📄 WordPress WPvivid 0.9.123 Arbitrary File Write

This Metasploit module exploits an unauthenticated arbitrary file write vulnerability in the WPvivid Backup plugin used in WordPress websites. The vulnerability allows an attacker to send a specially crafted encrypted payload to the vulnerable endpoint using the parameter wpvividaction=sendtosite...

EUVD-2017-9053

Malware in sbrugna...

EUVD-2017-17809

Malware in sbrugna...

EUVD-2025-14904

Malicious code in bioql PyPI...

EUVD-2025-6389

Malicious code in bioql PyPI...

CVE-2025-0136

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clou...

CVE-2025-0136

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clou...

CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clou...

CVE-2025-0136

CVE-2025-0136 affects PAN-OS on Intel-based Palo Alto Networks firewalls (PA-7500, PA-5400/5400f, PA-3400, PA-1600, PA-1400, PA-400). The issue arises from using AES-128-CCM for IPSec, which leads to unencrypted data transfer between devices connected to the PAN-OS firewall through IPSec. Affecte...

CVE-2025-0136 PAN-OS: Unencrypted Data Transfer when using AES-128-CCM on Intel-based hardware devices

Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks PAN-OS® firewalls PA-7500, PA-5400, PA-5400f, PA-3400, PA-1600, PA-1400, and PA-400 Series leads to unencrypted data transfer to devices that are connected to the PAN-OS firewall through IPSec. This issue does not affect Clou...

Palo Alto Networks PAN-OS 10.1.x < 10.1.14-h14 / 10.2.x < 10.2.11 / 11.0.x < 11.0.7 / 11.1.x < 11.1.5 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.14-h14, 10.2.x prior to 10.2.11, 11.0.x prior to 11.0.7, or 11.1.x prior to 11.1.5. It is, therefore, affected by a vulnerability. Using the AES-128-CCM algorithm for IPSec on certain Palo Alto Networks...

CVE-2025-2229

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations...

CVE-2025-2229

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations...

CVE-2025-2229 Philips Intellispace Cardiovascular (ISCV) Use of Weak Credentials

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations...

CVE-2025-2229 Philips Intellispace Cardiovascular (ISCV) Use of Weak Credentials

A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations...

Implementing Cryptography in AI Systems

Interesting research: "How to Securely Implement Cryptography in Deep Neural Networks." Abstract: The wide adoption of deep neural networks DNNs raises the question of how can we equip them with a desired cryptographic functionality e.g, to decrypt an encrypted input, to verify that this input is...

CVE-2024-53185

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...

CVE-2024-53185

CVE-2024-53185 : In the Linux kernel, the SMB client could dereference a NULL pointer in crypto_aead_setkey() when negotiating encryption over SMB2/SMB3, due to @server-&gt;cipher_type not being set for SMB3.02. The fix adds a check to smb3_crypto_aead_allocate() and ensures cipher_type is set fo...

CVE-2024-53185 smb: client: fix NULL ptr deref in crypto_aead_setkey()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

Introduction In August 2024, our team identified a new crimeware bundle, which we named "SteelFox". Delivered via sophisticated execution chains including shellcoding, this threat abuses Windows services and drivers. It spreads via forums posts, torrent trackers and blogs, imitating popular...