134 matches found
Websites Can Now Spy on You Through Your Hard Drive
Thanks to the newly detailed FROST technique, telltale SSD activity can be measured in the browser using simple JavaScript...
EUVD-2019-0121
Malware in sbrugna...
CVE-2025-58359
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
Malicious code in igloo-frost-jrf806-project (npm)
The package igloo-frost-jrf806-project was found to contain malicious code...
MAL-2025-44679 Malicious code in igloo-frost-jrf806-project (npm)
The package igloo-frost-jrf806-project was found to contain malicious code...
FROST 安全漏洞
FROST is a Rust library open-sourced by the Zcash Foundation. A security vulnerability exists in FROST versions 2.0.0 through 2.1.0, which stems from the fact that refreshing shares with smaller minsigners reduces group security...
CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
CVE-2025-58359
Summary: The frost-core (ZF FROST) vulnerability CVE-2025-58359 affects frost-core versions 2.0.0–2.1.0. The issue arises because the refresh shares mechanism in frost_core::keys::refresh did not clearly communicate that changing min_signers would not reduce the threshold, and after refreshing wi...
CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
GHSA-WGQ8-VR6R-MQXM frost-core: refresh shares with smaller min_signers will reduce security of group
Impact It was not clear that it is not possible to change minsigners i.e. the threshold with the refresh share functionality frostcore::keys::refresh module. Using a smaller value would not decrease the threshold, and attempts to sign using a smaller threshold would fail. Additionally, after...
Malicious code in frost-dragon-jtp425-project (npm)
The package frost-dragon-jtp425-project was found to contain malicious code...
Malicious code in frost-giraffe-qit327-project (npm)
The package frost-giraffe-qit327-project was found to contain malicious code...
Malicious code in frost-quartz-oll021-project (npm)
The package frost-quartz-oll021-project was found to contain malicious code...
Malicious code in zenith-81evh-79y3g-frost-project (npm)
The package zenith-81evh-79y3g-frost-project was found to contain malicious code...
Malicious code in frost-patxq-y6wr4-boulder-project (npm)
The package frost-patxq-y6wr4-boulder-project was found to contain malicious code...
Malicious code in frost-enlgz-2sz23-nymph-project (npm)
The package frost-enlgz-2sz23-nymph-project was found to contain malicious code...
MAL-2025-20987 Malicious code in frost-forest-oow784-project (npm)
The package frost-forest-oow784-project was found to contain malicious code...
MAL-2025-36823 Malicious code in thistle-frost-pgq996-project (npm)
The package thistle-frost-pgq996-project was found to contain malicious code...
MAL-2025-20982 Malicious code in frost-asteroid-tdu634-project (npm)
The package frost-asteroid-tdu634-project was found to contain malicious code...