CVE-2025-7204

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly verbose user object, which included encrypted password hashes for other users. Authenticated users...

CVE-2025-34084

...

Wallets As Universal Access Devices

Wallets are access points for the digital economys value creation. Wallets for blockchains store the end-users cryptographic keys for administrating their digital assets and enable access to blockchain Web3 systems. Web3 delivers new service opportunities. This chapter focuses on the Web3 enabled...

CVE-2025-53013

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

SUSE CVE-2025-53013

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

CVE-2025-53013

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

CVE-2025-53013 Himmelblau offline auth permits authentication with invalid Hello PIN

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

CVE-2025-53013 Himmelblau offline auth permits authentication with invalid Hello PIN

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

CVE-2025-53013

Summary (CVE-2025-53013, Himmelblau) : Versions 0.9.10–0.9.16 allow offline authentication to a Linux host via Himmelblau using an invalid Linux Hello PIN. The root cause is an incorrect handling in acquire_token_by_hello_for_business_key: offline, a TPMFail is expected for an invalid key, but a ...

CVE-2025-53013 Himmelblau offline auth permits authentication with invalid Hello PIN

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

PT-2025-27005

Name of the Vulnerable Software and Affected Versions: Himmelblau versions 0.9.10 through 0.9.16 Description: A vulnerability in Himmelblau allows a user to authenticate to a Linux host using an invalid Linux Hello PIN when the host is offline. This issue arises from an incorrect assumption in th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: hwpoison, memoryhotplug: lock folio before unmap hwpoisoned folio Commit b15c87263a69 “hwpoison, memoryhotplug: allow hwpoisoned pages to be offline” adds page poison checks in domigraterange, in order to make offline hwpoisoned...

[SECURITY] Fedora 42 Update: zeal-0.7.2-9.fc42

Zeal is a simple offline documentation browser inspired by Dash...

Updated Guidance on Play Ransomware

CISA, the Federal Bureau of Investigation FBI, and the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play...

📄 Microsoft Windows Registry Protection Removal

Thanks to OFFREG.dll, every unprivileged user can copy the registry tree HKEYCURRENTUSER except of course the registry keys where the policies are stored to an offline registry hive ntuser.man and thus get rid of any restrictions previously imposed via user group policies after logging off and on...

CHIP: Chameleon Hash-Based Irreversible Passport for Robust Deep Model Ownership Verification and Active Usage Control

The pervasion of large-scale Deep Neural Networks DNNs and their enormous training costs make their intellectual property IP protection of paramount importance. Recently introduced passport-based methods attempt to steer DNN watermarking towards strengthening ownership verification against...

ALRPHFS: Adversarially Learned Risk Patterns with Hierarchical Fast \& Slow Reasoning for Robust Agent Defense

LLM Agents are becoming central to intelligent systems. However, their deployment raises serious safety concerns. Existing defenses largely rely on "Safety Checks", which struggle to capture the complex semantic risks posed by harmful user inputs or unsafe agent behaviors - creating a significant...

CVE-2024-6057

Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the vault master password via the offline mode feature...

CVE-2024-5264

Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis...

CVE-2023-29446

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...