Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

ClawGuard: Out-Of-Band Detection of LLM Agent Workflow Hijacking Via EM Side Channel

Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry such as audit logs, which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard,...

Five defender priorities from the Talos Year in Review

A familiar theme in security right now is that the barrier to entry for attackers is at an all-time low. AI tools can spin up websites within minutes that can easily direct data to disposable external data stores and send alerts for new captures -- all without code. One such case was recently...

CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

Needles in a Haystack: Using Forensic Network Science to Uncover Insider Trading

Although the automation and digitisation of anti-financial crime investigation has made significant progress in recent years, detecting insider trading remains a unique challenge, partly due to the limited availability of labelled data. To address this challenge, we propose using a data-driven...

A Framework for Detection and Classification of Attacks on Surveillance Cameras under IoT Networks

The increasing use of Internet of Things IoT devices has led to a rise in security related concerns regarding IoT Networks. The surveillance cameras in IoT networks are vulnerable to security threats such as brute force and zero-day attacks which can lead to unauthorized access by hackers and...

Juniper Networks Junos OS 代码问题漏洞

Juniper Networks Junos OS is a Juniper Networks, Inc. network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A code issue vulnerability exists in Juniper Networks Junos OS that stems from insufficient...

Robust Anti-Backdoor Instruction Tuning in LVLMs

Large visual language models LVLMs have demonstrated excellent instruction-following capabilities, yet remain vulnerable to stealthy backdoor attacks when finetuned using contaminated data. Existing backdoor defense techniques are usually developed for single-modal visual or language models under...

CVE-2019-17061

The Bluetooth Low Energy BLE stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID LLID equal to zero. This allows attackers within radio range to cause...

PT-2024-9328

Name of the Vulnerable Software and Affected Versions Windows Lightweight Directory Access Protocol LDAP versions prior to the fixed version Description The vulnerability is related to an integer overflow in the Windows Lightweight Directory Access Protocol LDAP service, allowing remote attackers...

Identity Threat Detection and Response Solution Guide

The Emergence of Identity Threat Detection and Response Identity Threat Detection and Response ITDR has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally...

SUSE-SU-2024:2890-1 Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: - CVE-2023-51714: Fixed an incorrect integer overflow check bsc1218413. - CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted can be responded to bsc1227426 - CVE-2023-45935: Fixed NULL pointer...

SUSE-SU-2024:2883-1 Security update for libqt5-qtbase

This update for libqt5-qtbase fixes the following issues: - CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms due to anomalous behavior from the X server bsc1222120 - CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted c...

Cyber Signals: Inside the growing risk of gift card fraud

In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank...

CVE-2023-45935

Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server...

CVE-2023-45920

Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager...

CVE-2023-45920

Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager...

CVE-2023-45935

Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server...

CVE-2023-45920

Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints. NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager...

CVE-2023-45920

Xfig v3.2.8 contains a NULL pointer dereference in XGetWMHints(), CVE-2023-45920. Multiple connected advisories confirm the issue and note that its remediation has been released: Mageia (MGASA-2024-0125), SUSE (SUSE-SU-2024:1196-1), and OSV entries indicate fixes. Descriptions consistently state ...