MAL-2025-47010 Malicious code in @pa-client/power-code-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60c9037c2e5ca709c20fd2beb65a40e9649cbc3735c1989647ba5aae2889672d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in netflix-dea (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54b29496c035b21772b6474b4da2740f75b84c0dfeb189436edf4f9134c6730b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47097 Malicious code in json-rules-engine-examples (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3c055e3188c933741c505c8cf3361cb2eea0557c98870f8b1b963fe27ae7a21a Any computer that has this package installed or running should be considered...

AgentSentinel: an End-To-End and Real-Time Security Defense Framework for Computer-Use Agents

Large Language Models LLMs have been increasingly integrated into computer-use agents, which can autonomously operate tools on a user's computer to accomplish complex tasks. However, due to the inherently unstable and unpredictable nature of LLM outputs, they may issue unintended tool commands or...

Backdoor Attacks and Defenses in Computer Vision Domain: a Survey

Backdoor trojan attacks embed hidden, controllable behaviors into machine-learning models so that models behave normally on benign inputs but produce attacker-chosen outputs when a trigger is present. This survey reviews the rapidly growing literature on backdoor attacks and defenses in the...

MAL-2025-42157 Malicious code in yui2-animation (npm)

The package yui2-animation was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 075f8fc51a15a005755c226c80fb0355dda105449ade6f949deced74ddbd7b56 Any computer that has this package installed or running should be considered fully...

MAL-2025-42145 Malicious code in logging-winston (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0433a58c0d2019ba753b2ac69bc12319ce704bc3fcf7ff537ccea2164e1e8f31 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rtk-wake (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fc493187ac88a35f426edb64ab97f58fcd188ce208058c832d5bd05143ec899 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

scsi: ufs: qcom: Only free platform MSIs when ESI is enabled

...

Malicious code in library-website (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 152fbdb0c3259bb6ed24b96039f38d3db3bc716822511da408febc45fc2e93a6 Any computer that has this package installed or running should be considered...

1965 Cryptanalysis Training Workbook Released by the NSA

In the early 1960s, National Security Agency cryptanalyst and cryptanalysis instructor Lambros D. Callimahos coined the term "Stethoscope" to describe a diagnostic computer program used to unravel the internal structure of pre-computer ciphertexts. The term appears in the newly declassified...

[SECURITY] Fedora 42 Update: rocm-rpp-6.3.1-3.fc42

AMD ROCm Performance Primitives RPP library is a comprehensive, high-performance computer vision library for AMD processors that have HIP, OpenCL, or CPU backends...

LLMs in the SOC: an Empirical Study of Human-AI Collaboration in Security Operations Centres

The integration of Large Language Models LLMs into Security Operations Centres SOCs presents a transformative, yet still evolving, opportunity to reduce analyst workload through human-AI collaboration. However, their real-world application in SOCs remains underexplored. To address this gap, we...

CVE-2025-53795

Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network...

CVE-2025-53795 Microsoft PC Manager Elevation of Privilege Vulnerability

...

USN-7701-3 linux-iot vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - SMB network file system; - Bluetooth...

USN-7701-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - SMB network file system; - Bluetooth...

CVE-2025-8098

An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges...

CVE-2025-8098

CVE-2025-8098 pertains to Lenovo PC Manager and is documented as an improper permission vulnerability that could enable local privilege escalation. Public details in connected sources consistently cite a local attack vector with low complexity and require low privileges, resulting in high confide...

PT-2025-33694

Name of the Vulnerable Software and Affected Versions: Lenovo PC Manager affected versions not specified Description: An improper permission vulnerability exists in Lenovo PC Manager that could allow a local attacker to escalate privileges. Recommendations: At the moment, there is no information...