LLM-Assisted Deanonymization

Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, our method identifies users with high precision ­ and scales to tens of thousands of...

BIT-MOODLE-2025-3628 Moodle: moodle assignment submission search leaks anonymous student identities

A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...

Time Will Tell: Large-Scale De-Anonymization of Hidden I2P Services Via Live Behavior Alignment (Extended Version)

I2P Invisible Internet Project is a popular anonymous communication network. While existing de-anonymization methods for I2P focus on identifying potential traffic patterns of target hidden services among extensive network traffic, they often fail to scale effectively across the large and diverse...

Video call app Huddle01 exposed 600K+ user logs

The Cybernews research team found that video call app Huddle01 exposed email addresses, real names, and other identifiers through an unprotected Kafka broker. Think of an unprotected Kafka broker like a post office that stores and delivers confidential mail. Now, imagine the manager leaves the...

EUVD-2018-3732

Malware in sbrugna...

EUVD-2019-2775

Malware in sbrugna...

EUVD-2023-40614

Malicious code in bioql PyPI...

EUVD-2022-51202

Malicious code in bioql PyPI...

CVE-2022-48506

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct ICP and ICP2 and ImageCast Evolution ICE scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of...

Automated Profile Inference with Language Model Agents

Impressive progress has been made in automated problem-solving by the collaboration of large language models LLMs based agents. However, these automated capabilities also open avenues for malicious applications. In this paper, we study a new threat that LLMs pose to online pseudonymity, called...

Inference Attacks for X-Vector Speaker Anonymization

We revisit the privacy-utility tradeoff of x-vector speaker anonymization. Existing approaches quantify privacy through training complex speaker verification or identification models that are later used as attacks. Instead, we propose a novel inference attack for de-anonymization. Our attack is...

UBUNTU-CVE-2025-3628

A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...

GLSA-202407-28 : Freenet: Deanonymization Vulnerability

The remote host is affected by the vulnerability described in GLSA-202407-28 Freenet: Deanonymization Vulnerability This release fixes a severe vulnerability in path folding that allowed to distinguish between downloaders and forwarders with an adapted node that is directly connected via opennet...

RHEL 6 : webkitgtk (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-30954...

Exploit for CVE-2024-30851

Jasmin ransomware web panel path traversal PoC EducationalPur...

Rocky Linux 8 : GNOME (RLSA-2019:3553)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:3553 advisory. - WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video HLS, DASH, ...

CVE-2023-36671

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. Thi...

UBUNTU-CVE-2023-36671

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. Thi...

CVE-2023-36671

CVE-2023-36671 affects the Clario VPN client for macOS (versions up to 5.9.1.1662). The issue arises when the client configures the OS so that all IP traffic destined for the VPN server’s IP is sent in plaintext outside the VPN tunnel, even if the traffic isn’t generated by the VPN client. This c...

PT-2023-6276 · Clario · Clario Vpn Client

Name of the Vulnerable Software and Affected Versions: Clario VPN client versions 5.9.1.1662 and earlier Description: The issue is related to the insecure configuration of the operating system by the Clario VPN client, which allows all IP traffic to the VPN server's IP address to be sent in...