-
A denial-of-service flaw in the Linux kernel’s KSMBD (SMB Direct) subsystem has raised alarms across the open-source community. Tracked as CVE-2025-38501, the issue allows a remote, unauthenticated adversary to exhaust all available SMB connections by exploiting the kernel’s handling of half-open TCP sessions. Key Takeaways1. CVE-2025-38501 lets attackers exhaust KSMBD connections via half-open TCP handshakes.2. […] The post Linux Kernel’s KSMBD Subsystem Vulnerability Let Remote Attackers Exhaust Server Resources appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A large-scale supply chain attack dubbed “Shai-Halud” that infiltrated the JavaScript ecosystem via the npm registry. In total, 477 packages, including packages from CrowdStrike, were found to contain stealthy backdoors and trojanized modules designed to siphon credentials, exfiltrate source code, and enable remote code execution (RCE) on developer machines. Key Takeaways1. Obfuscated backdoors hit 477 npm packages […] The post Massive “Shai-Halud” Supply Chain Attack Compromised 477 NPM Packages appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in Windows Boot Manager, known as bitpixie, enables attackers to bypass BitLocker drive encryption and escalate local privileges on Windows systems. The vulnerability affects boot managers from 2005 to 2022 and can still be exploited on updated systems through downgrade attacks, posing significant risks to enterprise security. Key Takeaways1. Bitpixie lets attackers bypass BitLocker […] The post Hackers Can Exploit Bitpixie Vulnerability to Bypass BitLocker Encryption and Escalate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A major supply chain attack dubbed “Shai-Halud” has impacted the JavaScript ecosystem by targeting over 477 NPM packages, raising serious concerns among developers and organizations relying on software from the Node Package Manager (NPM) re…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability nicknamed “BitPixie” in Windows Boot Manager allows attackers to bypass BitLocker drive encryption and escalate privileges, security researchers have revealed. The flaw exploits a weakness in the PXE soft reboot fea…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability in the Linux kernel’s KSMBD implementation has been discovered that allows remote attackers to completely exhaust server connection resources through a simple denial-of-service attack. The flaw, tracked as CVE-2025-38501 …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A security vulnerability has been discovered in LG WebOS TV systems that allows attackers to gain complete control over affected devices by bypassing authentication mechanisms. The vulnerability, disclosed during the TyphoonPWN 2025 LG Category competi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A major data breach at American First Finance, LLC has exposed sensitive information for nearly 700,000 customers. The breach, which occurred on May 31, 2024, was discovered over a year later on June 18, 2025. An ex-employee of the financial services f…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical vulnerability has been discovered in LG’s WebOS for smart TVs, allowing an attacker on the same local network to bypass authentication mechanisms and achieve full control over the device. The flaw, which affects models like the LG WebOS 43UT8050, enables unauthenticated attackers to gain root access, install malicious applications, and completely compromise the […] The post LG WebOS TV Vulnerability Let Attackers Bypass Authentication and Enable Full Device Takeover appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Luxury retail giant Kering has confirmed a major data breach affecting its top fashion houses, including Gucci, Balenciaga, and Alexander McQueen. The cybercriminal group known as Shiny Hunters claims to have stolen private details tied to as many as 7…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
