CVE-2026-10557

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

EUVD-2026-36434

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

CVE-2026-52757 Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation

Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge function during the variable merging pass. Attackers can trigger this vulnerability by crafting a binary that causes stale pointers in the HighIntersectTest::highedgemap cache to be dereference...

Automatically Attacking Software Reverse Engineering AI Agents

Software tools for reverse engineering executable binary files, such as Ghidra, enable malware analysts to safely conduct robust static analysis without having access to original source code. Coupled with the analytic power of large language models LLM, agentic systems enabled with tools, such as...

Constraint-Guided Multi-Agent Decompilation for Executable Binary Recovery

Decompilation -- recovering source code from compiled binaries -- is essential for security analysis, malware reverse engineering, and legacy software maintenance. However, existing decompilers produce code that often fails to compile or execute correctly, limiting their practical utility. We...

LLM4CodeRE: Generative AI for Code Decompilation Analysis and Reverse Engineering

Code decompilation analysis is a fundamental yet challenging task in malware reverse engineering, particularly due to the pervasive use of sophisticated obfuscation techniques. Although recent large language models LLMs have shown promise in translating low-level representations into high-level...

Fickling has safety check bypass via REDUCE+BUILD opcode sequence

Assessment It is believed that the analysis pass works as intended, REDUCE and BUILD are not at fault here. The few potentially unsafe modules have been added to the blocklist https://github.com/trailofbits/fickling/commit/0c4558d950daf70e134090573450ddcedaf10400. Original report Summary All 5 of...

Detection Bypass

fickling is vulnerable to detection bypass. The vulnerability is due to improper handling and analysis of Python builtins during pickle decompilation, which allows an attacker to bypass detection mechanisms and evade static analysis of malicious pickle payloads...

A Decompilation-Driven Framework for Malware Detection with Large Language Models

The parallel evolution of Large Language Models LLMs with advanced code-understanding capabilities and the increasing sophistication of malware presents a new frontier for cybersecurity research. This paper evaluates the efficacy of state-of-the-art LLMs in classifying executable code as either...

MalCVE: Malware Detection and CVE Association Using Large Language Models

Malicious software attacks are having an increasingly significant economic impact. Commercial malware detection software can be costly, and tools that attribute malware to the specific software vulnerabilities it exploits are largely lacking. Understanding the connection between malware and the...

EUVD-2007-0018

Malware in sbrugna...

EUVD-2018-6488

Malware in sbrugna...

EUVD-2025-10388

Malicious code in bioql PyPI...

EUVD-2025-32195

Malicious code in bioql PyPI...

EUVD-2021-30442

Malicious code in bioql PyPI...

EUVD-2025-32196

Malicious code in bioql PyPI...

CVE-2025-59405

The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompil...

CVE-2025-59405

The CVE-2025-59405 entry concerns the Flock Safety Peripheral Android app (com.flocksafety.android.peripheral) version 7.38.3, deployed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices. Root cause: a cleartext DataDog API key is embedded in the client-side codebase, e...

pwntools

This is a CTF framework and exploit development library. It is a Python library for exploit development and reverse engineering. The library provides a set of tools for creating and executing exploits, as well as for analyzing and debugging binary files. The library is designed to be extensible a...

VulBinLLM: LLM-Powered Vulnerability Detection for Stripped Binaries

Recognizing vulnerabilities in stripped binary files presents a significant challenge in software security. Although some progress has been made in generating human-readable information from decompiled binary files with Large Language Models LLMs, effectively and scalably detecting vulnerabilitie...