Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware

In yet another instance of threat actors repurposing legitimate tools for malicious purposes, it has been discovered that hackers are exploiting a popular red teaming tool called Shellter to distribute stealer malware. The company behind the software said a company that had recently purchased...

PT-2025-30106 · Go · Github.Com/Cosmos/Cosmos-Sdk

Description Name: ISA-2025-005: Integer Overflow in Cosmos SDK Component: CosmosSDK Criticality: High Considerable Impact; Likely Likelihood per ACMv1.2 Affected versions: = v0.50.13, = 0.53.2 Affected users: Validators, Full nodes, Users on chains that utilize the distribution module Cosmos SDK...

A Formal Refutation of the Blockchain Trilemma

The so-called blockchain trilemma asserts the impossibility of simultaneously achieving scalability, security, and decentralisation within a single blockchain protocol. In this paper, we formally refute that proposition. Employing predicate logic, formal automata theory, computational complexity...

CVE-2025-3777 Improper Input Validation in huggingface/transformers

Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the imageutils.py file. The vulnerability arises from insecure URL validation using the startswith method, which can be bypassed through URL username injection. This allows attackers to...

The vulnerability of the container management system and the virtual machine manager Incus, related to unlimited resource distribution, allows attackers to bypass security restrictions and cause service failures.

The vulnerability of the container management system and the virtual machine manager Incus is related to the unlimited distribution of resources due to incorrect generation of access control rules for local services based on an access control list. Exploiting this vulnerability can allow a...

PT-2025-28155 · Hugging Face · Huggingface/Transformers

Name of the Vulnerable Software and Affected Versions: Hugging Face Transformers versions prior to 4.52.1 Description: Hugging Face Transformers is affected by an improper input validation vulnerability in the image utils.py file. The vulnerability stems from insecure URL validation using the...

When Data-Free Knowledge Distillation Meets Non-Transferable Teacher: Escaping Out-Of-Distribution Trap Is All You Need

Data-free knowledge distillation DFKD transfers knowledge from a teacher to a student without access the real in-distribution ID data. Its common solution is to use a generator to synthesize fake data and use them as a substitute for real ID data. However, existing works typically assume teachers...

The vulnerability of the Apache Commons FileUpload library, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the Apache Commons FileUpload library is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the BeginBlocker process in the x/distribution module. An attacker can cause the blockchain to halt by sending transactions with fees denominated in a currency other than the expected nati...

GHSA-56J4-446M-QRF6 Babylon vulnerable to chain half when transaction has fees different than `ubbn`

Summary Sending transactions with fees different than native Babylon genesis denom ubbn leads to chain halt. Impact Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module -...

Improper Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the BeginBlocker process in the x/distribution module. An attacker can cause the blockchain to halt by sending transactions with fees denominated in a currency other than the expected nati...

Babylon vulnerable to chain half when transaction has fees different than `ubbn`

Summary Sending transactions with fees different than native Babylon genesis denom ubbn leads to chain halt. Impact Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module -...

PT-2025-29193 · Go · Github.Com/Babylonlabs-Io/Babylon +1

Summary Sending transactions with fees different than native Babylon genesis denom ubbn leads to chain halt. Impact Denial of Service - Due to panic in the x/distribution module BeginBlocker triggered by a error when sending fees from feeCollector to x/distribution module -...

The vulnerability of the online business analytics service IBM Cognos Analytics, related to unlimited resource distribution, allows a perpetrator to cause a service failure.

The vulnerability of the online business analytics service IBM Cognos Analytics lies in its unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending a specially crafted request...

CVE-2025-5315

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed...

CVE-2025-2938

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval...

The vulnerability of the IBM InfoSphere Information Server software platform, related to the unlimited distribution of resources, allows a hacker to cause service failures.

The vulnerability of the IBM InfoSphere Information Server software platform is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

DRUPAL-CONTRIB-2025-079

Open Social is a Drupal distribution for online communities, which ships with a default module that allows users to enroll in events. The module doesn't sufficiently protect certain routes from Cross Site Request Forgery CSRF attacks. Users can be tricked into accepting or rejecting these...

SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks

Unknown threat actors have been distributing a trojanized version of SonicWall's SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. "NetExtender enables remote users to securely connect and run applications on the company network," SonicWall...

Counterfactual Influence As a Distributional Quantity

Machine learning models are known to memorize samples from their training data, raising concerns around privacy and generalization. Counterfactual self-influence is a popular metric to study memorization, quantifying how the model's prediction for a sample changes depending on the sample's...