New Sturnus Android Malware Reads WhatsApp, Telegram, Signal Chats via Accessibility Abuse

Sturnus, an advanced Android banking trojan, has been discovered by ThreatFabric. Learn how this malware bypasses end-to-end encryption on Signal and WhatsApp, steals bank credentials using fake screens, and executes fraudulent transactions...

JLSEC-2025-228 Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occu...

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery...

RNP 安全漏洞

RNP is a C++ library open-sourced by RNP. A security vulnerability exists in RNP version 0.18.0 that stems from an uninitialized symmetric session key used in PKESK packets, which could lead to a complete breach of confidentiality...

PT-2025-47788

Name of the Vulnerable Software and Affected Versions RNP version 0.18.0 Description A regression in RNP version 0.18.0 causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to remain uninitialized, resulting in it always being an all-zero byte array. This allow...

hpke-js 安全漏洞

hpke-js is a hybrid public key cryptographic module from the individual developer Ajitomi Daisuke. A security vulnerability exists in hpke-js versions prior to 1.7.5, which stems from a race condition in the SenderContext Seal API that could lead to a loss of message confidentiality and integrity...

MAL-2025-191772 Malicious code in kdewebhelper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da8701a407522875f63d2aaa28d27194fe8e2faa4d7782fd66639f224ae62dcd Importing the module connects to a Telegram bot and provides its operator with abilities to execute commands, exfiltrate and encrypt data. The target group see...

Malicious code in kdewebhelper (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 da8701a407522875f63d2aaa28d27194fe8e2faa4d7782fd66639f224ae62dcd Importing the module connects to a Telegram bot and provides its operator with abilities to execute commands, exfiltrate and encrypt data. The target group see...

CVE-2025-34337

eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for...

GHSA-73G8-5H73-26H4 @hpke/core reuses AEAD nonces

Summary The public SenderContext Seal API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal calls. This can lead to complete loss of Confidentiality and Integrity of the produced messages. Details The SenderContext Seal implementation allows for concurrent...

TencentOS Server 4: libgcrypt (TSSA-2024:0963)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0963 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: grub2 (TSSA-2025:0411)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0411 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 4: corosync (TSSA-2025:0287)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0287 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: jose (TSSA-2024:0392)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0392 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

PT-2025-47653

Name of the Vulnerable Software and Affected Versions hpke-js versions prior to 1.7.5 Description The software contains a race condition in the public SenderContext Seal API. This allows the reuse of the same AEAD nonce for multiple Seal calls, potentially leading to a complete loss of...

SafePay Ransomware: TTPs and Defense Strategies

When a threat actor disables your security software and starts deleting your backups, you’re already in the middle of a crisis. The operators behind SafePay ransomware are known for these exact tactics, deliberately sabotaging your ability to respond and recover. Catching an attack like this earl...

CVE-2025-13316 Hard-coded encryption keys in Twonky Server

Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to...

CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)

Overview Twonky Server version 8.5.2 is susceptible to two vulnerabilities that facilitate administrator authentication bypass on Linux and Windows. An unauthenticated attacker can improperly access a privileged web API endpoint to leak application logs, which contain encrypted administrator...

CVE-2025-34337

eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for...

CVE-2025-34337

eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for...

CVE-2025-34337 eGovFramework <= 4.3.1 Unauthenticated Encryption Oracle via Web Editor Image Upload Endpoints

eGovFramework/egovframe-common-components versions up to and including 4.3.1 includes Web Editor image upload and related file delivery functionality that uses symmetric encryption to protect URL parameters, but exposes an encryption oracle that allows attackers to generate valid ciphertext for...