RSS HKCERT

  • Jenkins Multiple Vulnerabilities September 18, 2025
    Multiple vulnerabilities were identified in Jenkins. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, denial of service condition, sensitive information disclosure and security restriction bypass on the targeted system. Impact Security Restriction Bypass Information Disclosure Data Manipulation Denial of Service System / Technologies affected Jenkins weekly 2.527 and earlier Jenkins LTS 2.516.2 […]
  • Aruba Products Multiple Vulnerabilities September 18, 2025
    Multiple vulnerabilities were identified in Aruba Products. A remote attacker could exploit this vulnerability to trigger security restriction bypass, sensitive information disclosure, data manipulation and remote code execution on the targeted system. Impact Remote Code Execution Data Manipulation Information Disclosure Security Restriction Bypass System / Technologies affected HPE Aruba Networking EdgeConnect SD-WAN Gateways running:   9.5.x.x: […]
  • Google Chrome Multiple Vulnerabilities September 18, 2025
    Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and information disclosure on the targeted system.   Note: CVE-2025-10585 is being exploited in the wild. ... Impact Remote Code Execution Denial of Service Information Disclosure System / Technologies affected Google Chrome prior […]
  • Mozilla Products Multiple Vulnerabilities September 17, 2025
    Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, sensitive information disclosure, spoofing and security restriction bypass on the targeted system. Impact Security Restriction Bypass Spoofing Information Disclosure Remote Code Execution System / Technologies affected Versions prior to:   Firefox 143 Firefox ESR 115.28 […]
  • [Security Blog] Hackers’ New Partner: Weaponized AI for Cyber Attacks! HKCERT Exposes Six Emerging AI-assisted Attacks September 16, 2025
    <p>In recent years, artificial intelligence (AI) technology has advanced rapidly. Large language models (LLMs) and generative models have been widely applied in writing, reasoning, and generating images and videos. At the same time, <strong>the Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)</strong> warns that hackers are also weaponising AI for various cyberattacks, making defence […]
  • Apple Products Multiple Vulnerabilities September 16, 2025
    Multiple vulnerabilities were identified in Apple Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, spoofing, remote code execution, sensitive information disclosure, data manipulation and security restriction bypass on the targeted system.   Note... Impact Denial of Service Remote Code Execution Elevation of Privilege Security […]
  • Microsoft Edge Multiple Vulnerabilities September 12, 2025
    Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution on the targeted system. Impact Remote Code Execution System / Technologies affected Microsoft Edge version prior to 140.0.3485.66 Solutions Before installation of the software, please visit the software vendor web-site for more details. Apply […]
  • GitLab Multiple Vulnerabilities September 11, 2025
    Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure and denial of service condition on the targeted system. Impact Denial of Service Information Disclosure System / Technologies affected GitLab Community Edition (CE) versions prior to 18.3.2, 18.2.6 and 18.1.6 GitLab Enterprise Edition (EE) versions […]
  • Cisco IOS XR Multiple Vulnerabilities September 11, 2025
    Multiple vulnerabilities were identified in Cisco IOS XR. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and security restriction bypass on the targeted system. Impact Denial of Service Security Restriction Bypass System / Technologies affected Cisco IOS XR For affected devices, please refer to the link issued by the […]
  • Microsoft Monthly Security Update (September 2025) September 10, 2025
    Microsoft has released monthly security update for their products:   Vulnerable Product Risk Level Impacts Notes Windows Medium Risk Denial of Service Elevation of Privilege Remote Code Execution Information Disclosure Security Restriction Bypass   SQL Server Medium Risk ... Impact Remote Code Execution Elevation of Privilege Information Disclosure Denial of Service Spoofing Security Restriction Bypass […]