1448 matches found
GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware
ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware...
CVE-2026-33551
OpenStack Keystone vulnerability CVE-2026-33551 allows an authenticated user with only a reader role to obtain EC2/S3 credentials via restricted application credentials when using the EC2/S3 compatibility API (swift3/s3api). Affected products/versions: Keystone 14 through 26 before 26.1.1, 27.0.0...
CVE-2026-28815
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...
GHSA-9M44-RR2W-PPP7 Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length
Summary The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...
EUVD-2026-18570
Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length...
Swift Crypto: X-Wing HPKE Decapsulation Accepts Malformed Ciphertext Length
Summary The X-Wing decapsulation path accepts attacker-controlled encapsulated ciphertext bytes without enforcing the required fixed ciphertext length. The decapsulation call is forwarded into a C API, which expects a compile-time fixed-size ciphertext buffer of 1120 bytes. This creates an FFI...
CVE-2026-28815
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...
CVE-2026-28815
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...
CVE-2026-28815
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...
CVE-2026-28815
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...
CVE-2026-28815
CVE-2026-28815 concerns Swift Crypto’s X-Wing HPKE decapsulation path. The issue arises when an attacker-supplied encapsulatedKey is shorter than the required 1120 bytes; the implementation forwards the data to a C API without runtime length validation, enabling an out-of-bounds read in the decap...
PT-2026-29972
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1...
Swift Crypto 安全漏洞
Swift Crypto is an open-source cross-platform encryption library developed by Apple. Versions of Swift Crypto prior to 4.3.1 contained a security vulnerability. This vulnerability was caused by remote attackers who could provide short X-Wing HPKE encapsulation keys and trigger out-of-bound reads ...
XNUTest
xnutesting Research & Education Only — Proof-of-concept...
Improper Cleanup on Thrown Exception
Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when cleaning up tmp files. Temporary storage can be exhausted during the scanning process by an attacker providing large or highly compressed artifacts, leading to the accumulation of temporary file...
Exploit for CVE-2025-70342
CVE-2025-70342: Credential Interception via Named Pipe in eras...
leafkit 安全漏洞
Leafkit is an open-source application developed by Vapor. It uses Swift to create modular server-side software. Versions of Leafkit prior to 1.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that htmlEscaped only matched extended character clusters, which could...
GHSA-4HFH-FCH3-5Q7P Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster
Summary htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this c...
Supply Chain Insecurity: Exposing Vulnerabilities in IOS Dependency Management Systems
Dependency management systems are a critical component in software development, enabling projects to incorporate existing functionality efficiently. However, misconfigurations and malicious actors in these systems pose severe security risks, leading to supply chain attacks. Despite the widespread...
[SECURITY] Fedora 42 Update: rclone-1.72.1-1.fc42
"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...