135 matches found
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST , needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the driv...
Websites Can Now Spy on You Through Your Hard Drive
Thanks to the newly detailed FROST technique, telltale SSD activity can be measured in the browser using simple JavaScript...
EUVD-2019-0121
Malware in sbrugna...
CVE-2025-58359
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
Malicious code in igloo-frost-jrf806-project (npm)
The package igloo-frost-jrf806-project was found to contain malicious code...
MAL-2025-44679 Malicious code in igloo-frost-jrf806-project (npm)
The package igloo-frost-jrf806-project was found to contain malicious code...
FROST 安全漏洞
FROST is a Rust library open-sourced by the Zcash Foundation. A security vulnerability exists in FROST versions 2.0.0 through 2.1.0, which stems from the fact that refreshing shares with smaller minsigners reduces group security...
CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
CVE-2025-58359 frost-core: refresh shares with smaller min_signers will reduce group security
ZF FROST is a Rust implementation of FROST Flexible Round-Optimised Schnorr Threshold signatures. In versions 2.0.0 through 2.1.0, refresh shares with smaller minsigners will reduce security of group. The inability to change minsigners i.e. the threshold with the refresh share functionality...
CVE-2025-58359
Summary: The frost-core (ZF FROST) vulnerability CVE-2025-58359 affects frost-core versions 2.0.0–2.1.0. The issue arises because the refresh shares mechanism in frost_core::keys::refresh did not clearly communicate that changing min_signers would not reduce the threshold, and after refreshing wi...
GHSA-WGQ8-VR6R-MQXM frost-core: refresh shares with smaller min_signers will reduce security of group
Impact It was not clear that it is not possible to change minsigners i.e. the threshold with the refresh share functionality frostcore::keys::refresh module. Using a smaller value would not decrease the threshold, and attempts to sign using a smaller threshold would fail. Additionally, after...
Malicious code in frost-secp256k1-evm (npm)
The package frost-secp256k1-evm was found to contain malicious code...
Malicious code in frost-giraffe-qit327-project (npm)
The package frost-giraffe-qit327-project was found to contain malicious code...
Malicious code in lilypad-frost-fky005-project (npm)
The package lilypad-frost-fky005-project was found to contain malicious code...
Malicious code in frost-asteroid-tdu634-project (npm)
The package frost-asteroid-tdu634-project was found to contain malicious code...
Malicious code in frost-amber-ccc534-project (npm)
The package frost-amber-ccc534-project was found to contain malicious code...
Malicious code in radiance-r4bgv-r9m64-frost-project (npm)
The package radiance-r4bgv-r9m64-frost-project was found to contain malicious code...
Malicious code in frost-desert-gfb130-project (npm)
The package frost-desert-gfb130-project was found to contain malicious code...
Malicious code in frost-infinity-gyp730-project (npm)
The package frost-infinity-gyp730-project was found to contain malicious code...