20 matches found
Rethinking Cybersecurity Ontology Classification and Evaluation: Towards a Credibility-Centered Framework
This paper analyzes the proliferation of cybersecurity ontologies, arguing that this surge cannot be explained solely by technical shortcomings related to quality, but also by a credibility deficit - a lack of trust, endorsement, and adoption by users. This conclusion is based on our first...
Malicious code in auis-lepaod-matania (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bd120299123fc8f7fbbef120199827379613db8717effa2799f14a86a18dcfe This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-164662 Malicious code in rino-poke19 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a01864ac034202b556dc83ca45b43f890164f7f101de559a8d273ea44accb3e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-112512 Malicious code in academic_ant_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 417564e43abc59acf4376acd513e83693b6eb1b9725fe17e5e429a8392768f6a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-111013 Malicious code in worrying_gamefowl-biggestdev (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8688549b03ce7fbb5f09ed922ea71740cbee3f80653cffc4b03d99aa0e4dc064 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
LRCTI: a Large Language Model-Based Framework for Multi-Step Evidence Retrieval and Reasoning in Cyber Threat Intelligence Credibility Verification
Verifying the credibility of Cyber Threat Intelligence CTI is essential for reliable cybersecurity defense. However, traditional approaches typically treat this task as a static classification problem, relying on handcrafted features or isolated deep learning models. These methods often lack the...
EventHunter: Dynamic Clustering and Ranking of Security Events from Hacker Forum Discussions
Hacker forums provide critical early warning signals for emerging cybersecurity threats, but extracting actionable intelligence from their unstructured and noisy content remains a significant challenge. This paper presents an unsupervised framework that automatically detects, clusters, and...
Immutability Does Not Guarantee Trust: a Formal and Logical Refutation
It is frequently claimed in blockchain discourse that immutability guarantees trust. This paper rigorously refutes that assertion. We define immutability as the cryptographic persistence of historical states in an append-only data structure and contrast it with trust, understood as a rational...
E-FreeM2: Efficient Training-Free Multi-Scale and Cross-Modal News Verification Via MLLMs
The rapid spread of misinformation in mobile and wireless networks presents critical security challenges. This study introduces a training-free, retrieval-based multimodal fact verification system that leverages pretrained vision-language models and large language models for credibility assessmen...
HackerOne: Able to Create Testimonials for myself using Sandbox
The vulnerability allowed hackers to create and display self-authored testimonials on their public profiles. This was achieved by creating a sandbox program on HackerOne and inviting an alternate account. The alternate account could submit reports to the sandbox program, and the primary account,...
New Phishing Kit Leverages SMS, Voice Calls to Target Cryptocurrency Users
A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that's designed to primarily target mobile devices. "This kit enables attackers to build carbon copies of single sign-on SSO pages, the...
unwrap function in Pair.sol can be exploited by a malicious user to exchange less expensive NFT's for more expensive ones in the pool
Lines of code Vulnerability details Impact nftRemove function burns lpTokens and releases baseTokenAmount and fractionalTokenAmount and then burns the fractionalTokenAmount to unwrap the NFT that is released back to the sender. At the time of unwrapping, code does not check if the tokenIds...
Discrepancies between document and code implementation
Lines of code Vulnerability details Impact This will tarnish the credibility of the system. Proof of Concept Document says buyout time as 3 days. But the code is implemented with 5 days as buyout time. Tools Used Manual verification Recommended Mitigation Steps Implement the code as per what...
Forrester report for Rapid7: number juggling and an excellent overview of Vulnerability Management problems
I recently read Forrester's 20-page report "The Total Economic Impact Of Rapid7 InsightVM". It is about the Cost Savings And Business Benefits that Vulnerability Management solution can bring to the organizations. In short, I didn't like everything related to money. It seems like juggling with...
Managed Defense: The Analytical Mindset
When it comes to cyber security managed services or otherwise, youâre ultimately reliant on analyst expertise to keep your environment safe. Products and intelligence are necessary pieces of the security puzzle to generate detection signal and whittle down the alert chaff, but in the end, an...
Three-Fourths of Consumers Don't Trust Facebook, Threatpost Poll Finds
As Facebook privacy-related incidents continue to pile up, a new Threatpost poll found that a whopping three-fourths of respondents no longer trust the social-media giant. The negative sentiment, reflected in a Thursday Threatpost poll of over 130 security professionals, comes as Facebook faces a...
Cyber Security Training Courses â CISA, CISM, CISSP Certifications
Believe it or not, but any computer connected to the Internet is vulnerable to cyber attacks. With more money at risk and data breaches at a rise, more certified cybersecurity experts and professionals are needed by every corporate and organisation to prevent themselves from hackers and cyber...
Social network poisoning - They are Following you Everywhere !
Note : This Article is taken from Most Comprehensive and Informative IT Security Magazine by The Hacker News - December Edition Download Here "Be Social" is the imperative of the last years. We live alternative lives, weave dense networks of relationships; we feel the irrepressible urge to be par...
Securing Your Security Budget: A Failure To Communicate
With increasingly sophisticated exploits and well-informed adversaries targeting systems and data â fighting for more security budget is essential. Too bad, then, that management doesnât always agree. Why doesnât management always see the threats same as many security processionals? Maybe the...
Netscape SmartDownload 1.3 Buffer Overflow Vulnerability
--------------------------------------------------------------------------- Security Alert Subject: Netscape SmartDownload 1.3 Buffer Overflow Vulnerability BUGTRAQ ID: 2615 CVE ID: CAN-2001-0262 Published: April 13, 2001 Updated: April 18, 2001 Remote: Yes Local: No Class: Boundary Condition Err...