Linux Distros Unpatched Vulnerability : CVE-2019-10732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts...

JWE is missing AES-GCM authentication tag validation in encrypted JWE

Overview The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. Impact - JWEs can be modified to decrypt to an arbitrary value - JWEs can be decrypted by observing parsing differences - The...

CVE-2025-50234

MCCMS v2.7.0 has an SSRF vulnerability located in the index method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the sysauth$pic, 1 function, which utilizes a hard-coded key McEncryptionKey bD2voYwPpNuJ7B8, defined in the...

Measuring the Carbon Footprint of Cryptographic Privacy-Enhancing Technologies

Privacy-enhancing technologies PETs have attracted significant attention in response to privacy regulations, driving the development of applications that prioritize user data protection. At the same time, the information and communication technology ICT sector faces growing pressure to reduce its...

Experimental Evaluation of Post-Quantum Homomorphic Encryption for Privacy-Preserving V2X Communication

Intelligent Transportation Systems ITS fundamentally rely on vehicle-generated data for applications such as congestion monitoring and route optimization, making the preservation of user privacy a critical challenge. Homomorphic Encryption HE offers a promising solution by enabling computation on...

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats

Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been targeting embassies located in Moscow using an adversary-in-the-middle AiTM position to deploy their custom ApolloShadow malware. ApolloShadow has the...

CVE-2025-54422

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory,...

Malleability-Resistant Encrypted Control System with Disturbance Compensation and Real-Time Attack Detection

This study proposes an encrypted PID control system with a disturbance observer DOB using a keyed-homomorphic encryption KHE scheme, aiming to achieve control performance while providing resistance to malleability-based attacks. The controller integrates a DOB with a PID structure to compensate f...

How the FBI got everything it wanted (re-air) (Lock and Code S06E15)

This week on the Lock and Code podcast… For decades, digital rights activists, technologists, and cybersecurity experts have worried about what would happen if the US government secretly broke into people’s encrypted communications. The weird thing, though, is that, in 2018, it already happened...

How the FBI got everything it wanted (re-air) (Lock and Code S06E15)

This week on the Lock and Code podcast… For decades, digital rights activists, technologists, and cybersecurity experts have worried about what would happen if the US government secretly broke into people’s encrypted communications. The weird thing, though, is that, in 2018, it already happened...

CVE-2025-54422 Sandboxie exposes encrypted sandbox key during password change

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory,...

CVE-2025-54422 Sandboxie exposes encrypted sandbox key during password change

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical security vulnerability exists in password handling mechanisms. During encrypted sandbox creation, user passwords are transmitted via shared memory,...

PT-2025-31199 · Sandboxie · Sandboxie

Name of the Vulnerable Software and Affected Versions: Sandboxie versions 1.16.1 and earlier Description: Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. A critical security issue exists in password handling mechanisms. During encrypted...

Collusion Resistant DNS with Private Information Retrieval

There has been a growing interest in Internet user privacy, demonstrated by the popularity of privacy-preserving products such as Telegram and Brave, and the widespread adoption of HTTPS. The Domain Name System DNS is a key component of Internet-based communication and its privacy has been...

Development and Analysis of a Secured VoIP System for Surveillance Activities

Since the 1990s, the telephone has been the primary mode of communication. However, Voice over Internet Protocol VoIP, which is a highly straightforward and affordable form of data transfer, is now becoming an important part of daily communication. VoIP is the technology that makes it possible to...

SUSE CVE-2025-38455

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV-ES intra host migration if vCPU creation is in-flight Reject migration of SEV-ES state if either the source or destination VM is actively creating a vCPU, i.e. if kvmvmioctlcreatevcpu is in the section betwee...

DEBIAN-CVE-2025-38455

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV-ES intra host migration if vCPU creation is in-flight Reject migration of SEV-ES state if either the source or destination VM is actively creating a vCPU, i.e. if kvmvmioctlcreatevcpu is in the section betwee...

UBUNTU-CVE-2025-38455

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV-ES intra host migration if vCPU creation is in-flight Reject migration of SEV-ES state if either the source or destination VM is actively creating a vCPU, i.e. if kvmvmioctlcreatevcpu is in the section betwee...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a vCPU creation contention condition during SEV migration that could lead to a crash...

The vulnerability of the config.xml file in TP-Link Archer C50 Wi-Fi routers allows a hacker to gain unauthorized access to protected information.

The vulnerability of the config.xml file in TP-Link Archer C50 Wi-Fi routers lies in the use of strictly encrypted credentials. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information from a remote location...