Hackable Robot Lawn Mower Unlocks a New Nightmare

Plus: Meta officially kills encrypted Instagram DMs, the Trump administration targets “violent left wing extremists,” leaked documents reveal Russia's school for elite hackers, and more...

Astra Linux - уязвимость в thunderbird

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird versions earlier than 128.4.3 and Thunderbird version 132.0.1...

CVE-2026-29131

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...

CVE-2026-2747

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...

Ireland Proposes Giving Police New Digital Surveillance Powers

This is coming: The Irish government is planning to bolster its police's ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use...

EUVD-2023-43720

Malicious code in bioql PyPI...

EUVD-2024-2571

Malicious code in bioql PyPI...

US Disrupts Massive Cell Phone Array in New York

This is a weird story: The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City. The agency said on Tuesday that last month it found more than 300 SIM servers and...

CVE-2023-41305

Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality...

CVE-2018-14062

The COSPAS-SARSAT protocol allows remote attackers to forge messages, replay encrypted messages, conduct denial of service attacks, and send private messages unrelated to distress alerts via a crafted 406 MHz digital signal...

OpenPGP.js's message signature verification can be spoofed

Impact A maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result while returning data that was not actually signed. This flaw allows signature verifications of inline non-detached signed messag...

CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...

CVE-2025-47934

OpenPGP.js CVE-2025-47934 affects versions prior to 5.11.3 and 6.1.1, where a maliciously modified message can cause openpgp.verify or openpgp.decrypt to return a valid signature verification while the data may not have been signed. This affects inline-signed messages and signed-and-encrypted mes...

CVE-2025-47934 OpenPGP.js's message signature verification can be spoofed

OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. Startinf in version 5.0.1 and prior to versions 5.11.3 and 6.1.1, a maliciously modified message can be passed to either openpgp.verify or openpgp.decrypt, causing these functions to return a valid signature verification result...

UBUNTU-CVE-2025-26842

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog...

CVE-2025-46632

Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...

Tenda RX2 Pro 安全漏洞

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. An information disclosure vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which can be exploited by an attacker to potentially cause decryption of encrypted messages...

CVE-2025-46632

CVE-2025-46632 affects Tenda RX2 Pro (firmware 16.03.30.14). The issue is IV reuse in the web management portal, enabling an attacker to discern information about, or more easily decrypt, messages between client and server. The exploitation details are not provided in the documents, but the CVSS ...

CVE-2025-46632

Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the personal developer Yukihiro Matsumoto. A security vulnerability exists in Ruby that stems from vulnerability to the Marvin attack, which allows an attacker to decrypt previously encrypted messages or forge...