Intel® Distribution for Python Software Installer Advisory

Summary: A potential security vulnerability for some Intel® Distribution for Python software installers may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-26470 Description: Incorrect default...

Obfuscated Quantum and Post-Quantum Cryptography

In this work, we present an experimental deployment of a new design for combined quantum key distribution QKD and post-quantum cryptography PQC. Novel to our system is the dynamic obfuscation of the QKD-PQC sequence of operations, the number of operations, and parameters related to the operations...

Linux Distros Unpatched Vulnerability : CVE-2023-52723

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a passwo...

[SECURITY] [DLA 4266-1] distro-info-data database update

Debian LTS Advisory DLA-4266-1 [email protected] https://www.debian.org/lts/security/ Stefano Rivera August 09, 2025 https://wiki.debian.org/LTS Package : distro-info-data Version : 0.51+deb11u9 This is a routine update of the distro-info-data database for Debian LTS users. It adds the...

Linux Distros Unpatched Vulnerability : CVE-2017-7674

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating tha...

org.open-metadata:openmetadata-dist (>=1.0.0 <=1.13.0-snapshot), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.13.0-snapshot) +1 more potentially affected by CVE-2025-50467 via org.open-metadata:openmetadata-service (>=1.0.0-alpha <=1.4.4)

org.open-metadata:openmetadata-service MAVEN version =1.0.0-alpha, =1.0.0, =1.12.0, =1.10.0, =1.13.0-snapshot Source cves: CVE-2025-50467 Source advisory: SNYK:JAVA-ORGOPENMETADATA-12009018...

Mitigating Distribution Shift in Graph-Based Android Malware Classification Via Function Metadata and LLM Embeddings

Graph-based malware classifiers can achieve over 94% accuracy on standard Android datasets, yet we find they suffer accuracy drops of up to 45% when evaluated on previously unseen malware variants from the same family - a scenario where strong generalization would typically be expected. This...

Label Inference Attacks against Federated Unlearning

Federated Unlearning FU has emerged as a promising solution to respond to the right to be forgotten of clients, by allowing clients to erase their data from global models without compromising model performance. Unfortunately, researchers find that the parameter variations of models induced by FU...

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems TDSs like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content. "The core of their operation is a sophisticated Malware-as-a-Service MaaS model, where...

Exploring Satellite Quantum Key Distribution under Atmospheric Constraints

Satellite Quantum Key Distribution creates a pathway for secure global communication with a level of security that is peerless. However, ground-to-satellite Quantum Key Distribution links are degraded due to the atmospheric turbulence. This paper gives a numerical framework using angular spectrum...

Secure and Practical Quantum Digital Signatures

Digital signatures represent a crucial cryptographic asset that must be protected against quantum adversaries. Quantum Digital Signatures QDS can offer solutions that are information-theoretically IT secure and thus immune to quantum attacks. In this work, we analyze three existing practical QDS...

Vision UI 安全特征问题漏洞

Vision UI is a UI component by the individual developer David Osipov. A security feature issue vulnerability exists in Vision UI version 1.4.0 and earlier, which stems from a 32-bit integer overflow in the getSecureRandomInt function, which may result in an uneven distribution of random numbers...

Cybersecurity of Quantum Key Distribution Implementations

Practical implementations of Quantum Key Distribution QKD often deviate from the theoretical protocols, exposing the implementations to various attacks even when the underlying ideal protocol is proven secure. We present new analysis tools and methodologies for quantum cybersecurity, adapting the...

SenseCrypt: Sensitivity-Guided Selective Homomorphic Encryption for Joint Federated Learning in Cross-Device Scenarios

Homomorphic Encryption HE prevails in securing Federated Learning FL, but suffers from high overhead and adaptation cost. Selective HE methods, which partially encrypt model parameters by a global mask, are expected to protect privacy with reduced overhead and easy adaptation. However, in...

Linux Distros Unpatched Vulnerability : CVE-2022-28203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting...

CVE-2025-54883

Summary: CVE-2025-54883 affects Vision UI up to version 1.4.0, where the internal getSecureRandomInt in security-kit pre-3.5.0 uses a 32‑bit mask in rejection sampling that overflows, producing a non-uniform distribution of random numbers when the requested entropy exceeds 32 bits. The root cause...

Narcissus 安全漏洞

narcissus is an online image assembler open-sourced by The Angstrom Distribution. A security vulnerability exists in Narcissus that stems from an uncleared release parameter that could lead to remote command execution...

PT-2025-32008 · Unknown +1 · Security-Kit +1

Name of the Vulnerable Software and Affected Versions: Vision UI versions 1.4.0 and below security-kit versions prior to 3.5.0 Description: The getSecureRandomInt function contains a cryptographic weakness due to a silent 32-bit integer overflow in its internal masking logic. This prevents the...

Linux Distros Unpatched Vulnerability : CVE-2024-42087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleeping gpiodsetvalue...

Coward: toward Practical Proactive Federated Backdoor Defense Via Collision-Based Watermark

Backdoor detection is currently the mainstream defense against backdoor attacks in federated learning FL, where malicious clients upload poisoned updates that compromise the global model and undermine the reliability of FL deployments. Existing backdoor detection techniques fall into two...