Malicious code in example-malicious (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 35d3703ef56e66529b1b9ba0ccc6cf4e863591347a634a085a46636f082d79c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pxsceneui-example-02 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2025-5049 Malicious code in pxsceneui-example-02 (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

CVE-2025-47869 Apache NuttX RTOS: examples/xmlrpc: Fix calls buffers size.

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that stored remotely provided parameters had hardcoded buffer size which could lead to...

Exploit for Improper Access Control in Microsoft

CVE-2025-33073 PoC Exploit for the NTLM reflection SMB flaw...

Chain-Of-Code Collapse: Reasoning Failures in LLMs Via Adversarial Prompting in Code Generation

Large Language Models LLMs have achieved remarkable success in tasks requiring complex reasoning, such as code generation, mathematical problem solving, and algorithmic synthesis -- especially when aided by reasoning tokens and Chain-of-Thought prompting. Yet, a core question remains: do these...

thunderbird: Sender Spoofing via Malformed From Header in Thunderbird

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name [email protected]...

Malicious code in frontegg-nuxt-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1dfeb24eb6c59e883dded7166ce9ff73fb43ab8352fcc2a154f86c7bf96be5e8 Any computer that has this package installed or running should be considered...

MAL-2025-4725 Malicious code in frontegg-nuxt-example (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1dfeb24eb6c59e883dded7166ce9ff73fb43ab8352fcc2a154f86c7bf96be5e8 Any computer that has this package installed or running should be considered...

A Symmetric LWE-Based Multi-Recipient Cryptosystem

This article describes a post-quantum multirecipient symmetric cryptosystem whose security is based on the hardness of the LWE problem. In this scheme a single sender encrypts multiple messages for multiple recipients generating a single ciphertext which is broadcast to the recipients. Each...

ADC-13.1-Rate limit gets hit unexpectedly when a rate limit identifier is used in different policies

When we invoke one rate limit identifier from different polices, the rate limit gets hit unexpectedly. The example config is as below: add stream selector IPURLSelector HTTP.REQ.URL CLIENT.IP.SRCadd ns limitIdentifier LIMITIPURL -threshold 3 -selectorName IPURLSelectoradd audit messageaction...

Developing a Risk Identification Framework for Foundation Model Uses

As foundation models grow in both popularity and capability, researchers have uncovered a variety of ways that the models can pose a risk to the model's owner, user, or others. Despite the efforts of measuring these risks via benchmarks and cataloging them in AI risk taxonomies, there is little...

Asymmetry by Design: Boosting Cyber Defenders with Differential Access to AI

As AI-enabled cyber capabilities become more advanced, we propose "differential access" as a strategy to tilt the cybersecurity balance toward defense by shaping access to these capabilities. We introduce three possible approaches that form a continuum, becoming progressively more restrictive for...

thunderbird: Sender Spoofing via Malformed From Header in Thunderbird

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name [email protected]...

How to deploy AI safely

In this blog you will hear directly from Corporate Vice President and Deputy Chief Information Security Officer CISO for AI, Yonatan Zunger, about how to build a plan to deploy AI safely. This blog is part of a new ongoing series where our Deputy CISOs share their thoughts on what is most importa...

CVE-2024-45498

Example DAG: exampleinleteventextra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the...

CVE-2023-2686

Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack...

CVE-2023-23205

An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multiclientserver/multiclientserver.c...

CVE-2023-23595

BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltrate single-line files. A single-line file might contain credentials, such as "machine example.com login daniel password qwerty" in the documentation example for the .netrc file format. NOTE: 2.x versions are no longer supported...

JALMBench: Benchmarking Jailbreak Vulnerabilities in Audio Language Models

Whitepaper called JALMBench: Benchmarking Jailbreak Vulnerabilities In Audio Language Models...