Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the...

CVE-2021-41593

Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure...

CVE-2021-41591

ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure...

EUVD-2021-28606

Malicious code in bioql PyPI...

EUVD-2021-28607

Malicious code in bioql PyPI...

CVE-2021-41592

Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure...

Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers

A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the...

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...

PT-2025-19714 · Unknown · Output Messenger

Name of the Vulnerable Software and Affected Versions: Output Messenger versions prior to 2.0.63 Description: The issue is related to a directory traversal vulnerability in the Output Messenger Server Manager application. This vulnerability allows remote attackers to access sensitive files outsid...

How to Stop Google From Deleting Your Inactive Account

Your inactive profiles, like Gmail or Docs, could turn into digital dust later this year. A few clicks can save them...

Bid's array can be overloaded with dust bids to break AuctionDemo funcionality.

Lines of code Vulnerability details Description Bids to the auction can be created using any msg.value via participateToAuction method and are stored in an array within the mapping auctionInfoData. However, all important methods claimAuction, returnHighestBid, returnHighestBidder,...

RecollateralizationLibP1.basketRange calculates deficit incorrectly

Lines of code Vulnerability details Impact RecollateralizationLibP1.basketRange calculates deficit incorrectly. so recollateralization may be not efficient. Proof of Concept RecollateralizationLibP1.basketRange calculates range.bottom for pessimistic case. // tok = tok/BU BU uint192 anchor =...

Mitigation of M-11: Issue NOT mitigated

Mitigated issue M-11: Residual ETH unreachable and unuitilized in SafEth.sol The issue was that the rounding losses from partitioning msg.value in stake and rebalanceToWeights was left irretrievably in the contract. Mitigation review Previously rebalanceToWeights withdrew all staked funds and...

Upgraded Q -> 2 from #623 [1682589089611]

Judge has assessed an item in Issue 623 as 2 risk. The relevant finding follows: L‑05 Stuck dust in SafEth contract for division When stake in the contract SafEth some WEIs could be stuck in the contract because the equation uint256 ethAmount = msg.value weight / totalWeight;, in example: ethAmou...

Malicious code in utils-dust (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc48096a3c9ec1e7db0ddab8489b841ccde69100000ded1c48c7cd9a87426520 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-929 Malicious code in utils-dust (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc48096a3c9ec1e7db0ddab8489b841ccde69100000ded1c48c7cd9a87426520 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Value of totalProfit might be wrong because of wrong logic in function sellMalt()

Lines of code Vulnerability details Impact Contract SwingTraderManager has a totalProfit variable. It keeps track of total profit swing traders maded during sellMalt. However, the logic for accounting it is wrong so it will not have the correct value. As the results, it can affect other contracts...

Dust.js 安全漏洞

Dust.js is a LinkedIn open source asynchronous Javascript template for browsers and servers. A security vulnerability exists in Dust.js version 3.0.0, which stems from some unknown functionality that manipulates to cause improperly controlled modification of object prototype properties "prototype...

Upgraded Q -> M from #164 [1668687728737]

Judge has assessed an item in Issue 164 as M risk. The relevant finding follows: 01 Lack of check if dust ether transfer is successful --- The text was updated successfully, but these errors were encountered: All reactions...