Compliance Roundup - July 12, 2025

Top 5 Critical Compliance Alerts

• Most Organizations Adopting AI Without Strategy as Risks Mount — Leading firms leverage AI across governance functions; privacy deletion requests surge 82%; employees struggle with AI-powered threats; payment system attacks predicted in hospitality sector. Read more
• Why a Sophisticated Criminal Network Stayed Hidden Until Someone Connected the Dots — Foiling coordinated TBML schemes requires real-time, automated capabilities. Read more
• Global M&A Trends and Risks Report 2025 — Report on global M&A trends and risks. Read more
• SmartSearch Partners With Plannr for AML Compliance Integration — SmartSearch integrates AML verification into Plannr's CRM for financial planners. Read more
• Lab 1 Launches File Preview Feature for Data Breach Analysis — Lab 1 launches file preview to safely view exposed files from data breaches. Read more

Regulatory Updates

• Most Organizations Adopting AI Without Strategy as Risks Mount — Leading firms leverage AI across governance functions; privacy deletion requests surge 82%; employees struggle with AI-powered threats; payment system attacks predicted in hospitality sector. Read more

Audit & Monitoring Tools

• Lab 1 Launches File Preview Feature for Data Breach Analysis — Lab 1 launches file preview to safely view exposed files from data breaches. Read more
• Allianz Commercial Launches Climate Risk Assessment Platform — Allianz launches a platform to evaluate how natural disasters will affect assets. Read more
• de.iterate Adds AI Features to Compliance Platform — de.iterate integrates AI into its compliance platform to simplify compliance programs. Read more
• Panzura Adds Permission Management Tools to Symphony Platform — Panzura adds ACL analysis and remediation to its Symphony platform. Read more

Third-Party Risk & Due Diligence

• SmartSearch Partners With Plannr for AML Compliance Integration — SmartSearch integrates AML verification into Plannr's CRM for financial planners. Read more

Policy & Governance Updates

• Global M&A Trends and Risks Report 2025 — Report on global M&A trends and risks. Read more

Continue reading

Privacy Insights Digest - July 12, 2025

Top 5 Critical Privacy Alerts

• TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC — TikTok faces further scrutiny as it loses an appeal against a UK fine and is under investigation by the Irish DPC. Read more
• German court offers EUR 5000 compensation for data breaches caused by Meta — A German court awarded Facebook users EUR 5000 for GDPR breaches via Meta's Business Tools, setting a precedent. Read more
• The Healthline Order: Privacy law grows teeth — A proposed $1.55 million CCPA settlement with Healthline marks a pivotal moment in American consumer privacy enforcement. Read more

Privacy Laws & Regulations (GDPR, CPRA, CCPA, AI Acts)

• Council and Parliament Agree on Key Reforms to the EU ADR Framework — The EU is modernizing its alternative dispute resolution framework for consumer matters, updating the ADR Directive. Read more
• The ICO's AI and biometrics strategy — The UK's ICO launched a strategy to increase scrutiny of AI and biometrics, focusing on high-stakes and concerning technologies. Read more
• The Healthline Order: Privacy law grows teeth — A proposed $1.55 million CCPA settlement with Healthline marks a pivotal moment in American consumer privacy enforcement. Read more

Regulatory Fines & Enforcement Actions

• TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC — TikTok faces further scrutiny as it loses an appeal against a UK fine and is under investigation by the Irish DPC. Read more

Continue reading

Security Threat Summary - July 12, 2025

Top 5 Critical Security Alerts

• Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild — A maximum-severity security flaw in Wing FTP Server is under active exploitation, allowing for remote code execution. Read more
• Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) — A critical SQL injection vulnerability in FortiWeb could allow unauthenticated attackers to run arbitrary database commands. Read more
• CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises — CISA has added a critical security flaw in Citrix NetScaler ADC and Gateway to its KEV catalog, confirming active exploitation. Read more
• 350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE — Multiple vehicles and devices are vulnerable to remote code execution via the PerfektBlue exploit chain. Read more
• PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution — Flaws in OpenSynergy's BlueSDK Bluetooth stack could allow remote code execution on millions of vehicles. Read more

Threat Intelligence

• Pay2Key Ransomware Gang Resurfaces With Incentives to Attack US, Israel — The Iranian-linked Pay2Key ransomware operation is offering increased profit shares for attacks on Western targets. Read more
• Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals — Pay2Key, linked to Fox Kitten, is offering larger payouts for attacks against Israel and the U.S. Read more
• Russian basketball player arrested in ransomware case despite being "useless with computers" — A Russian basketball player has been arrested for allegedly acting as a negotiator for a ransomware gang. Read more

Security Breaches & Incidents

• Paddy Power and BetFair have suffered a data breach — An unauthorized third party gained access to betting account information of up to 800,000 customers. Read more

Security Tools & Best Practices

• As Cyber-Insurance Premiums Drop, Coverage Is Key to Resilience — Cyber-insurance premiums are declining, but coverage remains crucial for managing risks. Read more
• Factoring Cybersecurity Into Finance's Digital Strategy — Financial institutions must prioritize cybersecurity to succeed in their digital transformation efforts. Read more

Emerging Security Technologies

• Securing Data in the AI Era — Enterprises face data loss risks from AI-fueled tools, necessitating a unified, AI-driven approach to data security. Read more

Continue reading

[CVE] 61 changes on Linux, Microsoft

New OpenCVE notification

This email has been sent from the Critical Vulnerabilities notification of the securityinsights/CVE project. 61 vulnerabilities have been updated on 2025-07-11 between 13:00 and 13:59. Critical Vulnerabilities (3) CVE-2024-43498 - 9.8 .NET and Visual Studio Remote Code Execution Vulnerability Changes: metrics Subscriptions: Linux, Microsoft CVE-2024-49388 - 9.1 Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. Changes: metrics Subscriptions: Linux, Microsoft CVE-2022-31656 - 9.8 VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain... Changes: metrics Subscriptions: Linux, Microsoft None Vulnerabilities (58) CVE-2016-10277 - No CVSS v3.1 An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the... Changes: metrics Subscriptions: Linux CVE-2017-7157 - No CVSS v3.1 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before... Changes: metrics Subscriptions: Microsoft CVE-2018-14617 - No CVSS v3.1 An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+... Changes: metrics Subscriptions: Linux CVE-2017-13856 - No CVSS v3.1 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before... Changes: metrics Subscriptions: Microsoft CVE-2018-12778 - No CVSS v3.1 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Changes: metrics Subscriptions: Microsoft CVE-2018-12850 - No CVSS v3.1 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Changes: metrics Subscriptions: Microsoft CVE-2017-13866 - No CVSS v3.1 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before... Changes: metrics Subscriptions: Microsoft CVE-2018-14612 - No CVSS v3.1 An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation... Changes: metrics Subscriptions: Linux CVE-2013-4312 - No CVSS v3.1 The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to... Changes: metrics Subscriptions: Linux CVE-2016-1008 - No CVSS v3.1 Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows... Changes: metrics Subscriptions: Microsoft CVE-2016-2186 - No CVSS v3.1 The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a... Changes: metrics Subscriptions: Linux CVE-2005-1987 - No CVSS v3.1 Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with... Changes: metrics Subscriptions: Microsoft CVE-2018-12840 - No CVSS v3.1 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Changes: metrics Subscriptions: Microsoft CVE-2018-12801 - No CVSS v3.1 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Changes: metrics Subscriptions: Microsoft CVE-2013-4470 - No CVSS v3.1 The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system... Changes: metrics Subscriptions: Linux CVE-2006-2071 - No CVSS v3.1 Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some... Changes: metrics Subscriptions: Linux CVE-2006-6057 - No CVSS v3.1 The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that... Changes: metrics Subscriptions: Linux CVE-2017-7156 - No CVSS v3.1 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before... Changes: metrics Subscriptions: Microsoft CVE-2015-2344 - No CVSS v3.1 Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Changes: metrics Subscriptions: Linux CVE-2006-6053 - No CVSS v3.1 The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures. Changes: metrics Subscriptions: Linux CVE-2006-6056 - No CVSS v3.1 Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer... Changes: metrics Subscriptions: Linux CVE-2018-12775 - No CVSS v3.1 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Changes: metrics Subscriptions: Microsoft CVE-2016-2188 - No CVSS v3.1 The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a... Changes: metrics Subscriptions: Linux CVE-2018-12849 - No CVSS v3.1 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Changes: metrics Subscriptions: Microsoft CVE-2006-6054 - No CVSS v3.1 The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length... Changes: metrics Subscriptions: Linux CVE-2017-18257 - No CVSS v3.1 The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with... Changes: metrics Subscriptions: Linux CVE-2017-13864 - No CVSS v3.1 An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man-in-the-middle... Changes: metrics Subscriptions: Microsoft CVE-2002-1217 - No CVSS v3.1 Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities... Changes: metrics Subscriptions: Microsoft CVE-2018-14613 - No CVSS v3.1 An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item... Changes: metrics Subscriptions: Linux CVE-2013-4299 - No CVSS v3.1 Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. Changes: metrics Subscriptions: Linux CVE-2018-14615 - No CVSS v3.1 An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative. Changes: metrics Subscriptions: Linux CVE-2017-7160 - No CVSS v3.1 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before... Changes: metrics Subscriptions: Microsoft CVE-2006-6060 - No CVSS v3.1 The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite... Changes: metrics Subscriptions: Linux CVE-2017-18249 - No CVSS v3.1 The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have... Changes: metrics Subscriptions: Linux CVE-2018-14614 - No CVSS v3.1 An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image. Changes: metrics Subscriptions: Linux CVE-2018-14616 - No CVSS v3.1 An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image. Changes: metrics Subscriptions: Linux CVE-2015-6184 - No CVSS v3.1 The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed... Changes: metrics Subscriptions: Microsoft CVE-2003-0109 - No CVSS v3.1 Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request... Changes: metrics Subscriptions: Microsoft CVE-2018-14609 - No CVSS v3.1 An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc... Changes: metrics Subscriptions: Linux CVE-2018-14634 - No CVSS v3.1 An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges... Changes: metrics Subscriptions: Linux CVE-2018-14611 - No CVSS v3.1 An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in... Changes: metrics Subscriptions: Linux CVE-2017-18255 - No CVSS v3.1 The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via... Changes: metrics Subscriptions: Linux CVE-2002-1444 - No CVSS v3.1 The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small... Changes: metrics Subscriptions: Microsoft CVE-2017-13870 - No CVSS v3.1 An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before... Changes: metrics Subscriptions: Microsoft CVE-2018-15967 - No CVSS v3.1 Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure. Changes: metrics Subscriptions: Linux, Microsoft CVE-2007-2291 - No CVSS v3.1 CRLF injection vulnerability in the Digest Authentication support for Microsoft Internet Explorer 7.0.5730.11 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute. Changes: metrics Subscriptions: Microsoft CVE-2010-0307 - No CVSS v3.1 The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which... Changes: metrics Subscriptions: Linux CVE-2016-0823 - No CVSS v3.1 The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap... Changes: metrics Subscriptions: Linux CVE-2018-14610 - No CVSS v3.1 An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verification that each block... Changes: metrics Subscriptions: Linux CVE-2016-2185 - No CVSS v3.1 The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a... Changes: metrics Subscriptions: Linux CVE-2006-6058 - No CVSS v3.1 The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the... Changes: metrics Subscriptions: Linux CVE-2018-13100 - No CVSS v3.1 An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. Changes: metrics Subscriptions: Linux CVE-2019-7221 - No CVSS v3.1 The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. Changes: metrics Subscriptions: Linux CVE-2016-2184 - No CVSS v3.1 The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference... Changes: metrics Subscriptions: Linux CVE-2018-13098 - No CVSS v3.1 An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode. Changes: metrics Subscriptions: Linux CVE-2018-12848 - No CVSS v3.1 Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code... Changes: metrics Subscriptions: Microsoft CVE-2019-3701 - No CVSS v3.1 An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The... Changes: metrics Subscriptions: Linux CVE-2018-13097 - No CVSS v3.1 An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial... Changes: metrics Subscriptions: Linux

© 2025 OpenCVE, All rights reserved Update your notifications to unsubscribe this notification

Continue reading