts handlingInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-50225 btrfs: fix error propagation of split biosInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-53084 drm/imagination: Break an object reference loopInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-50090 drm/xe/oa: Fix overflow in oa batch bufferInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-27010 net/sched: Fix mirred deadlock on device recursionInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-27079 iommu/vt-d: Fix NULL domain on device releaseInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-53187 io_uring: check for overflows in io_pin_pagesInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-56544 udmabuf: change folios array from kmalloc to kvmallocInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-56702 bpf: Mark raw_tp arguments with PTR_MAYBE_NULLInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-49990 drm/xe/hdcp: Check GSC structure validityInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-47703 bpf, lsm: Add check for BPF LSM return valueInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-46681 pktgen: use cpus_read_lock() in pg_net_init()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2024-46701 libfs: fix infinite directory reads for offset dirInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-46775 drm/amd/display: Validate function returnsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-46705 drm/xe: reset mmio mappings with devmInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-46778 drm/amd/display: Check UnboundedRequestEnabled's valueInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2023-6606 Kernel: out-of-bounds read vulnerability in smbcalcsizeInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCEInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 7[−]
28 JunWeek in review: Fortibleed campaign’s impact on orgs, Cisco Unified CM flaw exploitedHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Encrypted DNS still tells an eavesdropper where to look Encrypted DNS runs across much of the Internet. DNS over TLS, HTTPS, and QUIC keep the contents of a query away from anyone wa…HELPNETSECURITY.COM
28 JunData breach exposes up to 14.2 million email logins at six ISPsJapanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country. [...]BLEEPINGCOMPUTER.COM
28 JunAssuranceAmerica breach may have affected more than 1.1 million people in seven statesKrys Shahin and Christopher Buchanan report: State officials are warning at least 1.1 million people across seven states may be impacted by an AssuranceAmerica data breach. Notices about the breach were sent to California, Massachusetts, Nebraska, South Carolina, Texas, Vermont, …DATABREACHES.NET
28 JunNZ pharmacy scrambles to scrub internet of patients’ private messagesMary Argue reports: A Wellington pharmacy at the centre of a data leak says sensitive patient information has now been scrubbed from the internet. Unichem Petone said it was contacting 29 patients affected by what it described as an error on the website that saw patients’ p…DATABREACHES.NET
28 JunSysco - 2,691,852 breached accountsIn June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign . Data was subsequently published containing 2.7M unique email addresses belonging to staff and customers. The data also contained largely corporate contact informati…HAVEIBEENPWNED.COM
28 JunKDDI Data Breach Impacts up to 14.2 Million Email Accounts at Six ISPsKDDI Corporation disclosed a breach affecting up to 14.2 million email accounts after attackers exploited a vulnerability in third-party software. KDDI Corporation disclosed a data breach that exposed up to 14.2 million email accounts across six Japanese internet service provider…SECURITYAFFAIRS.COM
28 JunA KDDI data breach has put up to 14.2 million ISP email logins at risk across JapanJames Whitmore reports: Data breach at Japanese telecoms operator KDDI may have exposed up to 14.22 million email addresses and passwords linked to ISP mail services, after attackers gained unauthorised access to a system used by six providers in Japan. KDDI said it confirmed the…DATABREACHES.NET
🔥 INCIDENT REPORTING 1[−]
28 JunSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 103Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers   A VBScript …SECURITYAFFAIRS.COM
🕵️ THREAT INTELLIGENCE 1[−]
28 JunYARA-X 1.18.0 and 1.19.0 Release, (Sun, Jun 28th)YARA-X&#;x26;#;39;s 1.18.0 release brings 3 improvements and 2 bugfixes. ISC.SANS.EDU
🌐 CYBER THREAT LANDSCAPE 2[−]
28 JunSpace supply chain pressures.Despite the space sector seeing greater investment and attention year-over-year, the sector still remains bound by an outdated and ineffective supply chain, especially in the United States. In this week’s episode, host Maria Varmazis sits down with ⁠Doug Anderson⁠, Partner at ⁠Pw…THECYBERWIRE.COM
28 JunSpace’s fragile supply chain.This week on T-Minus: Space-Cyber Briefing: we look at recent research that examines the US’s current space supply chain. Despite increased investment and growing demand for space capabilities, the industry’s supply chain remains vulnerable to bottlenecks, shortages, and external…THECYBERWIRE.COM
🎙️ PODCASTS 1[−]
28 JunUniting Women in Cyber Podcast: Breaking Barriers in Cybersecurity with Cybersecurity Girl.In this Special Edition episode, N2K CyberWire's ⁠Dave Bittner⁠ sits down with ⁠Caitlin Sarian⁠, widely known as ⁠Cybersecurity Girl⁠, to explore how storytelling, authenticity, and community are reshaping a more human-centered cybersecurity landscape.THECYBERWIRE.COM
📡 INFOSEC NEWS 1[−]
28 JunSecurity Affairs newsletter Round 583 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New FBI Alert: Russian Intell…SECURITYAFFAIRS.COM