Mind Your Key: An Empirical Study of LLM API Credential Leakage in IOS Apps

The rapid integration of large language models LLMs into mobile applications has introduced a new class of credential security risk: leaked credentials that grant unauthorized access to LLM inference services, causing financial damage to developers. Prior work on credential leakage has focused...

Security Bulletin: There is a vulnerability in brace-expansion-2.0.2.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-33750)

Summary There is a vulnerability in brace-expansion-2.0.2.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-33750 DESCRIPTION: The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to...

Kibana 8.19.16, 9.3.5, 9.4.2 Security Update (ESA-2026-35)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user can send a specially crafted compressed request payload that is processed prior to...

Kibana 8.19.16, 9.3.5, 9.4.1 Security Update (ESA-2026-32)

Uncontrolled Resource Consumption in Kibana Leading to Denial of Service Uncontrolled Resource Consumption CWE-400 in Kibana can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user holding a low-privileged role can submit a specially crafted, oversized payload to...

CVE-2026-41904

creationtimestamp| type| source ---|---|--- 2026-05-07 19:21:18+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlbwrjfhau2r...

Synchronized DNA Sources for Unconditionally Secure Cryptography

Secure communication is the cornerstone of modern infrastructures, yet achieving unconditional security -resistant to any computational attack- remains a fundamental challenge. The One-Time Pad OTP, proven by Shannon to offer perfect secrecy, requires a shared random key as long as the message,...

CVE-2026-2581

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

ShinyHunters Hackers Threaten 400 Firms Over Stolen Salesforce Data

ShinyHunters claims to have stolen data from 400 firms via Salesforce portals and is threatening to leak the information unless ransom demands are paid...

Linux Distros Unpatched Vulnerability : CVE-2025-71200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52M...

CVE-2025-71200 mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from illegally reducing the clock frequency under HS200 or HS400 timing modes, potentially leading to...

CVE-2024-2484

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

A new Android malware named Albiriox has been advertised under a malware-as-a-service MaaS model to offer a "full spectrum" of features to facilitate on-device fraud ODF, screen manipulation, and real-time interaction with infected devices. The malware embeds a hard-coded list comprising over 400...

CVE-2025-40018

In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ipvsftp unregister during netns cleanup On the netns cleanup path, ipvsftpexit may unregister ipvsftp before connections with valid cp-app pointers are flushed, leading to a use-after-free. Fix this by introducing a...

CVE-2014-4019

creationtimestamp| type| source ---|---|--- 2025-09-16 21:02:22+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lyy7rt7f272r...

Baicells多款产品 安全漏洞

Baicells NEUTRINO430 and Baicells NOVA Series are both products of Baicells Inc.Baicells NEUTRINO430 is an LTE base station.Baicells NOVA Series is a series of LTE base stations. A security vulnerability exists in several Baicells products, which stems from the use of weak hashing that could lead...

CVE-2022-41077

creationtimestamp| type| source ---|---|--- 2025-07-22 17:33:32+00:00| seen| Telegram/RpMW-dV4Ll-Kyzjuz9wIbxv8RLGRfQPDTucvkXENNlKE...

undertow: Double AJP response for 400 from EAP 7 results in CPING failures

A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second...

CVE-2022-49951

CVE-2022-49951 concerns the Linux kernel firmware_loader use-after-free during unregister. In firmware_upload_unregister(), device_unregister() could free fw_upload_priv via dev_release before module_put() dereferences it. The documented fix copies fw_upload_priv->module to a local variable an...

CVE-2024-43797

audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries or access only the ones they have permission to. However, the LibraryController is missing the check for admin user and thus allows a path traversal issue. Allowing non-admin users to...