#linux

# Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An attacker could exploit this vulnerability by placing files in particular locations, leading to unintended code execution. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/runtime/issues/116495 ## <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 8.0 application running on .NET 8.0.16 or earlier. * Any .NET 9.0 application running on .NET 9.0.5 or earlier. ## <a name="affected-packages"></a>Affected Packages The vulnerability affects any M...

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

A list of topics we covered in the week of June 1 to June 7 of 2025

Red Hat is built on open source, a global decentralized and transparent community of international engineers who put security at the forefront of technology. Red Hat Enterprise Linux (RHEL) is the trusted operating system (OS) used by more than 90% of Fortune 500 companies and customers in more than 174 countries. This trust is earned largely due to RHEL's reliability and stability as well as Red Hat's long history of actively contributing to open source projects. There is one key factor that is often discounted with respect to the Linux OS, however, which is its reputation for having enhanced

Open source has always been paradoxical: it's software developed by passionate developers and given away for free, yet it's monetized and funded by some of the largest companies in the world. An underdog, once called "a cancer," and yet it's the single largest driver of innovation and technological progress we have ever seen. In the world of open source, paradox will always exist, but nowhere more so than in the understanding of security vulnerabilities.Twenty-five years ago, the Common Vulnerabilities and Exposures (CVE) program was established to standardize the naming and tracking of softw

How to update Chrome on every Operating System (Windows, Mac, Linux, Chrome OS, Android, iOS)

Grab a large sweet tea or a cup of coffee and read the 2024 Product Security Risk Report from Red Hat Product Security. As someone striving to stay informed about the open source ecosystem and its security challenges, I found this year's report noticeably longer, but the depth and detail didn’t disappoint. In fact, one notable addition to this year’s report is the discussion of AI. The numbers game: up, up, and...wait, what?First, let’s break down the raw numbers. Red Hat Security Advisories (RHSA) hit a new peak in 2024, clocking in at 2975. There has been a steady increase over the pa

A buffer overflow vulnerability exists in the mstp.ko kernel module, responsible for processing BACnet MS/TP frames over serial (RS485). The SendFrame() function writes directly into a statically sized kernel buffer (alloc_entry(0x1f5)) without validating the length of attacker-controlled data (param_5). If an MS/TP frame contains a crafted payload exceeding 492 bytes, the function performs out-of-bounds writes beyond the allocated 501-byte buffer, corrupting kernel memory. This flaw allows local or physically connected attackers to trigger denial-of-service or achieve remote code execution in kernel space. Tested against version 3.08.03 with a custom BACnet frame over /dev/ttyS0.

Google has released an important update for Chrome, patching one actively exploited zero-day and two other security flaws

Threat hunters are calling attention to a new variant of a remote access trojan (RAT) called Chaos RAT that has been used in recent attacks targeting Windows and Linux systems. According to findings from Acronis, the malware artifact may have been distributed by tricking victims into downloading a network troubleshooting utility for Linux environments. "Chaos RAT is an open-source RAT written in