A Hybrid Approach for Malware Classification Using Secondary Features Fusion

The number of malware either variant or novel is rapidly increasing, making malware detection and mitigation a complex problem. One approach to improving malware mitigation is automatic detection and malware family classification. However, traditional malware detection methods cannot classify...

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. Qualcomm Chipsets have a buffer error vulnerability, which stems from using an invalid length to access the buffer during TA calls, potentially leading to memory corruption...

Malware Detection Based on API Calls: A Reproducibility Study

This study independently reproduces the malware detection methodology presented by Felli cious et al. 7, which employs order-invariant API call frequency analysis using Random Forest classification. We utilized the original public dataset 250,533 training samples, 83,511 test samples and replicat...

CVE-2025-11931

Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wcXChaCha20Poly1305Decrypt which is not used with TLS connections, only from direct calls from an application...

EUVD-2025-34641

On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

Dynamic Malware Classification of Windows PE Files Using CNNs and Greyscale Images Derived from Runtime API Call Argument Conversion

Malware detection and classification remains a topic of concern for cybersecurity, since it is becoming common for attackers to use advanced obfuscation on their malware to stay undetected. Conventional static analysis is not effective against polymorphic and metamorphic malware as these change...

HCL BigFix Inventory 安全漏洞

HCL BigFix Inventory is a software inventory from HCL USA. Maintaining software audits reduces security risks through software compliance and utilization management. HCL BigFix Inventory has a security vulnerability that stems from insufficient permissions or improper handling of privileges. An...

[SECURITY] Fedora 39 Update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39

gVisor is an open-source, OCI-compatible sandbox runtime that provides a virtualized container environment. It runs containers with a new user-space kernel, delivering a low overhead container security solution for high-density applications. gVisor integrates with Docker, containerd and Kubernete...

[SECURITY] Fedora 38 Update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38

gVisor is an open-source, OCI-compatible sandbox runtime that provides a virtualized container environment. It runs containers with a new user-space kernel, delivering a low overhead container security solution for high-density applications. gVisor integrates with Docker, containerd and Kubernete...

USN-4047-2 libvirt vulnerability

USN-4047-1 fixed a vulnerability in libvirt. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Matthias Gerstner and Ján Tomko discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to check for arbitra...

TrendMicro node.js http server arbitrary command execution vulnerability

Trend Micro is a global leader in network security software and services, leading the trend from desktop antivirus to network server and gateway antivirus with excellent foresight and technological innovation capabilities, and proving Trend Micro's foresight and leadership to the industry with it...

applican vulnerable to script injection

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID. Note that this vulnerability is different from JVN64625488. Kenta Suefusa and Tomonori Shiom...

Java-API calls in untrusted Javascript allow network privilege escalation

Unspecified vulnerability in Sun JDK and Java Runtime Environment JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java AP...