Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That's according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called...

A Quantum-Secure Voting Framework Using QKD, Dual-Key Symmetric Encryption, and Verifiable Receipts

Electronic voting systems face growing risks from cyberattacks and data breaches, which are expected to intensify with the advent of quantum computing. To address these challenges, we introduce a quantum-secure voting framework that integrates Quantum Key Distribution QKD, Dual-Key Symmetric...

Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPs

The Computer Emergency Response Team of Ukraine CERT-UA has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in September 2025, has been attributed to a threat cluster it tracks as UAC-0245. The agency said it spotted the attack...

Computational Monogamy of Entanglement and Non-Interactive Quantum Key Distribution

Quantum key distribution QKD enables Alice and Bob to exchange a secret key over a public, untrusted quantum channel. Compared to classical key exchange, QKD achieves everlasting security: after the protocol execution the key is secure against adversaries that can do unbounded computations. On th...

Probeless Vs Probe-Based Variable-Strength Eavesdropping in Quantum Key Distribution

Quantum key distribution QKD is a provably secure way of generating a secret key, which can later be used for encoding and decoding information. In this paper we analyze the effects of an eavesdropper's variable-strength measurements on QKD. Two types of measurements have been considered: i a...

EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations

Threat actors have been observed using seemingly legitimate artificial intelligence AI tools and software to sneakily slip malware for future attacks on organizations worldwide. According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various...

Linux Distros Unpatched Vulnerability : CVE-2025-10925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on...

SUSE CVE-2025-59354

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This...

Malicious code in @vietnetco-distribution/internal-sdk (npm)

--- -= Per source details. Do not edit below this line.=-...

org.apache.iotdb:integration-test (>=1.3.3 <=2.0.1-beta), org.apache.iotdb:iotdb-distribution (>=1.3.3 <=2.0.1-beta) potentially affected by CVE-2025-48459 via org.apache.iotdb:iotdb-confignode (>=1.3.3 <=2.0.1-beta)

org.apache.iotdb:iotdb-confignode MAVEN version =1.3.3, =1.3.3, =1.3.3, =2.0.1-beta Source cves: CVE-2025-48459 Source advisory: OSV:GHSA-776Q-JW43-FHJX...

CVE-2025-57682

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...

CVE-2025-57682

Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API...

CVE-2025-59351

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the first return value of a function is dereferenced even when the function returns an error. This can result in a nil dereference, and cause code to panic. This vulnerability is fixed in 2.1.0...

CVE-2025-59333

The mcp-database-server MCP Server 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm distribution; other distributions are not...

CVE-2025-59347

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verification in HTTP clients. The clients are not configurable, so users have no way to re-enable the verification. A Manager processes dozens of preheat job...

CVE-2025-59410

Dragonfly CVE-2025-59410 affects the scheduler used for downloading tiny files prior to version 2.1.0, where the code path defaults to HTTP instead of HTTPS. This enables a potential Man-in-the-Middle attack to alter the data piece downloaded during the process. The issue is fixed in 2.1.0. The a...

CVE-2025-59351 Dragonfly possibly panics due to nil pointer dereference when using variables created alongside an error

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the first return value of a function is dereferenced even when the function returns an error. This can result in a nil dereference, and cause code to panic. This vulnerability is fixed in 2.1.0...

CVE-2025-59333 @executeautomation/database-server does not properly restrict access, bypassing a "read-only" mode

The mcp-database-server MCP Server 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm distribution; other distributions are not...

CVE-2025-59333 @executeautomation/database-server does not properly restrict access, bypassing a "read-only" mode

The mcp-database-server MCP Server 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm distribution; other distributions are not...

Linux Distros Unpatched Vulnerability : CVE-2020-18734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack buffer overflow in /ddsi/qbitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. CVE-2020-18734 Note that Nessus...