Malicious code in apex-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 33a26a7f829a26ef83ab119b6d61de6109d553f0b34432bf1efb37d5f56f4064 The package apex-connector was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3817 Malicious code in apex-trading (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7cf744353f06f389c92cd15c56bf0ec7d29860e8af7c9618413cf65e455428eb The package apex-trading was found to contain malicious code. Source: ossf-package-analysis...

Vulnerability-Scanner-using-Ollama-3-

Vulnerability Scanning & Exploitation Toolkit A Python-based...

Exploit for CVE-2026-0532

CVE-2026-0...

CVE-2025-14972 Insufficient DPA countermeasure reseeding

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

EUVD-2025-209883

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

CVE-2025-14972

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

CVE-2025-14972

CVE-2025-14972 affects the SYMCRYPTO engine on SixG301xxx devices, where DPA countermeasures are not sufficiently random, leading to eventual repetition. The vulnerability could impact KSU keys using SYMCRYPTO. The CVSS in the provided data indicates physical attack vector with high complexity an...

Bypassing On-Camera Age-Verification Checks

Some AI-based video age-verification checks can be fooled with a fake mustache...

Compile-Time Security Analysis and Optimization of Sensitive String Producers

Content composition vulnerabilities remain among the most prevalent and persistent classes of security weakness in deployed software. Prior mitigations, including developer training, static analysis tools, and domain-specific template languages, each face diminishing returns; AI code generation...

PT-2026-41300

Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. KSU keys using SYMCRYPTO will be impacted by this vulnerability...

Silicon Simplicity SDK 安全特征问题漏洞

The Silicon Simplicity SDK is an embedded software development platform provided by Silicon Corporation in the United States. It is used to build IoT products based on our 2-series and upcoming 3-series wireless and MCU devices. The Silicon Simplicity SDK has a security feature vulnerability, whi...

MalwarePT: A Binary-Level Foundation Model for Malware Analysis

Automated malware analysis increasingly relies on machine learning, yet most existing methods remain task-specific and depend on handcrafted features or narrowly scoped models. Recent developments in binary-level foundation models suggest a path toward reusable program representations, but their...

Malicious code in deepl-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f09b2cb596d2186d9533b703e85192087a2722c8307c51428330658f1972c3a The package deepl-sync was found to contain malicious code. Source: ghsa-malware 901de6816216276cc07830e358c2cae608d89087dba87b4acf0562604011e504 Any...

BIT-MONGODB-2026-8201 Use-After-Free in MongoDB FLE Query Analysis When Processing Positional Projections on Encrypted Fields

A use-after-free vulnerability exists in MongoDB's Field-Level Encryption FLE query analysis component, affecting client-side uses of mongocryptd and cryptshared. Triggering this vulnerability requires control over the structure of a client's FLE-related query. This issue impacts MongoDB Server’s...

Malicious code in @convera/ui-shared (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa0960816c1204042cecc61c5337e5db2c1407f5325cfc2ed26e43b5dc054d0 On npm install, the package's preinstall.js collects os.hostname and os.userInfo.username and sends them as query parameters /?hn=&un= via...

Topical Shifts in the Dark Web: A Longitudinal Analysis of Content from the Cybercrime Ecosystem

The dark web hosts a dynamic ecosystem of cybercrime forums and marketplaces that adapt to law enforcement pressure, technological change, and economic incentives. Prior research has extracted cyber threat intelligence from these platforms using static snapshots, with limited attention to how...

Joern 4.0.539

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

Toward Securing AI Agents like Operating Systems

Autonomous agents based on large language models LLMs are rapidly emerging as a general-purpose technology, with recent systems such as OpenClaw extending their capabilities through broad tool use, third-party skills, and deeper integration into user environments. At the same time, these agentic...

GitLab 跨站脚本漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Versions of GitLab prior to 18.9.7, 18.10.6, and 18.11.3 contained a...