New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks

The ClickFix social engineering tactic as an initial access vector using fake CAPTCHA verifications increased by 517% between the second half of 2024 and the first half of this year, according to data from ESET. "The list of threats that ClickFix attacks lead to is growing by the day, including...

Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

CVE-2025-6445

ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

CVE-2025-5823

Autel MaxiCharger AC Wallbox Commercial Serial Number Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is...

CVE-2025-6445

CVE-2025-6445 affects ServiceStack via the FindType method, where lack of validation of a user-supplied path in file operations enables remote code execution in the context of the current process. Documented by multiple connected sources (e.g., ZDI advisory ZDI-25-416; Red Hat CVE entry) with att...

CVE-2025-6442 Ruby WEBrick read_header HTTP Request Smuggling Vulnerability

Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The...

The vulnerability of the Apache Answer Q&A platform, related to the return of references to protected data from a public method, allows a violator to execute arbitrary code.

The vulnerability of the Apache Answer Q&A platform relates to the return of references to protected data from a public method. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

Here’s a Subliminal Channel You Haven’t Considered Before

Scientists can manipulate air bubbles trapped in ice to encode messages...

GHSA-V62P-RQ8G-8H59 pbkdf2 silently disregards Uint8Array input, returning static keys

Summary On historic but declared as supported Node.js versions 0.12-2.x, pbkdf2 silently disregards Uint8Array input This only affects Node.js = 0.12 and there seems to be ongoing effort in this repo to maintain that Support Uint8Array input input is typechecked against Uint8Array, and the error...

perl-YAML-LibYAML security update

1:0.82-6.1 - Use 3-arg form of open in LoadFile CVE-2025-40908...

PT-2025-26619 · Unknown · Servicestack

Name of the Vulnerable Software and Affected Versions: ServiceStack affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of ServiceStack. The specific flaw exists within the implementation of the FindType method, which...

ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ServiceStack. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation o...

An Efficient Hardware Implementation of Elliptic Curve Point Multiplication over $GF(2^M)$ on FPGA

Elliptic Curve Cryptography ECC is widely accepted for ensuring secure data exchange between resource-limited IoT devices. The National Institute of Standards and Technology NIST recommended implementation, such as B-163, is particularly well-suited for Internet of Things IoT applications. Here,...

Fuzzy Location and Allocation Hub Network Design for Air Cargo Transportation Considering Sustainability and Time Window

Hub location Problems seek to find hub facilities and assign non-hub nodes to them in such a way that the flow between origin and destination should be effectively established according to the desired goal. In general, in the literature of location, it is assumed that the time horizon of hub...

Doppelgänger Method: Breaking Role Consistency in LLM Agent via Prompt-based Transferable Adversarial Attack

Since the advent of large language models, prompt engineering now enables the rapid, low-effort creation of diverse autonomous agents that are already in widespread use. Yet this convenience raises urgent concerns about the safety, robustness, and behavioral consistency of the underlying prompts,...

CipherMind: the Longest Codebook in the World

In recent years, the widespread application of large language models has inspired us to consider using inference for communication encryption. We therefore propose CipherMind, which utilizes intermediate results from deterministic fine-tuning of large model inferences as transmission content. The...

Unlearning-Enhanced Website Fingerprinting Attack: against Backdoor Poisoning in Anonymous Networks

Website Fingerprinting WF is an effective tool for regulating and governing the dark web. However, its performance can be significantly degraded by backdoor poisoning attacks in practical deployments. This paper aims to address the problem of hidden backdoor poisoning attacks faced by Website...

New Detection Method Uses Hackers’ Own Jitter Patterns Against Them

A new detection method from Varonis Threat Labs turns hackers' sneaky random patterns into a way to catch hidden cyberattacks. Learn about Jitter-Trap and how it boosts cybersecurity defenses...

SUSE-SU-2025:02056-1 Security update for apache-commons-beanutils

This update for apache-commons-beanutils fixes the following issues: Update to 1.11.0: Fixed Bugs: + BeanComparator.compareT, T now throws IllegalArgumentException instead of RuntimeException to wrap all cases of ReflectiveOperationException. + MappedMethodReference.get now throws...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the Extract method. An attacker can gain remote code execution by uploading specially crafted archive files containing path traversal sequences in filenames, resulting in files being written to arbitrary...