CVE-2026-25933 Arduino App Lab has Improper Data Validation in Internal Terminal Interface

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

EUVD-2023-24768

Malicious code in bioql PyPI...

CVE-2023-20589 fTPM Voltage Fault Injection

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution...

M1 Chip Vulnerability

This is a new vulnerability against Apples M1 chip. Researchers say that it is unpatchable. Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory, however, have created a novel hardware attack, which combines memory corruption and speculative execution attacks to sidestep...

Don’t panic! “Unpatchable” Mac vulnerability discovered

Researchers at MITs Computer Science & Artificial Intelligence Lab CSAIL found an attack surface in a hardware-level security mechanism utilized in Apple M1 chips. The flaw is unpatchable, but attackers would need to chain it with other vulnerabilities to make use of the attack method. The hardwa...

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can't Be Patched

A novel hardware attack dubbed PACMAN has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an important memory protection...

CVE-2021-37436

Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing...

CVE-2021-37436

CVE-2021-37436 affects Amazon Echo Dot devices. The connected sources describe a design/logic flaw that, after a factory reset, can let an attacker with physical access extract sensitive information through a sequence of hardware and software attacks. There are no published patch details in the p...

PT-2019-13634 · Shapeshift · Keepkey

Name of the Vulnerable Software and Affected Versions: ShapeShift KeepKey devices affected versions not specified Description: A side channel vulnerability was discovered related to the row-based OLED display on ShapeShift KeepKey devices. The power consumption of each display cycle varies based ...

CVE-2017-7526

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This...

Experts Say Attack on Crypto Tokens is Serious, But Not Catastrophic

A group of international academic researchers has made a major advance in the efficiency of a known cryptographic attack on some kinds of crypto hardware, enabling them to extract sensitive keys from tokens such as RSA SecurID and Aladdin eToken devices within 20 minutes. However, experts say tha...