GHSA-WFQ4-36M3-9G42 Matrix Rust SDK: Sender-binding gaps in to-device and room-key attribution

Impact The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the senderdevicekeys property. This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker collude...

RUSTSEC-2026-0159 Sender-binding gaps in to-device messages

The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the senderdevicekeys property. This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with ...

Multi-Copy Security in Unclonable Cryptography

Unclonable cryptography leverages the quantum no-cloning principle to copy-protect cryptographic functionalities. While most existing works address the basic single-copy security, the stronger notion of multi-copy security remains largely unexplored. We introduce a generic compiler that upgrades...

EUVD-2021-24146

Malware in sbrugna...

Optimal Untelegraphable Encryption and Implications for Uncloneable Encryption

We investigate the notion of untelegraphable encryption UTE, a quantum encryption primitive that is a special case of uncloneable encryption UE, where the adversary's capabilities are restricted to producing purely classical information rather than arbitrary quantum states. We present an...

Collusion-Driven Impersonation Attack on Channel-Resistant RF Fingerprinting

Radio frequency fingerprint RFF is a promising device identification technology, with recent research shifting from robustness to security due to growing concerns over vulnerabilities. To date, while the security of RFF against basic spoofing such as MAC address tampering has been validated, its...

On Anti-Collusion Codes for Averaging Attack in Multimedia Fingerprinting

Multimedia fingerprinting is a technique to protect the copyrighted contents against being illegally redistributed under various collusion attack models. Averaging attack is the most fair choice for each colluder to avoid detection, and also makes the pirate copy have better perceptional quality...

Invariant-Based Robust Weights Watermark for Large Language Models

Watermarking technology has gained significant attention due to the increasing importance of intellectual property IP rights, particularly with the growing deployment of large language models LLMs on billions resource-constrained edge devices. To counter the potential threats of IP theft by...

Towards Trustworthy Federated Learning with Untrusted Participants

Resilience against malicious participants and data privacy are essential for trustworthy federated learning, yet achieving both with good utility typically requires the strong assumption of a trusted central server. This paper shows that a significantly weaker assumption suffices: each pair of...

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...

NCorr-FP: a Neighbourhood-Based Correlation-Preserving Fingerprinting Scheme for Intellectual Property Protection of Structured Data

Ensuring data ownership and traceability of unauthorised redistribution are central to safeguarding intellectual property in shared data environments. Data fingerprinting addresses these challenges by embedding recipient-specific marks into the data, typically via content modifications. We propos...

CB-CPIR: Code-Based Computational Private Information Retrieval

A private information retrieval PIR scheme is a protocol that allows a user to retrieve a file from a database without revealing the identity of the desired file to a curious database. Given a distributed data storage system, efficient PIR can be achieved by making assumptions about the colluding...

Multi-delegate system opens exploits: vote amplification, collusion, rapid alternation, obscuring bribes.

Lines of code Vulnerability details Impact Allowing votes to be spread across multiple delegates does potentially open up new attack vectors if not handled carefully. Some ways this could potentially be exploited: A delegator spreads their votes thin across many dummy delegates they control to...

LienToken: Lender and liquidator can collude to block auction and seize collateral

Lines of code Vulnerability details If a lender offers a loan denominated in an ERC20 token that blocks transfers to certain addresses for example, the USDT and USDC blocklist, they may collude with a liquidator or act as the liquidator themselves to prevent loan payments, block all bids in the...

Dutch auction on-chain might work as expected

Lines of code Vulnerability details Impact Dutch auction on-chain for Page and Gobbler might work as expected. Bidders could spontaneously form some group to take advantage of the rule. The protocol will receive much less fund from auctions, effectively the auction funds being stolen. Proof of...

Executor and miner collusion and gas price

Lines of code Vulnerability details Impact The MATCHEXECUTOR can choose tx.gasprice and take the gas cost from a buyer. An executor can make a overly costly tx mined by a friendly miner and take extra profits. Proof of Concept and similar functions... Recommended Mitigation Steps There's no...

A week in security (August 16 – August 22)

Last week on Malwarebytes Labs: Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks. How to troubleshoot hardware problems that look like malware problems. Analysts “strongly believe” the Russian state colludes with ransomware gangs. macOS 11’s hidden security...

Analysts “strongly believe” the Russian state colludes with ransomware gangs

"We have the smoke, the smell of gunpowder and a bullet casing. But we do not have the gun to link the activity to the Kremlin." This is what Jon DiMaggio, Chief Security Stretegist for Analyst1, said in an interview with CBS News following the release of its latest whitepaper, entitled "Nation...

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...

CVE-2021-37588

In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data...