Gravity Falls: A Comparative Analysis of Domain-Generation Algorithm (DGA) Detection Methods for Mobile Device Spearphishing

Mobile devices are frequent targets of eCrime threat actors through SMS spearphishing smishing links that leverage Domain Generation Algorithms DGA to rotate hostile infrastructure. Despite this, DGA research and evaluation largely emphasize malware C2 and email phishing datasets, leaving limited...

CVE-2024-55025

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system...

CVE-2024-55025

Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system...

CVE-2024-55022

Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter...

CVE-2023-31364

Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine VM to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service...

CVE-2026-0029

In pkvminitvm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-47378

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain...

EUVD-2025-208187

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain...

CVE-2025-47378

CVE-2025-47378 is described as a cryptographic issue where a shared VM reference allows HLOS to boot the loader and access the certificate chain. Connected sources corroborate a cryptographic exposure affecting HLOS/boot chain components and reference related advisories from Red Hat and NCSC; how...

CVE-2025-47378 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain...

CVE-2025-47378 Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS

Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain...

filecoin-audit-kit

Filecoin Security Devnet Spin up a local Filecoin network for...

Malicious code in bubble-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bac16503e5a840ccf7e88977f38fac02affaa1c8eaff7f449b9832fa03cbd0a8 The package bubble-core was found to contain malicious code. Source: ghsa-malware a4122cb6b21018902fe682cf3dd31246d52f8850e8116649894d89df6f06acb2 An...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14354)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the outgoing.cgi endpoint in the MACHINE and MACHINECOMMENT parameters of the user-supplied data lack of effective...

PT-2026-22643

Name of the Vulnerable Software and Affected Versions versions prior to 2025-47378 Description A cryptographic issue exists when a shared VM reference allows HLOS to access the boot loader and certificate chain. This could potentially compromise the system's security. Recommendations At the momen...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005415)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005415 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm-lock to fix UAF in svmregisterencregion Do the cache flush of...

📄 Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control / Lockout

The Honeywell IQ4 Trend IQ4 exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System User level 100 context, granting read/write privileges to any party able to...

GHSA-HX9W-F2W9-9G96 hex_core has Unsafe Deserialization of Erlang Terms

Impact The Hex client hexcore deserializes Erlang terms received from the Hex API using binarytoterm/1 without sufficient restrictions. If an attacker can control the HTTP response body returned by the Hex API, this allows denial-of-service attacks such as atom table exhaustion, leading to a VM...

AMDS: Attack-Aware Multi-Stage Defense System for Network Intrusion Detection with Two-Stage Adaptive Weight Learning

Machine learning based network intrusion detection systems are vulnerable to adversarial attacks that degrade classification performance under both gradient-based and distribution shift threat models. Existing defenses typically apply uniform detection strategies, which may not account for...

CVE-2026-22717

Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed...