NewStart CGSL MAIN 6.06 (SP) : openssh Multiple Vulnerabilities (NS-SA-2026-0003)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has openssh packages installed that are affected by multiple vulnerabilities: - The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control...

CVE-2026-1775

The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device...

EUVD-2026-9324

The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device...

CVE-2026-1775

The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device...

CVE-2026-1775

The CVE-2026-1775 entry concerns Labkotec LID-3300IP ice detector software with a missing authentication for a critical function. An unauthenticated attacker can alter device parameters and execute operational commands by sending specially crafted packets to the device. According to the provided ...

CVE-2026-1775

The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially crafted packets are sent to the device...

Gravity Falls: A Comparative Analysis of Domain-Generation Algorithm (DGA) Detection Methods for Mobile Device Spearphishing

Mobile devices are frequent targets of eCrime threat actors through SMS spearphishing smishing links that leverage Domain Generation Algorithms DGA to rotate hostile infrastructure. Despite this, DGA research and evaluation largely emphasize malware C2 and email phishing datasets, leaving limited...

Labkotec LID-3300IP 访问控制错误漏洞

The Labkotec LID-3300IP is an ice detector developed by the Finnish company Labkotec. The Labkotec LID-3300IP has a security vulnerability related to access control. This vulnerability stems from defects in the ice detector software, which may allow unauthorized attackers to modify device...

PT-2026-22826

Name of the Vulnerable Software and Affected Versions Labkotec LID-3300IP affected versions not specified Description The Labkotec LID-3300IP ice detector software contains a flaw that allows an unauthenticated attacker to modify device settings and execute commands by sending crafted network...

Recovery-Induced Erasure Attack on QKD Systems

Detector dead time is typically treated as a fixed parameter in quantum key distribution QKD security analyses. In practice, however, the effective recovery time of single-photon avalanche photodiodes SPADs depends on the incident count rate. In this work, we demonstrate that this...

A week in security (February 23 – March 1)

Last week on Malwarebytes Labs: Public Google API keys can be used to expose Gemini AI data Inside a fake Google security check that becomes a browser RAT Fake Zoom and Google Meet scams install Teramind: A technical deep dive How to understand and avoid Advanced Persistent Threats The Conduent...

Phishing the Phishers with SpecularNet: Hierarchical Graph Autoencoding for Reference-Free Web Phishing Detection

Phishing remains the most pervasive threat to the Web, enabling large-scale credential theft and financial fraud through deceptive webpages. While recent reference-based and generative-AI-driven phishing detectors achieve strong accuracy, their reliance on external knowledge bases, cloud services...

ARM C1-Pro 安全漏洞

The ARM C1-Pro is a high-precision gas detector developed by ARM Corporation. Previous versions of the ARM C1-Pro, such as r1p2-50eac0, had security vulnerabilities. These vulnerabilities stemmed from the fact that the TLBI+DSB component might not be able to ensure proper memory access related to...

MultiVer: Zero-Shot Multi-Agent Vulnerability Detection

We present MultiVer, a zero-shot multi-agent system for vulnerability detection that achieves state-of-the-art recall without fine-tuning. A four-agent ensemble security, correctness, performance, style with union voting achieves 82.7% recall on PyVul, exceeding fine-tuned GPT-3.5 81.3% by 1.4...

cyart-vapt-week-2

cyart-vapt-team This repository contains the Week 2 VAPT lab w...

Resource-Aware Deployment Optimization for Collaborative Intrusion Detection in Layered Networks

Collaborative Intrusion Detection Systems CIDS are increasingly adopted to counter cyberattacks, as their collaborative nature enables them to adapt to diverse scenarios across heterogeneous environments. As distributed critical infrastructure operates in rapidly evolving environments, such as...

Rethinking Security of Diffusion-Based Generative Steganography

Generative image steganography is a technique that conceals secret messages within generated images, without relying on pre-existing cover images. Recently, a number of diffusion model-based generative image steganography DM-GIS methods have been introduced, which effectively combat traditional...

StealthRL: Reinforcement Learning Paraphrase Attacks for Multi-Detector Evasion of AI-Text Detectors

AI-text detectors face a critical robustness challenge: adversarial paraphrasing attacks that preserve semantics while evading detection. We introduce StealthRL, a reinforcement learning framework that stress-tests detector robustness under realistic adversarial conditions. StealthRL trains a...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds via the apriltagdetectordetect function. An attacker can cause memory corruption by providing crafted input to this function during local execution. Remediation A fix was pushed into the master branch but not yet published...

CVE-2026-2246

A security vulnerability has been detected in AprilRobotics apriltag up to 3.4.5. Affected by this vulnerability is the function apriltagdetectordetect of the file apriltag.c. The manipulation leads to memory corruption. The attack must be carried out locally. The exploit has been disclosed...