TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on...

The vulnerability of the IBM DevOps Velocity lifecycle management platform (formerly known as IBM UrbanCode Velocity) relates to the use of cryptographic algorithms that contain defects, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the IBM DevOps Velocity formerly IBM UrbanCode Velocity lifecycle management platform is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to...

The vulnerability of IBM Concert Software’s artificial intelligence-based automation tools, related to the use of cryptographic algorithms containing defects, allows attackers to gain unauthorized access to protected information.

The vulnerability of IBM Concert Software’s artificial intelligence-based automation tools lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to protected information...

CVE-2024-22347

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-22347 IBM UrbanCode Velocity information disclosure

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-22347

CVE-2024-22347 (IBM UrbanCode Velocity / IBM DevOps Velocity) affects IBM UrbanCode Velocity 4.0.0 – 4.0.25 and IBM DevOps Velocity 5.0.0. The vulnerability stems from the use of weaker-than-expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. ...

CVE-2024-22347 IBM UrbanCode Velocity information disclosure

IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to improper handling of attacker-controlled checksum lengths s2length in the code. An anonymous client can leverage this overflow, together with the stack memory exposure described in CVE-2024-12085 to...

The vulnerability of the Acronis CyberProtect Cloud data protection software for Linux operating systems allows attackers to compromise the integrity of the protected information.

The vulnerability of Acronis Cyber ​​Protect Cloud, a cloud-based data protection software for Linux operating systems, stems from the use of cryptographic algorithms that contain vulnerabilities when processing RPM packages. Exploiting this vulnerability could allow attackers to compromise the...

openSUSE Security Advisory (SUSE-SU-2025:0005-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7182-1 ceph vulnerability

It was discovered that Ceph incorrectly handled unsupported JWT algorithms in the RadosGW gateway. An attacker could possibly use this issue to bypass certain authentication checks and restrictions...

USN-7182-1: Ceph vulnerability

It was discovered that Ceph incorrectly handled unsupported JWT algorithms in the RadosGW gateway. An attacker could possibly use this issue to bypass certain authentication checks and restrictions...

CVE-2024-41763

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

CVE-2024-41763

IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 and 7.0.3 are affected by a cryptographic weakness that could allow an attacker to decrypt highly sensitive information. The issue stems from weaker-than-expected cryptographic algorithms used in PUB, as described in multiple connec...

CVE-2024-41763 IBM Engineering Lifecycle Optimization - Publishing information disclosure

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : liboqs, oqs-provider (SUSE-SU-2025:0005-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0005-1 advisory. This update supplies the new FIPS standardized ML-KEM, ML-DSA, SHL-DSA algorithms. This update...

Security Bulletin: BM Engineering Lifecycle Optimization - Publishing uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Summary Weak cryptographic hashes cannot guarantee data integrity and should not be used in security-critical contexts. MD5 and SHA-1 are popular cryptographic hash algorithms often used to verify the integrity of messages and other data. Recent advances in cryptanalysis have discovered weaknesse...

libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the...

libreswan: Regression of CVE-2023-30570 fixes in the Red Hat Enterprise Linux

A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the...

SUSE-SU-2025:0005-1 Security update for liboqs, oqs-provider

This update for liboqs, oqs-provider fixes the following issues: This update supplies the new FIPS standardized ML-KEM, ML-DSA, SHL-DSA algorithms. This update liboqs to 0.12.0: - This release updates the ML-DSA implementation to the final FIPS 204 version. This release still includes the NIST...