Malicious code in helvetia-base-patterns (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3682a1cff47d9425b9d7c8d820704387f078a2f5ee4dadc955da09c859c23579 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3831 Malicious code in helvetia-base-patterns (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3682a1cff47d9425b9d7c8d820704387f078a2f5ee4dadc955da09c859c23579 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

vscode -- security feature bypass vulnerability

VSCode developers report: A security feature bypass vulnerability exists in VS Code 1.100.0 and earlier versions where a maliciously crafted URL could be considered trusted when it should not have due to how VS Code handled glob patterns in the trusted domains feature. When paired with the fetch...

One Trigger Token Is Enough: a Defense Strategy for Balancing Safety and Usability in Large Language Models

Large Language Models LLMs have been extensively used across diverse domains, including virtual assistants, automated code generation, and scientific research. However, they remain vulnerable to jailbreak attacks, which manipulate the models into generating harmful responses despite safety...

UK Finfluencers: Exploring Content, Reach, and Responsibility

The rise of social media financial influencers finfluencers has significantly transformed the personal finance landscape, making financial advice and insights more accessible to a broader and younger audience. By leveraging digital platforms, these influencers have contributed to the...

syslog-ng 安全漏洞

syslog-ng is an enhanced logging daemon from the syslog-ng team team. A wide range of input and output methods are supported: syslog, unstructured text, queues, SQL and NoSQL. A security vulnerability exists in syslog-ng versions prior to 4.8.2, which stems from the tlswildcardmatch function...

Another Move in the Deepfake Creation/Detection Arms Race

Deepfakes are now mimicking heartbeats In a nutshell Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to heartbeats. The...

Machine Learning for Cyber-Attack Identification from Traffic Flows

This paper presents our simulation of cyber-attacks and detection strategies on the traffic control system in Daytona Beach, FL. using Raspberry Pi virtual machines and the OPNSense firewall, along with traffic dynamics from SUMO and exploitation via the Metasploit framework. We try to answer the...

CVE-2025-46565 Vite's server.fs.deny bypassed with /. for files under project root

Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network usi...

CVE-2025-46565 Vite's server.fs.deny bypassed with /. for files under project root

Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network usi...

GHSA-859W-5945-R5V3 Vite's server.fs.deny bypassed with /. for files under project root

Summary The contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Only files that are under project root and a...

XBreaking: Explainable Artificial Intelligence for Jailbreaking LLMs

Large Language Models are fundamental actors in the modern IT landscape dominated by AI solutions. However, security threats associated with them might prevent their reliable adoption in critical application scenarios such as government organizations and medical institutions. For this reason,...

Sleeping Giants -- Activating Dormant Java Deserialization Gadget Chains through Stealthy Code Changes

Java deserialization gadget chains are a well-researched critical software weakness. The vast majority of known gadget chains rely on gadgets from software dependencies. Furthermore, it has been shown that small code changes in dependencies have enabled these gadget chains. This makes gadget chai...

Fast and Robust Speckle Pattern Authentication by Scale Invariant Feature Transform Algorithm in Physical Unclonable Functions

Nowadays, due to the growing phenomenon of forgery in many fields, the interest in developing new anti-counterfeiting device and cryptography keys, based on the Physical Unclonable Functions PUFs paradigm, is widely increased. PUFs are physical hardware with an intrinsic, irreproducible disorder...

Automated Static Vulnerability Detection Via a Holistic Neuro-Symbolic Approach

Static vulnerability detection is still a challenging problem and demands excessive human efforts, e.g., manual curation of good vulnerability patterns. None of prior works, including classic program analysis or Large Language Model LLM-based approaches, have fully automated such vulnerability...

K000150967: Angular JS vulnerabilities CVE-2023-26117 and CVE-2023-26118

Security Advisory Description CVE-2023-26117 Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service ReDoS via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted...

PANO - Advanced OSINT Investigation Platform Combining Graph Visualization, Timeline Analysis, And AI Assistance To Uncover Hidden Connections In Data

PANO is a powerful OSINT investigation platform that combines graph visualization, timeline analysis, and AI-powered tools to help you uncover hidden connections and patterns in your data. Getting Started 1. Clone the repository: bash git clone https://github.com/ALW1EZ/PANO.git cd PANO 2. Run th...

Security Bulletin: Due to the Use Apache MINA Core, IBM App Connect Professional is vulnerable to Remote Code Execution

Summary Apache MINA Core is used by IBM App Connect Professional CVE-2024-52046 Vulnerability Details CVEID:CVE-2024-52046 DESCRIPTION: The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security...

Concept Enhancement Engineering: a Lightweight and Efficient Robust Defense against Jailbreak Attacks in Embodied AI

Embodied Intelligence EI systems integrated with large language models LLMs face significant security risks, particularly from jailbreak attacks that manipulate models into generating harmful outputs or executing unsafe physical actions. Traditional defense strategies, such as input filtering and...

MAL-2025-3070 Malicious code in lts-patterns (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a9515ccf1dbf9bcc711f506a3486fec43d113f034edba89f13a9d0057297d5ac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...