Advanced File Destination - Critical - Multiple vulnerabilities - SA-CONTRIB-2025-057

The Advanced File Destination module enhances file upload management in Drupal by allowing users to choose and create custom directories during file uploads. The module has multiple vulnerabilities that were reported through the Drupal Security Team's coordinated vulnerability process. The projec...

Measuring the Accuracy and Effectiveness of PII Removal Services

This paper presents the first large-scale empirical study of commercial personally identifiable information PII removal systems -- commercial services that claim to improve privacy by automating the removal of PII from data broker's databases. Popular examples of such services include DeleteMe,...

RuleGenie: SIEM Detection Rule Set Optimization

SIEM systems serve as a critical hub, employing rule-based logic to detect and respond to threats. Redundant or overlapping rules in SIEM systems lead to excessive false alerts, degrading analyst performance due to alert fatigue, and increase computational overhead and response latency for actual...

An Empirical Study of Fuzz Harness Degradation

The purpose of continuous fuzzing platforms is to enable fuzzing for software projects via \emphfuzz harnesses -- but as the projects continue to evolve, are these harnesses updated in lockstep, or do they run out of date? If these harnesses remain unmaintained, will they \emphdegrade over time i...

Malicious code in jest-coverage-merge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ba5a5156001dc5905f26356e46ed61644f2bf619e0156e1a4dca3ea75fc21f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3629 Malicious code in jest-coverage-merge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4ba5a5156001dc5905f26356e46ed61644f2bf619e0156e1a4dca3ea75fc21f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Empc: Effective Path Prioritization for Symbolic Execution with Path Cover

Symbolic execution is a powerful program analysis technique that can formally reason the correctness of program behaviors and detect software bugs. It can systematically explore the execution paths of the tested program. But it suffers from an inherent limitation: path explosion. Path explosion...

Targeted Fuzzing for Unsafe Rust Code: Leveraging Selective Instrumentation

Rust is a promising programming language that focuses on concurrency, usability, and security. It is used in production code by major industry players and got recommended by government bodies. Rust provides strong security guarantees achieved by design utilizing the concepts of ownership and...

Disassembly As Weighted Interval Scheduling with Learned Weights

Disassembly is the first step of a variety of binary analysis and transformation techniques, such as reverse engineering, or binary rewriting. Recent disassembly approaches consist of three phases: an exploration phase, that overapproximates the binary's code; an analysis phase, that assigns...

[SECURITY] Fedora 40 Update: perl-Devel-Cover-1.40-9.fc40

This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an...

DejaVuzz: Disclosing Transient Execution Bugs with Dynamic Swappable Memory and Differential Information Flow Tracking Assisted Processor Fuzzing

Transient execution vulnerabilities have emerged as a critical threat to modern processors. Hardware fuzzing testing techniques have recently shown promising results in discovering transient execution bugs in large-scale out-of-order processor designs. However, their poor microarchitectural...

[SECURITY] Fedora 41 Update: perl-Devel-Cover-1.44-4.fc41

This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an...

[SECURITY] Fedora 42 Update: perl-Devel-Cover-1.44-5.fc42

This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an...

CVE-2025-23130

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic once fallocation fails for pinfile syzbot reports a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2746! CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted...

UBUNTU-CVE-2025-23130

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic once fallocation fails for pinfile syzbot reports a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/segment.c:2746! CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted...

Following the News: MITRE’s Common Vulnerabilities and Exposures (CVE) Funding

The current situation On April 16, CISA extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures CVE program. This was in response to a letter sent by MITRE on April 15 to CVE board members warning of a potential issue with MITRE's support for the CVE...

Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As...

CVE-2024-57994

In the Linux kernel, the following vulnerability has been resolved: ptrring: do not block hard interrupts in ptrringresizemultiple Jakub added a lockdepassertnohardirq check in pagepoolputpage to increase test coverage. syzbot found a splat caused by hard irq blocking in ptrringresizemultiple 1 A...

Deepseek: Why it Matters and What the Press Got Wrong

...

grcov has an out of bounds write triggered by crafted coverage data

Function grcov::covdir::getcoverage uses the unsafe function getuncheckedmut without validating that the index is in bounds. This results in memory corruption, and could potentially allow arbitrary code execution provided that an attacker can feed the tool crafted coverage data...