REx86: A Local Large Language Model for Assisting in X86 Assembly Reverse Engineering

Reverse engineering RE of x86 binaries is indispensable for malware and firmware analysis, but remains slow due to stripped metadata and adversarial obfuscation. Large Language Models LLMs offer potential for improving RE efficiency through automated comprehension and commenting, but cloud-hosted...

Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented...

closeTrove never nulls trove.stake

Lines of code Vulnerability details // Auditor's note: not 100% sure if this is intentional, but I have reason to believe it's a mistake. Description When a trove gets liquidated, its stake gets set to 0 through removeStake, called eg here. However, when a trove gets closed gratiously through...

Certain view functions should never be used in code, only UI. They are easily manipulated.

Handle tensors Vulnerability details Impact The view functions in StablesConverter.sol can be manipulated to give incorrect answers by flashloan attacks. Using them within the code in a naive way can lead to lost funds. Example Recommendations Make sure the functions are only used as estimates fo...

Incorrect liquidity unit calculation in Utils.sol

Handle 0xRajeev Vulnerability details Impact As per code comments, the calcLiquidityUnits function is supposed to calculate: // units = P t B + T b/2 T B slipAdjustment // P part1 + part2 / part3 slipAdjustment While part1, part2 and part3 are calculated correctly, they are combined as: uint unit...

CVE-2019-14961

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS...

E-mail Address Disclosure

Email addresses are typically found on "Contact us" pages, however, they can also be found within scripts or code comments of the application. They are used to provide a legitimate means of contacting an organisation. As one of the initial steps in information gathering, cyber-criminals will spid...

[SECURITY] Fedora 24 Update: drupal7-theme-zen-5.6-1.fc24

Zen is a powerful, yet simple, HTML5 starting theme with a responsive, mobile-first grid design. If you are building your own standards-compliant theme, you will find it much easier to start with Zen than to start with Garland or Stark. This theme has fantastic online documentation...

[SECURITY] Fedora 19 Update: drupal7-theme-zen-5.4-1.fc19

Zen is a powerful, yet simple, HTML5 starting theme with a responsive, mobile-first grid design. If you are building your own standards-compliant theme, you will find it much easier to start with Zen than to start with Garland or Stark. This theme has fantastic online documentation...