[SECURITY] Fedora 43 Update: pspp-2.1.1-5.fc43

PSPP is a program for statistical analysis of sampled data. It interprets commands in the SPSS language and produces tabular output in ASCII, PostScript, or HTML format. PSPP development is ongoing. It already supports a large subset of SPSS's transformation language. Its statistical procedure...

Aether Smart Contract Security Analysis Framework 6.0

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

parseusbs 操作系统命令注入漏洞

Parseusbs is a USB-connected recording and forensic analysis tool developed by Khyrenz Ltd. Versions of Parseusbs prior to 1.9 contained a vulnerability related to operating system command injection. This vulnerability arose from the fact that the volume list path parameters were passed directly ...

Beyond Single Reports: Evaluating Automated ATT&CK Technique Extraction in Multi-Report Campaign Settings

Large-scale cyberattacks, referred to as campaigns, are documented across multiple CTI reports from diverse sources, with some providing a high-level overview of attack techniques and others providing technical details. Extracting attack techniques from reports is essential for organizations to...

MemProcFS 代码问题漏洞

MemProcFS is a physical memory virtual file system analysis tool developed by Ulf Frisk. Versions of MemProcFS prior to 5.17 contained code vulnerabilities. These vulnerabilities stemmed from multiple insecure library loading patterns, which could lead to DLL and shared library hijacking, allowin...

Aether Smart Contract Security Analysis Framework 5.0.2

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

parseusbs 操作系统命令注入漏洞

Parseusbs is a USB connection recording and forensic analysis tool developed by Khyrenz Ltd. Versions of Parseusbs prior to 1.9 contained an operating system command injection vulnerability. This vulnerability stemmed from the LNK file path being passed to the os.popen shell command without prope...

Broken Quantum: A Systematic Formal Verification Study of Security Vulnerabilities across the Open-Source Quantum Computing Simulator Ecosystem

Quantum computing simulators form the classical software foundation on which virtually all quantum algorithm research depends. We present Broken Quantum, the first comprehensive formal security audit of the open-source quantum computing simulator ecosystem. Applying COBALT QAI -- a four-module...

dst-engine

DST: Deterministic Security Testing Static analysis that does...

SoK: Understanding Anti-Forensics Concepts and Research Practices across Forensic Subdomains

Anti-forensics includes a growing set of techniques designed to obstruct forensic analysis. While cybercriminals increasingly rely on these methods, they also help researchers identify and remedy weaknesses in forensic tools, advancing the overall robustness of digital forensics. Despite repeated...

Time-Domain Voice Identity Morphing (TD-VIM): A Signal-Level Approach to Morphing Attacks on Speaker Verification Systems

In biometric systems, it is a common practice to associate each sample or template with a specific individual. Nevertheless, recent studies have demonstrated the feasibility of generating "morphed" biometric samples capable of matching multiple identities. These morph attacks have been recognized...

CritBench: A Framework for Evaluating Cybersecurity Capabilities of Large Language Models in IEC 61850 Digital Substation Environments

The advancement of Large Language Models LLMs has raised concerns regarding their dual-use potential in cybersecurity. Existing evaluation frameworks overwhelmingly focus on Information Technology IT environments, failing to capture the constraints, and specialized protocols of Operational...

Argus: Reorchestrating Static Analysis Via a Multi-Agent Ensemble for Full-Chain Security Vulnerability Detection

Recent advancements in Large Language Models LLMs have sparked interest in their application to Static Application Security Testing SAST, primarily due to their superior contextual reasoning capabilities compared to traditional symbolic or rule-based methods. However, existing LLM-based approache...

Aether - Adaptive Exploit and Threat Hunting Engine for EVM-based Repositories 5.0

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...

Guiding Symbolic Execution with Static Analysis and LLMs for Vulnerability Discovery

Symbolic execution detects vulnerabilities with precision, but applying it to large codebases requires harnesses that set up symbolic state, model dependencies, and specify assertions. Writing these harnesses has traditionally been a manual process requiring expert knowledge, which significantly...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Information Disclosure, Buffer Overflow and Denial of Service (DoS) due to Java JSON library ('Jackson')

Summary Jackson is used in Apache Solr, Apache ZooKeeper, and Logstash by IBM Operations Analytics - Log Analysis as part of parsing, generating, or serialising JSON data as part of their request handling, configuration processing, or structured logging workflows. CVE-2025-49128, CVE-2025-52999,...

Security Bulletin: Due to use of Netty, IBM Operations Analytics - Log Analysis is affected by denial of service, information disclosure, and HTTP request smuggling

Summary Netty in Apache ZooKeeper and Logstash is used by IBM Operations Analytics - Log Analysis as part of the client/server network transport layer, and network-related plugins for protocol and event transport. CVE-2014-0193, CVE-2014-3488, CVE-2015-2156, CVE-2019-20444, CVE-2024-47535,...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by potential data integrity and denial of service due to Apache POI

Summary Apache POI in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of extracting text and metadata from document files. CVE‑2022‑26336, CVE‑2025‑31672 Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue...

Security Bulletin: Due to the use of Logback, IBM Operations Analytics - Log Analysis is affected by Server‑Side Request Forgery (SSRF), and arbitrary code is being executed.

Summary Logback in Apache Zookeeper is used by IBM Operations Analytics - Log Analysis as part of the logging implementation. CVE-2024-12798, CVE-2024-12801. Vulnerability Details CVEID:CVE-2024-12798 DESCRIPTION: ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including...

A Multi-Agent Framework for Automated Exploit Generation with Constraint-Guided Comprehension and Reflection

Open-source libraries are widely used in modern software development, introducing significant security vulnerabilities. While static analysis tools can identify potential vulnerabilities at scale, they often generate overwhelming reports with high false positive rates. Automated Exploit Generatio...