CVE-2025-45768

A flaw was found in pyjwt. The library uses weak encryption, allowing an attacker to potentially decrypt sensitive data. A network-based attacker can exploit this vulnerability without authentication, possibly resulting in a denial of service or data exposure. This weakness stems from the use of...

CVE-2025-54535

In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms...

FunkSec Ransomware Decryptor Released Free to Public After Group Goes Dormant

Cybersecurity experts have released a decryptor for a ransomware strain called FunkSec, allowing victims to recover access to their files for free. "Because the ransomware is now considered dead, we released the decryptor for public download," Gen Digital researcher Ladislav Zezula said. FunkSec,...

RLSA-2025:4051 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS CVE-2024-12243 For more details...

Can We End the Cat-And-Mouse Game? Simulating Self-Evolving Phishing Attacks with LLMs and Genetic Algorithms

Anticipating emerging attack methodologies is crucial for proactive cybersecurity. Recent advances in Large Language Models LLMs have enabled the automated generation of phishing messages and accelerated research into potential attack techniques. However, predicting future threats remains...

CVE-2025-54535

CVE-2025-54535 affects JetBrains TeamCity versions prior to 2025.07, where password reset and email verification tokens were secured with weak hashing algorithms. The available documents describe the affected component and the root cause (weak hash usage for tokens) but do not provide explicit ex...

CVE-2025-54535

In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms...

On Anti-Collusion Codes for Averaging Attack in Multimedia Fingerprinting

Multimedia fingerprinting is a technique to protect the copyrighted contents against being illegally redistributed under various collusion attack models. Averaging attack is the most fair choice for each colluder to avoid detection, and also makes the pirate copy have better perceptional quality...

CVE-2025-7398

The CVE-2025-7398 issue affects Brocade ASCG prior to version 3.3.0. The vulnerability arises from the use of medium-strength cryptography on internal ports 9000 and 8036, potentially reducing cryptographic strength for traffic on those ports. Descriptions across multiple sources consistently ref...

Adversarial Attacks to Image Classification Systems Using Evolutionary Algorithms

Image classification currently faces significant security challenges due to adversarial attacks, which consist of intentional alterations designed to deceive classification models based on artificial intelligence. This article explores an approach to generate adversarial attacks against image...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: CVE-2024-12224: idna: Fixed improper validation in punycode bsc1243861 Update to version 0.2.7+70: builddeps: bump wiremock from 0.6.2 to 0.6.3 builddeps: bump uuid from 1.16.0 to 1.17.0 lib: Introduce AgentIdentity structure gitignore: Add...

The vulnerability of the Microsoft 365 Apps for Enterprise package, related to the use of cryptographic algorithms containing defects, allows a hacker to circumvent security restrictions.

The vulnerability of the Microsoft 365 Apps for Enterprise package is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker to circumvent security restrictions...

CVE-2025-42979

The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive o...

Siemens多款产品 加密问题漏洞

Siemens RUGGEDCOM i800, among others, is a switch from Siemens, a German company. A vulnerability exists in various Siemens products due to an encryption issue that stems from the use of insecure encryption algorithms, which could lead to a man-in-the-middle attack. The following products and...

PT-2025-28294 · Guixt · Guixt

Name of the Vulnerable Software and Affected Versions: GuiXT affected versions not specified Description: The issue concerns the use of obfuscation algorithms instead of secure symmetric ciphers for storing RFC user credentials on the client PC. This leads to a high impact on confidentiality, as ...

The vulnerability of the Transport Layer Security library GnuTLS, related to the use of cryptographic algorithms containing defects, allows attackers to gain access to confidential data.

The vulnerability of the GnuTLS transport layer security library is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data...

AIDE 0.19.1

AIDE Advanced Intrusion Detection Environment is a free replacement for Tripwiretm. It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms ...

Practical and Accurate Local Edge Differentially Private Graph Algorithms

Whitepaper called Practical And Accurate Local Edge Differentially Private Graph Algorithms...

GHSA-H7CP-R72F-JXH6 pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos

Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...

pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos

Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...