3391 matches found
Cryptographic Data Exchange for Nuclear Warheads
Nuclear arms control treaties have historically focused on strategic nuclear delivery systems, leaving nuclear warheads outside formal verification frameworks. This paper presents a cryptographic protocol for secure and verifiable warhead tracking, addressing challenges in nuclear warhead...
Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution
Summary An inconsistency in OperatorFuncNode can be exploited to hide the execution of untrusted operator.xxx methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. Note: This...
Exploit for CVE-2025-1302
CVE-2025-1302 JSONPath-Plus RCE PoC PoC Script Name: po...
Exploit for Path Traversal in Jenkins
Jenkins CVE-2024-23897 Lab Уязвимость чтения произвольных фай...
Development of a Standardized Testing Environment for QRNGs Based on Semiconductor Laser Phase Noise
Quantum random number generators QRNGs based on semiconductor laser phase noise are an inexpensive and efficient resource for true random numbers. Commercially available technology allows for designing QRNG setups tailored to specific use cases. However, it is important to constantly monitor...
Back to Business: Lumma Stealer Returns with Stealthier Methods
Lumma Stealer has re-emerged shortly after its takedown. This time, the cybergroup behind this malware appears to be intent on employing more covert tactics while steadily expanding its reach. This article shares the latest methods used to propagate this threat...
Description of the security update for SharePoint Server 2019 Language Pack: July 21, 2025 (KB5002753)
Description of the security update for SharePoint Server 2019 Language Pack: July 21, 2025 KB5002753 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the...
Description of the security update for SharePoint Server Subscription Edition: July 21, 2025 (KB5002768)
Description of the security update for SharePoint Server Subscription Edition: July 21, 2025 KB5002768 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint Server spoofing vulnerability. To learn more about the...
CVE-2025-53964
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary...
goldendict 安全漏洞
goldendict is a feature-rich dictionary lookup program from goldendict open source. A security vulnerability exists in goldendict versions 1.5.0 and 1.5.1, which stems from exposing dangerous methods that could lead to file reads and modifications...
The State of Cyber Risk 2025: Business Context Needed
The cyber risk conversation is changing. Momentum is growing for formal cyber risk programs. However, despite rising investments, evolving frameworks, and more vocal boardroom interest, new data reveals that most organizations remain immature in their risk management programs, and cyber risk is...
Three Ways to Launch Linode Kubernetes Engine Enterprise
...
MH-FSF: a Unified Framework for Overcoming Benchmarking and Reproducibility Limitations in Feature Selection Evaluation
Feature selection is vital for building effective predictive models, as it reduces dimensionality and emphasizes key features. However, current research often suffers from limited benchmarking and reliance on proprietary datasets. This severely hinders reproducibility and can negatively impact...
CVE-2024-49784
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values...
Understanding the NCSC’s New API Security Guidance
Legislative, regulatory, and advisory bodies the world over are waking up to the importance of API security. Most recently, the UK’s National Cyber Security Centre NCSC has published detailed guidance on best practices for building and maintaining secure APIs. In this blog, we’ll break down that...
CVE-2025-6948 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have allowed a successful attacker to execute actions on behalf of users by injecting malicious content...
CVE-2024-49783 IBM OpenPages with Watson information disclosure
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability t...
CVE-2024-49784 IBM OpenPages with Watson information disclosure
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values...
CVE-2024-49784
IBM OpenPages with Watson (versions 8.3 and 9.0) contains a cryptographic weakness in the storage of encrypted data using AES-CBC, which could allow an attacker with database or server-file access to extract encrypted values and potentially apply further cryptographic methods to recover plaintext...
Description of the security update for SharePoint Server 2019: July 8, 2025 (KB5002741)
Description of the security update for SharePoint Server 2019: July 8, 2025 KB5002741 Summary This security update resolves a Microsoft SharePoint remote code execution vulnerability, Microsoft SharePoint Server spoofing vulnerability, and Microsoft Word remote code execution vulnerability. To...