The Signal Clone Mike Waltz Was Caught Using Has Direct Access to User Chats

A new analysis of TM Signal’s source code appears to show that the app sends users’ message logs in plaintext. At least one top Trump administration official used the app...

A Slicing-Based Approach for Detecting and Patching Vulnerable Code Clones

Code cloning is a common practice in software development, but it poses significant security risks by propagating vulnerabilities across cloned segments. To address this challenge, we introduce srcVul, a scalable, precise detection approach that combines program slicing with Locality-Sensitive...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick

CVE-2022-44268 Arbitrary File Read PoC - PNG generator This is...

AZL-69917 CVE-2022-49833 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: clone zoned device info when cloning a device When cloning a btrfsdevice, we're not cloning the associated btrfszoneddeviceinfo structure of the device in case of a zoned filesystem. Later on this leads to a NULL...

DEBIAN-CVE-2022-49833

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: clone zoned device info when cloning a device When cloning a btrfsdevice, we're not cloning the associated btrfszoneddeviceinfo structure of the device in case of a zoned filesystem. Later on this leads to a NULL...

UBUNTU-CVE-2022-49783

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Drop fpregs lock before inheriting FPU permissions Mike Galbraith reported the following against an old fork of preempt-rt but the same issue also applies to the current preempt-rt tree. BUG: sleeping function called fro...

UBUNTU-CVE-2022-49833

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: clone zoned device info when cloning a device When cloning a btrfsdevice, we're not cloning the associated btrfszoneddeviceinfo structure of the device in case of a zoned filesystem. Later on this leads to a NULL...

Malicious code in s3transfer-sl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e1cc7c88223c47e4c3ceecc6fe73d05c1cbb505061a009f8ae5caf37086a2e09 During installation, the package attempts to exfiltrate env variables and tokens from Azure metadata API. It's a malicious clon of s3transfer --- Category:...

MAL-2025-191861 Malicious code in s3transfer-sl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e1cc7c88223c47e4c3ceecc6fe73d05c1cbb505061a009f8ae5caf37086a2e09 During installation, the package attempts to exfiltrate env variables and tokens from Azure metadata API. It's a malicious clon of s3transfer --- Category:...

CVE-2025-22900

Totolink N600R v4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the macCloneMac parameter in the setWanConfig function...

GHSA-RR8G-9FPQ-6WMG Tokio broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

Tokio broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

Broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

RUSTSEC-2025-0023 Broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

PT-2025-15909 · Crates.Io · Tokio

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

Malicious code in ultrafasttelethon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 73a960b0cd2d21f8bde61f22f956a4c2a02ccddd9e1277eef23d3d8e0406cba4 Clone of Telethon package that exfiltrates credentials. See client/telegrambaseclient.py L608-626 exfiltration function and client/auth.py L163 usage. ---...

Malicious code in fastertelethon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3ccfc281c2541df7e1354e6de8c64624fdc75dcc229d33962b171b0a95087edf Clone of Telethon package that exfiltrates credentials. See client/telegrambaseclient.py L608-626 exfiltration function and client/auth.py L163 usage. ---...

MAL-2025-191915 Malicious code in ultrafasttelethon (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 73a960b0cd2d21f8bde61f22f956a4c2a02ccddd9e1277eef23d3d8e0406cba4 Clone of Telethon package that exfiltrates credentials. See client/telegrambaseclient.py L608-626 exfiltration function and client/auth.py L163 usage. ---...

Malicious code in fastgram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bbc47050a01cdb07bbf87c6a6f47028545200c85d553a4952b686a705a6d7d3c Clone of Telethon package that exfiltrates credentials. See client/telegrambaseclient.py L608-626 exfiltration function and client/auth.py L163 usage. ---...

MAL-2025-191724 Malicious code in fastgram (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bbc47050a01cdb07bbf87c6a6f47028545200c85d553a4952b686a705a6d7d3c Clone of Telethon package that exfiltrates credentials. See client/telegrambaseclient.py L608-626 exfiltration function and client/auth.py L163 usage. ---...