CVE-2025-63675

The vulnerability CVE-2025-63675 affects cryptidy up to version 1.2.4. The root cause is deserialization of untrusted data via pickle.loads in aes_decrypt_message within cryptidy/symmetric_encryption.py, enabling code execution. Multiple sources (Red Hat, OSV, GHSA, Snyk, CVE records) corroborate...

CVE-2025-63675

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

EUVD-2025-37311

cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge that stems from an improper implementation of encryption...

CVE-2025-34271 Nagios Log Server < 2024R2.0.2 Cluster Manager Credential Requests Sent Over Plaintext

Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network...

GO-2025-4076 Constellation has insecure LUKS2 persistent storage partitions which may be opened and used in github.com/edgelesssys/constellation

Constellation has insecure LUKS2 persistent storage partitions which may be opened and used in github.com/edgelesssys/constellation...

CVE-2025-54471

NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data...

Rogue WordPress Plugin Conceals Multi-Tiered Credit Card Skimmers in Fake PNG Files

The Wordfence Threat Intelligence Team recently discovered a sophisticated malware campaign targeting WordPress e-commerce sites, specifically those using the WooCommerce plugin. This malware exhibits advanced features including custom encryption methods, fake images used to conceal malicious...

SUSE CVE-2025-40052

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifssgsetbuf helper that converts vmalloc'd memory to their...

Linux Distros Unpatched Vulnerability : CVE-2025-12439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive...

An In-Depth Analysis of Cyber Attacks in Secured Platforms

There is an increase in global malware threats. To address this, an encryption-type ransomware has been introduced on the Android operating system. The challenges associated with malicious threats in phone use have become a pressing issue in mobile communication, disrupting user experiences and...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 20 security fixes: 447613211 High CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2025-09-26 450618029 High CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang on 2025-10-10 442860743 High...

CVE-2025-58356

Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...

Linux Distros Unpatched Vulnerability : CVE-2025-40052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this...

CVE-2025-58356 Constellation allows insecure use of LUKS2 persistent storage partitions

Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...

CVE-2025-58356

Constellation uses LUKS2-encrypted volumes for persistent storage in a Confidential Kubernetes setup. The vulnerability arises when opening an encrypted device via crypt_activate_by_passhrase because cryptsetup 2.8.1 mishandles null keyslot algorithms, which can cause a volume to be opened withou...

EUVD-2025-36204

Constellation has insecure LUKS2 persistent storage partitions which may be opened and used...

Security Bulletin: Sensitive Key Exposure in Snowflake JDBC Driver Logging (Versions 3.0.13 – 3.23.0), affects watsonx.data

Summary Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side...

EUVD-2025-36186

StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a hardcoded AES key which allows attackers to forge or decrypt valid login tokens...

Uncovering Qilin attack methods exposed through multiple cases

In the second half of 2025, the ransomware group Qilin has continued to publish victim information on its leak site at a pace of more than 40 cases per month, making it one of the most impactful ransomware groups worldwide. The manufacturing sector has been the most affected, followed by...