Linux Distros Unpatched Vulnerability : CVE-2024-46709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix prime with external buffers Make sure that for external buffers mapping goes...

Compliance Without Coverage is a Risk: How to Close the Gaps with Qualys Policy Audit

Modern compliance and security programs often fail due to technology blind spots rather than weak policies or procedures. Today's IT environments, spanning hybrid, cloud-native, containerized, and legacy platforms, introduce complexities that traditional compliance tools can't fully address. When...

[SECURITY] Fedora 41 Update: perl-Devel-Cover-1.44-6.fc41

This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an...

[SECURITY] Fedora 42 Update: perl-Devel-Cover-1.44-6.fc42

This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an...

Enhancing Software Vulnerability Detection through Adaptive Test Input Generation Using Genetic Algorithm

Software vulnerabilities continue to undermine the reliability and security of modern systems, particularly as software complexity outpaces the capabilities of traditional detection methods. This study introduces a genetic algorithm-based method for test input generation that innovatively...

Lightweight Fault Detection Architecture for NTT on FPGA

Post-Quantum Cryptographic PQC algorithms are mathematically secure and resistant to quantum attacks but can still leak sensitive information in hardware implementations due to natural faults or intentional fault injections. The intent fault injection in side-channel attacks reduces the reliabili...

Malicious code in solidity-coverage (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-6589 Malicious code in solidity-coverage (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Go Assembly Mutation Testing

While maintaining and developing the Go cryptography standard library, we often spend significantly more time on testing than on implementation. That’s good and an important part of how we achieve our excellent security track record. Ideally, this would be especially true for the least safe parts...

aflnet

It is an offensive tool for network protocols. AFLNet is a greybox fuzzer for protocol implementations. It takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process. AFLNet is seeded with a corpus of recorded message exchanges between...

Malicious code in coverage-v8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f834a92fcc0d512c74e8e4a449bb0b3fbd2f2e7d6718bf86996721c2adc1457 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-5833 Malicious code in coverage-v8 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f834a92fcc0d512c74e8e4a449bb0b3fbd2f2e7d6718bf86996721c2adc1457 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2025-38238

In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fix crash in fnicwqcmplhandler when FDMI times out When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same fram...

Hybrid Approach to Directed Fuzzing

Program analysis and automated testing have recently become an essential part of SSDLC. Directed greybox fuzzing is one of the most popular automated testing methods that focuses on error detection in predefined code regions. However, it still lacks ability to overcome difficult program...

FrameShift: Learning to Resize Fuzzer Inputs without Breaking Them

Coverage-guided fuzzers are powerful automated bug-finding tools. They mutate program inputs, observe coverage, and save any input that hits an unexplored path for future mutation. Unfortunately, without knowledge of input formats--for example, the relationship between formats' data fields and...

RVISmith: Fuzzing Compilers for RVV Intrinsics

Modern processors are equipped with single instruction multiple data SIMD instructions for fine-grained data parallelism. Compiler auto-vectorization techniques that target SIMD instructions face performance limitations due to insufficient information available at compile time, requiring...

GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them

The GitHub Advisory Database Advisory DB is a vital resource for developers, providing a comprehensive list of known security vulnerabilities and malware affecting open source packages. This post analyzes trends in the Advisory DB, highlighting the growth in reviewed advisories, ecosystem coverag...

LLM-Based Dynamic Differential Testing for Database Connectors with Reinforcement Learning-Guided Prompt Selection

Database connectors are critical components enabling applications to interact with underlying database management systems DBMS, yet their security vulnerabilities often remain overlooked. Unlike traditional software defects, connector vulnerabilities exhibit subtle behavioral patterns and are...

Qualys VMDR Wins at 2025 SC Awards Europe for Best Vulnerability Management Solution

We’re excited to share that Qualys VMDR Vulnerability Management, Detection, and Response has won the Best Vulnerability Management Solution for 3 years in row at 2025 SC Awards Europe , recognizing its market-leading innovation and measurable impact in reducing cyber risk for businesses worldwid...

Enhancements to Akamai API Security, Q2 2025

Akamai API Security updates 3.48 and 3.49 include Compliance Dashboard enhancements, integration with Zuplo API gateway, and expanded sensor coverage...