Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control C2 platform called Matrix Push C2. "This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target...

The Star Product of Uniformly Random Codes

We consider the problem of determining the expected dimension of the star product of two uniformly random linear codes that are not necessarily of the same dimension. We achieve this by establishing a correspondence between the star product and the evaluation of bilinear forms, which we use to...

TencentOS Server 3: thunderbird (TSSA-2023:0054)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0054 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Improper Input Validation

matrix-js-sdk is vulnerable to Improper Input Validation. The vulnerability is due to inadequate validation in the MatrixClient::getJoinedRooms function, which allows an attacker to replace a tombstoned room with an unrelated attacker-controlled room...

PT-2025-49093

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where an invalid memory access can occur in the cros ec keyb process function when receiving an EC MKBP EVENT KEY MATRIX event. This happens if cros ec...

Malicious Package

Overview new-route-matrix is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Astra Linux - уязвимость в thunderbird

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

Astra Linux - уязвимость в thunderbird

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be...

EUVD-2025-37292

Malicious code in new-route-matrix npm...

Malicious code in new-route-matrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ee2159cd9cc77ad5a88ac059f6c816cf1b9b4ec1e8148c4bb75cd1bf5a5244 The package new-route-matrix was found to contain malicious code. Source: ghsa-malware 8be55d07fc4dd84c7c769d8ec2f62de2eb9fea7a60664d2eac8fd91f757a1e...

MAL-2025-49300 Malicious code in new-route-matrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12ee2159cd9cc77ad5a88ac059f6c816cf1b9b4ec1e8148c4bb75cd1bf5a5244 The package new-route-matrix was found to contain malicious code. Source: ghsa-malware 8be55d07fc4dd84c7c769d8ec2f62de2eb9fea7a60664d2eac8fd91f757a1e...

[SECURITY] Fedora 42 Update: nheko-0.12.1-10.fc42

The motivation behind the project is to provide a native desktop app for Matrix that feels more like a mainstream chat app...

SecureLearn - an Attack-Agnostic Defense for Multiclass Machine Learning against Data Poisoning Attacks

Data poisoning attacks are a potential threat to machine learning ML models, aiming to manipulate training datasets to disrupt their performance. Existing defenses are mostly designed to mitigate specific poisoning attacks or are aligned with particular ML algorithms. Furthermore, most defenses a...

mirror_sparse_matrix (>=0.1.1 <=0.1.17) potentially affected by unknown CVE via binary_vec_io (=0.1.12)

binaryvecio CARGO version =0.1.12 is affected by a known vulnerability. The following packages have a transitive dependency on binaryvecio and may be impacted: - mirrorsparsematrix =0.1.1, =0.1.17 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0109...

CVE-2025-62425

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

CVE-2025-62425

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

CVE-2025-62425

MAS (Matrix Authentication Service) is affected by a logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 that lets an attacker with access to an authenticated MAS session perform sensitive operations without entering the current password (e.g., changing the password, adding/removing ...

CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

CVE-2025-62425 Matrix Authentication Service account password can be changed using an authenticated session without supplying the current password

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...

EUVD-2025-34822

MAS Matrix Authentication Service is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows an attacker with access to an authenticated MAS session to perform sensitive...