From threats to apology, hackers pull child data offline after public backlash

Last week we yelled at some “hackers” that threatened parents after stealing data from their children's nursery. This followed a BBC report that a group calling itself “Radiant” claimed to have stolen sensitive data related to around 8,000 children from nursery chain Kido, which operates in the U...

Hackers threaten parents: Get nursery to pay ransom or we leak your child’s data

Just when you think extortionists can’t sink any lower, along comes a lowlife that manages to surprise you. The BBC reported that a group calling itself "Radiant" claims to have stolen sensitive data related to around 8,000 children from nursery chain Kido, which operates in the UK, US, China, an...

RLCracker: Exposing the Vulnerability of LLM Watermarks with Adaptive RL Attacks

Large Language Models LLMs watermarking has shown promise in detecting AI-generated content and mitigating misuse, with prior work claiming robustness against paraphrasing and text editing. In this paper, we argue that existing evaluations are not sufficiently adversarial, obscuring critical...

CVE-2025-59801

In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xpsunpredicttiff in xpstiff.c because the samplesperpixel value is not checked...

MalEval Android Malware Evaluation Framework

This repository contains the source code of MalEval, an evaluation framework for Android malware behavior auditing, focusing on explaining and substantiating malicious behaviors. The framework provides expert-verified reports, curated metadata, and model outputs to enable reproducible evaluation ...

Linux Distros Unpatched Vulnerability : CVE-2023-53290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out o...

CVE-2023-53290

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope...

UBUNTU-CVE-2023-53290

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope...

CVE-2023-53290

CVE-2023-53290 affects the Linux kernel in the samples/bpf path, where fout was opened with fopen but not closed, leading to a leak in hbm's run_bpf_prog. The issue is resolved by a patch that ensures fout is closed (fclose’d) before scope exit. The provided sources confirm the fixed state and li...

CVE-2023-53290 samples/bpf: Fix fout leak in hbm's run_bpf_prog

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Fix fout leak in hbm's runbpfprog Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope...

PT-2025-37895

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue in the samples/bpf subsystem related to a file descriptor leak within the run bpf prog function of the hbm program. Specifically, a file descriptor...

Exploit for Use After Free in Microsoft

CVE Analysis & Detection — PoCs, Snort Detection, and Mitigati...

ExploitNotes

It is an offline collection of notes and examples for exploit...

Spectral Masking and Interpolation Attack (SMIA): a Black-Box Adversarial Attack against Voice Authentication and Anti-Spoofing Systems

Voice Authentication Systems VAS use unique vocal characteristics for verification. They are increasingly integrated into high-security sectors such as banking and healthcare. Despite their improvements using deep learning, they face severe vulnerabilities from sophisticated threats like deepfake...

comedi: Make insn_rw_emulate_bits() do insn->n samples

...

SUSE CVE-2025-39686

In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is used as...

CVE-2025-39686

In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is used as...

DEBIAN-CVE-2025-39684

In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized memory in doinsnioctl and doinsnlistioctl syzbot reports a KMSAN kernel-infoleak in doinsnioctl. A kernel buffer is allocated to hold insn-n samples each of which is an unsigned int. For some...

DEBIAN-CVE-2025-39686

In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is used as...

AZL-66938 CVE-2025-39686 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: comedi: Make insnrwemulatebits do insn-n samples The insnrwemulatebits function is used as a default handler for INSNREAD instructions for subdevices that have a handler for INSNBITS but not for INSNREAD. Similarly, it is used as...