Sednit abuses XSS flaws to hit gov’t entities, defense companies

May 17, 2025

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU

Source: Read More

Previous ArticleLockBit Leak Reveals Details About Ransom Payments, Vulnerabilities and RaaS Operations

Next Article Operation RoundPress

Highlights

CVE-2025-37987 – Linux PDS Core AdminQ Overflow/Stuck Condition Vulnerability

May 20, 2025

CVE ID : CVE-2025-37987

Published : May 20, 2025, 6:15 p.m. | 34 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

pds_core: Prevent possible adminq overflow/stuck condition

The pds_core’s adminq is protected by the adminq_lock, which prevents
more than 1 command to be posted onto it at any one time. This makes it
so the client drivers cannot simultaneously post adminq commands.
However, the completions happen in a different context, which means
multiple adminq commands can be posted sequentially and all waiting
on completion.

On the FW side, the backing adminq request queue is only 16 entries
long and the retry mechanism and/or overflow/stuck prevention is
lacking. This can cause the adminq to get stuck, so commands are no
longer processed and completions are no longer sent by the FW.

As an initial fix, prevent more than 16 outstanding adminq commands so
there’s no way to cause the adminq from getting stuck. This works
because the backing adminq request queue will never have more than 16
pending adminq commands, so it will never overflow. This is done by
reducing the adminq depth to 16.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

The impact of gray work on software development

CSS Intelligence: Speculating On The Future Of A Smarter Language

Your Roku has secret menus and screens – here’s how to unlock them

Add Paramount+, STARZ, and more to your Prime Video account for $0.99 a month – here’s how

My new favorite keychain accessory gives me 2TB of SSD storage instantly

HP’s latest OmniBook finally sold me on the 2-in-1 form factor (and it’s on sale)

Simplifying Stream Handling with Laravel’s resource Method

Simplifying Stream Handling with Laravel’s resource Method

Intelligent Parsing and Formatting of Names in PHP Applications

This Week in Laravel: Cursor Rules, Nightwatch Review, and Race Conditions

Microsoft confirms Windows 11 KB5060829 issues, but you can safely ignore it

Microsoft confirms Windows 11 KB5060829 issues, but you can safely ignore it

Hash Calculator – calculates around 50 cryptographic hashes of strings and files

Rilasciato Thunderbird 140 ESR: Un’attenzione alle esigenze aziendali

Sednit abuses XSS flaws to hit gov’t entities, defense companies

213% Increase in Ransomware Attacks Targeting Organizations With First Quarter of 2025

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)

Windows 11 Media Creation Tool downloads fresh 24H2 update for clean install

CVE-2025-46374 – Apache HTTP Server Cross-Site Request Forgery

Nvidia driver 572.83 is causing a black screen on Windows 11, Windows 10

CVE-2025-39348 – ThemeGoods Grand Restaurant WordPress Object Injection Vulnerability

CVE-2025-37987 – Linux PDS Core AdminQ Overflow/Stuck Condition Vulnerability

CVE-2024-1243 – Wazuh Agent for Windows UNC Path Manipulation Vulnerability

How MongoDB and Google Cloud Power the Future of In-Car Assistants

Journals and Contents: Two Special Pages in Logseq

Sednit abuses XSS flaws to hit gov’t entities, defense companies

Related Posts