Why I recommend this Asus laptop over the MacBook Pro to creators and professionals
The Asus ProArt P16 offers strong performance initially, with its customization options providing additional benefits for users.
Latest news – Read More
This $0.99-per-month Samsung tablet and smartwatch deal at AT&T is too good to ignore
When you buy the Z Flip 7 or Z Fold 7 through AT&T, you can snag a Galaxy Watch 8 and Tab A9+ 5G for just $0.99 a month.
Latest news – Read More
T‑Mobile’s Starlink service is now available to anyone on any carrier – how to sign up
T‑Satellite is officially out of beta. Anyone can sign up for the satellite texting service, including Verizon and AT&T customers.
Latest news – Read More
This soundbar delivers audio above its price point, and it’s not by Sonos or JBL
For its price, the Yamaha True X Bar has surprisingly strong bass and rich sound. It ranks among the best soundbar systems I’ve tested.
Latest news – Read More
AI slop and fake reports are exhausting some security bug bounties
“We’re getting a lot of stuff that looks like gold, but it’s actually just crap,” said the founder of one security testing firm. AI-generated security vulnerability reports are already having an effect on bug hunting, for better and worse.
Security News | TechCrunch – Read More
Google Photos is using AI to turn your photos into videos and remix them – try it for free
Watch your pictures come to life in six-second clips, or let Google’s AI edit your photos into an entirely different style like anime. Here’s how.
Latest news – Read More
Cybercrime Forum XSS Returns on Mirror and Dark Web 1 Day After Seizure
Cybercrime forum XSS is back online on its mirror and dark web domains just one day after seizure and admin arrest, but questions about its full return remain unanswered.
Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto – Read More
Translating Cyber-Risk for the Boardroom
When security leaders embrace this truth and learn to speak in the language of leadership, they don’t just protect the enterprise, they help lead it forward.
darkreading – Read More
Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2.
Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. The implementation of the database utilizes optimistic locking for concurrent operation.
The vulnerabilities mentioned in this blog post have been patched by the vendor, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
Comdb2 vulnerabilities
Discovered by a member of Cisco Talos.
Three null pointer dereference vulnerabilities exist in Bloomberg Comdb2 8.1. Two vulnerabilities (TALOS-2025-2197 (CVE-2025-36520) and TALOS-2025-2201 (CVE-2025-35966)) are in protocol buffer message handling, which can lead to denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability. TALOS-2025-2199 (CVE-2025-48498) is in the distributed transaction component. A specially crafted network packet can lead to a denial of service. An attacker can send packets to trigger this vulnerability.
There are also two denial-of-service vulnerabilities:
- TALOS-2025-2198 (CVE-2025-46354) exists in the Distributed Transaction Commit/Abort Operation of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
- TALOS-2025-2200 (CVE-2025-36512) exists in the Bloomberg Comdb2 8.1 database when handling a distributed transaction heartbeat. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.
Cisco Talos Blog – Read More
New York Seeking Public Opinion on Water Systems Cyber Regulations
The proposed cyber regulations include the implementation of incident reporting, response plans, and cybersecurity controls, training, and certification of compliance.
The post New York Seeking Public Opinion on Water Systems Cyber Regulations appeared first on SecurityWeek.
SecurityWeek – Read More