Security Bulletin: IBM Operations Analytics - Log Analysis is affected by denial of service and a possible information leak due to LZ4 compression

Summary LZ4 compression for Java in Logstash is used by IBM Operations Analytics - Log Analysis as part of the fast, lightweight compression to reduce storage size. CVE-2025-12183, CVE-2025-66566. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in...

Malicious code in pdfjs-dist-v5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e5827ccd19d073818da31059d76a725b171d1fc793a4f2591ed0118a35b46c35 The package pdfjs-dist-v5 was found to contain malicious code. Source: ossf-package-analysis...

PT-2026-26222

Summary system.run exec allowlist analysis treated wrapper binaries as the effective executable and did not fully unwrap env/shell-dispatch wrappers. This allowed wrapper-smuggled payloads for example env bash -lc ... to satisfy an allowlist entry for the wrapper while executing non-allowlisted...

CISOs in a Pinch: A Security Analysis of OpenClaw

Learn how Claude Code Security set Cybersecurity stocks on fire...

Kraken: Higher-Order EM Side-Channel Attacks on DNNs in near and Far Field

The multi-million dollar investment required for modern machine learning ML has made large ML models a prime target for theft. In response, the field of model stealing has emerged. Attacks based on physical side-channel information have shown that DNN model extraction is feasible, even on CUDA...

STARDIS: Strategic Scheduling and Deceptive Signaling for Satellite Intrusion Detection System Deployment

Satellite communication networks operate under stringent computational constraints and are susceptible to sophisticated cyberattacks. This paper introduces a novel defense framework that decouples security optimization into ground-based analysis and onboard real-time execution. In the long-term...

Internet Malware Propagation: Dynamics and Control through SEIRV Epidemic Model with Relapse and Intervention

Malware attacks in today's vast digital ecosystem pose a serious threat. Understanding malware propagation dynamics and designing effective control strategies are therefore essential. In this work, we propose a generic SEIRV model formulated using ordinary differential equations to study malware...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

SBOM CVE Scanner - Enhanced Edition A comprehensive Python to...

PT-2026-22703

Name of the Vulnerable Software and Affected Versions AWS-LC versions prior to 1.69.0 Description An observable timing discrepancy in AES-CCM decryption within AWS-LC could allow an unauthenticated user to potentially determine authentication tag validity through timing analysis. The impacted...

Can LLMs Hack Enterprise Networks? -- Replicated Computational Results (RCR) Report

This is the Replicated Computational Results RCR Report for the paper "Can LLMs Hack Enterprise Networks?" The paper empirically investigates the efficacy and effectiveness of different LLMs for penetration-testing enterprise networks, i.e., Microsoft Active Directory Assumed-Breach Simulations...

MAL-2026-1095 Malicious code in jquery-display (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0873d8250c8747e1115c2866076509122f7e9ea8f4dde4dca4920d0f31f4874 The package jquery-display was found to contain malicious code. Source: ossf-package-analysis...

Power Network SCADA Quantum Communications: A Comparison of BB84, B92, E91, and SGS04 Quantum Key Distribution Protocols

The current state, emerging trends, and practical challenges of optical fiber-based power network SCADA quantum communication must be addressed to fully utilise the technological platform's potential in real-world power system SCADA communications involving massive volumes of real-time data, as...

Malicious code in bps-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f41e4d6abfba5f03e914140b0b171314ef8a614e3e03ff9685325532260a745 The package bps-design-system was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1083 Malicious code in dc-mobx (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df9e2dd1e6518d1399b40b444e58b1df6e1b73c5b7537390ba5950221b7835c0 The package dc-mobx was found to contain malicious code. Source: ghsa-malware 7ed4c54f4caa51eaa254af92038fe2e076f7dbe16e0067d481d9aa89925e3ec4 Any...

EUVD-2026-9078

malcontent: Nested archive extraction failure can drop content from scan inputs...

ch.acanda.maven:code-analysis-maven-plugin (>=1.6.0 <=1.27.0), com.jpinpoint.sonar:sonar-pmd-jpinpoint (>=2.0.0 <=2.1.1) +116 more potentially affected by CVE-2026-28338 via net.sourceforge.pmd:pmd-core (>=7.0.0-rc1 <=7.21.0)

net.sourceforge.pmd:pmd-core MAVEN version =7.0.0-rc1, =1.6.0, =2.0.0, =0.25.1, =0.25.1, =1.0.0, =0.5.6, =0.5.41, =12.2.0, =3.31.0, =0.7.0, =0.67.2, =0.67.2, =2.0.0, =0.1.0, =0.1.19 and more Source cves: CVE-2026-28338 Source advisory: SNYK:JAVA-NETSOURCEFORGEPMD-15365925...

CVE-2026-28407

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

CVE-2026-28407 malcontent's nested archive extraction failure can drop content from scan inputs

malcontent is software for discovering supply-chain compromises through context, differential analysis, and YARA. Prior to version 1.21.0, malcontent would remove nested archives which failed to extract which could potentially leave malicious content. A better approach is to preserve these archiv...

CVE-2026-28338

PMD is affected in versions prior to 7.22.0 where the legacy report formats vbhtml and yahtml insert rule-violation messages into HTML without escaping, causing potential cross-site scripting if untrusted source code contains crafted strings. The vulnerability does not affect the default html for...

Malicious code in @zinley/orion (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb5209e6394eac2659ab3101809c2a59bf59a604346075a9d923de21d982812e The package @zinley/orion was found to contain malicious code. Source: ossf-package-analysis...