HPE urges immediate patching of OneView after critical security flaw found

Microsoft has issued an emergency patch for a worrying security flaw in its Office software. The vulnerability could allow hackers to access users' files if not updated promptly. The patch was released to address this critical issue.

December 22, 2025 由 AI 报道

WatchGuard has addressed a critical remote code execution vulnerability in its Firebox OS firewall software. The company urges users to update immediately to mitigate the risk. The flaw was identified by the firewall maker itself.

Korean Air, a major South Korean airline, has been affected by a supply-chain attack originating from Oracle, resulting in the exposure of thousands of its employees' information. The incident highlights vulnerabilities in third-party software services. Details emerged in a recent security report.

January 08, 2026 由 AI 报道

A critical vulnerability in the TLP Linux power management tool has been fixed after researchers discovered it allowed local attackers to bypass authentication and alter system settings. The flaw, identified in version 1.9.0 and tracked as CVE-2025-67859, stemmed from a race condition in the Polkit mechanism. TLP developers released version 1.9.1 on January 7, 2026, addressing the issue following coordinated disclosure.

Motherboards produced by major manufacturers including Gigabyte, MSI, ASUS, and ASRock are reportedly vulnerable to a new attack exploiting a UEFI flaw. This vulnerability allows direct memory access attacks on many popular devices. The issue was highlighted in a TechRadar report published on December 22, 2025.

November 07, 2025 由 AI 报道

Amazon Web Services has revealed a security flaw in its WorkSpaces client for Linux that allows local attackers to extract authentication tokens and access other users' virtual desktops. The vulnerability, CVE-2025-12779, affects client versions from 2023.0 to 2024.8 and carries a CVSS score of 8.8. AWS urges immediate upgrades to version 2025.0 or later to mitigate the risk.