epa4all-client 数据伪造问题漏洞

epa4all-client is an open-source document writing client tool developed by Oviva AG. Versions of epa4all-client prior to version 1.2.2 contained a data manipulation vulnerability. This vulnerability arises from the possibility for a man-in-the-middle attacker to replace the discovered documents...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via improper verification of AWS EC2 identity documents in the aws-iid process. An attacker can cause the system to accept forged identity documents by providing documents with missing or invalid...

CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

go-witness 信任管理问题漏洞

go-witness is a Golang library open-sourced by in-toto. A trust management issue vulnerability exists in go-witness version 0.8.6 and earlier, which stems from the AWS attestor not properly validating AWS EC2 instance identity documents, which could lead to the acceptance of forged identity...

Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain

Authorities from the Netherlands and the United States have announced the dismantling of an illicit marketplace called VerifTools that peddled fraudulent identity documents to cybercriminals across the world. To that end, two marketplace domains verif.tools and veriftools.net and one blog have be...

The Demise of White House Market Will Shake Up the Dark Web

The popular marketplace’s closing leaves a big hole in the billion-dollar industry of illegal drugs, credit card and bank fraud, forged documents, and more...

Unspecified vulnerability in cPanel (CNVD-2019-29021)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions prior to cPanel 55.9999.141. An attacker can exploit this vulnerability by forging...

FBI Shuts Down Online Drug, Hacking Market Silk Road

The FBI has taken down the infamous Silk Road underground drug market, arresting Ross William Ulbricht in San Francisco yesterday and charging him not only with the distribution of illegal drugs including heroin and LSD, but also with a number of computer hacking crimes. Ulbricht, who was known a...