CVE-2024-29959

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a prints Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save...

UBUNTU-CVE-2024-56161

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP...

The vulnerability of the Yeti threat analysis platform, which relies on the use of strictly encrypted credentials, allows attackers to escalate their privileges.

The vulnerability of the Yeti threat analysis platform is related to the use of strictly encrypted credentials. Exploiting this vulnerability allows a remote attacker to enhance their privileges by using a static JWT token...

Cache-based Side-Channel Attack Against SEV

AMD ID: AMD-SB-3010 Potential Impact: N/A Severity: N/A Summary AMD has received a report from researchers at National Taiwan University detailing cache-based side-channel attacks against Secure Encrypted Virtualization SEV. 2025-06-03 Update: A subsequent report of the same attacks was received...

CVE-2025-0374

When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as...

PT-2025-3859 · Etcupdate +1 · Etcupdate +1

Name of the Vulnerable Software and Affected Versions: etcupdate affected versions not specified Description: When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the inpu...

FreeBSD -- Unprivileged access to system files

Problem Description: When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted...

A week in security (January 13 – January 19)

Last week on Malwarebytes Labs: iMessage text gets recipient to disable phishing protection so they can be phished The new rules for AI and encrypted messaging, with Mallory Knodel Lock and Code S06E01 Insurance company accused of using secret software to illegally collect and sell location data ...

CVE-2024-7322

A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service DoS. To recover from this DoS, the network must be re-established...

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the use of strictly encrypted accounting data. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the use of rigidly encrypted account data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized acces...

The new rules for AI and encrypted messaging, with Mallory Knodel (Lock and Code S06E01)

This week on the Lock and Code podcast … The era of artificial intelligence everything is here, and with it, come everyday surprises into exactly where the next AI tools might pop up. There are major corporations pushing customer support functions onto AI chatbots, Big Tech platforms offering AI...

The new rules for AI and encrypted messaging, with Mallory Knodel (Lock and Code S06E01)

This week on the Lock and Code podcast … The era of artificial intelligence everything is here, and with it, come everyday surprises into exactly where the next AI tools might pop up. There are major corporations pushing customer support functions onto AI chatbots, Big Tech platforms offering AI...

The vulnerability of Mutt and NeoMutt email clients, related to errors in verifying the cryptographic signature, allows a hacker to alter the list of trusted recipients and expose the encrypted information.

The vulnerability of Mutt and NeoMutt email clients stems from errors in verifying the cryptographic signature when processing header fields. Exploiting this vulnerability could allow a malicious actor to alter the list of trusted recipients and expose the sensitive information being protected...

Trend Micro™ Managed XDR Analysis of Infection From Fake Installers and Cracks

Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data...

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

Ransomware isn't slowing down—it's getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection. The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking...

CVE-2023-38037

ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current umask settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that ha...

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the personal developer Yukihiro Matsumoto. A security vulnerability exists in Ruby that stems from vulnerability to the Marvin attack, which allows an attacker to decrypt previously encrypted messages or forge...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption when processing FIPS encrypted or decrypted IOCTL calls invoked from user space...

PT-2026-7453

Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality...

PT-2025-7616 · Debian · Debian

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: affected versions not specified Description: The issue concerns information disclosure of S/MIME encrypted emails. Recommendations: At the moment, there is no information about a newer version...