EUVD-2022-54895

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, pair only capable devices OFFLOADS paring using devcom is possible only on devices that support LAG. Filter based on lag capabilities. This fixes an issue where mlx5getnextphysdev was called without holding th...

EUVD-2014-7171

Malware in sbrugna...

EUVD-2022-30460

Malicious code in bioql PyPI...

CVE-2023-7003

The AES key utilized in the pairing process between a lock using Sciener firmware and a wireless keypad is not unique, and can be reused to compromise other locks using the Sciener firmware...

CVE-2023-50129

Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter...

CVE-2022-46307 SGUDA U-Lock - Broken Access Control

SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...

Copying a Key by Listening to It in Action

Researchers are using recordings of keys being used in locks to create copies. Once they have a key-insertion audio file, SpiKey's inference software gets to work filtering the signal to reveal the strong, metallic clicks as key ridges hit the lock's pins and you can hear those filtered clicks...

No need for lock picking tools

This is something I knocked up to show how terrible some locks are. I found this one in my garage. It was from when my wife and I went to a Download festival a couple of years back and is a lock from one of those paid-for secure storage places where you can leave your car keys, phone etc. Let's...