Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011169)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011169 advisory. In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey ha...

Linux Distros Unpatched Vulnerability : CVE-2023-53810

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, t...

CVE-2023-53810 blk-mq: release crypto keyslot before reporting I/O complete

In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blkcryptokey has completed, filesystems can call blkcryptoevictkey. However, the block layer currently doesn't call blkcryptoputkeyslot until the...

Heracles: Chosen Plaintext Attack on AMD SEV-SNP

A whitepaper discussing an attack on AMD SEV-SNP called Heracles that was able to leak kernel memory, crypto keys, and user passwords, as well as demonstrate web session hijacking...

Rogue PyPI Library Solana Users, Steals Blockchain Wallet Keys

Cybersecurity researchers have discovered a new malicious package on the Python Package Index PyPI repository that masquerades as a library from the Solana blockchain platform but is actually designed to steal victims' secrets. "The legitimate Solana Python API project is known as 'solana-py' on...

CVE-2024-0532

A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects the function setrepeat5 of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapskcrypto24g/wpapskcrypto5g leads to...

PYSEC-2022-43172

The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges...

New Wslink Malware Loader Runs as a Server and Executes Modules in Memory

Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East. Codenamed "Wslink" by ESET, this previously undocumented malware stands apart from the rest in that it run...

GHSA-HJ5W-XGW9-W4RJ Malicious Package in coinstrng

All versions of this package contained malware. The package was designed to find and exfiltrate cryptocurrency wallets. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated...

RUSTSEC-2020-0006 Flaw in `realloc` allows reading unknown memory

When reallocing, if we allocate new space, we need to copy the old allocation's bytes into the new space. There are oldsize number of bytes in the old allocation, but we were accidentally copying newsize number of bytes, which could lead to copying bytes into the realloc'd space from past the chu...

DeathRansom Campaign Linked to Malware Cornucopia

An ongoing DeathRansom malware campaign has been found by researchers to be part of a larger collection of malicious offensives, all carried out by an actor going by the nickname “scat01.” According to Artem Semenchenko and Evgeny Ananin at FortiGuard Labs, evidence found on Russian underground...

ARM Mbedtls x509 ECDSA invalid public key Remote Code Execution Vulnerability(CVE-2017-2784)

Summary An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbedTLS 2.4.0. A specially crafted x509 certificate, when parsed by mbedTLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order ...

Multiple Vulnerabilities Identified in 'Utterly Broken' BHU Routers

Researchers have identified a router so fraught with vulnerabilities and so “utterly broken” that it can be exploited to do pretty much anything. An attacker could bypass its authentication, peruse sensitive information stored in the router’s system logs and even use the device to execute OS...

Crypto Panel Experts Clash on FBI-Apple Debate

SAN FRANCISCO—One would think that six of the smartest security people on the planet could come to some sort of collective conclusion on the FBI-Apple debate. But that wasn’t the case today during the annual Cryptographers’ Panel at RSA Conference. The debate over whether Apple should assist the...

Critical OpenSSH Flaw Leaks Private Crypto Keys to Hackers

A 'Serious' security vulnerability has been discovered and fixed in OpenSSH – one of the most widely used open-source implementations of the Secure Shell SSH Protocol. The critical vulnerability could be exploited by hackers to force clients to leak their secret private cryptographic keys,...

Facebook Takes Down Bitcoin Stealing Botnet that Infected 250,000 Computers

Once again Facebook is on The Hacker News! This time not for any scam or surveillance, but for a different reason. The social networking giant has managed to take down a Greek botnet that used Facebook to spread malware and infected 250,000 computers to mine crypto-currencies, steal bitcoins, ema...

Google Working On End-to-End Encryption for Gmail Service

Constant password breaches and Snowden revelations about Government Surveillance have raised many questions that why don’t cloud and email Services encrypt the data stored on their server? Revelations forced the popular Internet Giants such as Google and Yahoo to contemplate on the privacy and...

GitHub Search Down After Some Credentials and Crypto Keys Exposed

GitHub’s search capability remains dark Friday after it was discovered that the code-sharing site’s search feature could be used to dredge up passwords, private crypto keys, and other credentials developers use in their projects. GitHub is a popular collaboration site for open source software...

AIX5l with FTP-Server Remote Root Hash Disclosure Exploit

Exploit for linux platform in category remote exploits ========================================================= AIX5l with FTP-Server Remote Root Hash Disclosure Exploit ========================================================= AIXCOREDUMP.PL --- --== AIX5l w/ FTP-SERVER REMOTE ROOT HASH...