Quantum Secure Biometric Authentication in Decentralised Systems

Biometric authentication has become integral to digital identity systems, particularly in smart cities where it en-ables secure access to services across governance, trans-portation, and public infrastructure. Centralised archi-tectures, though widely used, pose privacy and scalabil-ity challenge...

AIAuditTrack: A Framework for AI Security System

The rapid expansion of AI-driven applications powered by large language models has led to a surge in AI interaction data, raising urgent challenges in security, accountability, and risk traceability. This paper presents AiAuditTrack AAT, a blockchain-based framework for AI usage traffic recording...

EUVD-2020-0088

Malware in sbrugna...

EUVD-2024-0310

Malicious code in bioql PyPI...

EUVD-2022-0124

Malicious code in bioql PyPI...

From Semantic Web and MAS to Agentic AI: a Unified Narrative of the Web of Agents

The concept of the Web of Agents WoA, which transforms the static, document-centric Web into an environment of autonomous agents acting on users' behalf, has attracted growing interest as large language models LLMs become more capable. However, research in this area is still fragmented across...

A Novel Zero-Trust Identity Framework for Agentic AI: Decentralized Authentication and Fine-Grained Access Control

Traditional Identity and Access Management IAM systems, primarily designed for human users or static machine identities via protocols such as OAuth, OpenID Connect OIDC, and SAML, prove fundamentally inadequate for the dynamic, interdependent, and often ephemeral nature of AI agents operating at...

Did:Self a Registry-Less DID Method

We introduce did:self, a Decentralized Identifier DID method that does not depend on any trusted registry for storing the corresponding DID documents. Information for authenticating a did:self subject can be disseminated using any means and without making any security assumption about the deliver...

CVE-2020-11093

Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the...

CVE-2024-43477

Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant...

CVE-2024-43477

CVE-2024-43477 concerns an improper access control flaw in Decentralized Identity Services within Microsoft Entra ID. The vulnerability allows an unauthenticated attacker to disable Verifiable IDs on a different tenant, effectively an elevation of privilege scenario for the affected identity serv...

Microsoft Entra ID Elevation of Privilege Vulnerability

Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant...

PT-2024-30590 · Unknown · Decentralized Identity Services

Name of the Vulnerable Software and Affected Versions: Decentralized Identity Services affected versions not specified Description: The issue is related to improper access control in Decentralized Identity Services, allowing an unauthenticated attacker to disable Verifiable ID's on another tenant...

Format string

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

CVE-2024-21669 Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC

Hyperledger Aries Cloud Agent Python ACA-Py is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs LDP-VCs, the result of verifying the presentation...

CVE-2024-21669

Hyperledger Aries Cloud Agent Python (ACA-Py) contains CVE-2024-21669: when verifying W3C JSON-LD Verifiable Credentials with Linked Data Proofs (LDP-VCs), the result of validating document.proof is not factored into the final presentation verification. This allows holders to present incorrectly ...

LinkedIn and Microsoft Entra introduce a new way to verify your workplace

In the digital world, when you meet professional contacts for the first time online, you need additional trust signals to increase your confidence that they are who they say they are. We’re thrilled to announce that millions of LinkedIn members will be able to verify their place of work with a...

CVE-2022-31006 Hyperledger Indy DOS vulnerability

indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose...

CVE-2022-31006

CVE-2022-31006 affects Hyperledger Indy’s indy-node server. In vulnerable versions, an attacker can exhaust the ledger’s allowed client connections, causing a denial of service where the ledger remains functionally operable but unavailable to others until the attack ends. The impact is availabili...

Remote code execution

Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...