Malicious code in monoblast (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d77da2ba877fe8f60939aa31a965bd4b4f0a4265edff812ebd8817aa008c674 The package monoblast was found to contain malicious code. Source: ghsa-malware 528645f69305646755172e18341eb5b57038d4f5f46faa93b040fc361e85fedf Any...

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

The Australian Signals Directorate ASD has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY. The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 CVSS...

EUVD-2025-37224

Nagios Fusion versions prior to R2.1 contain a vulnerability due to the application not requiring re-authentication or session rotation when a user has enabled two-factor authentication 2FA. As a result, an adversary who has obtained a valid session could continue using the active session after t...

GO-2025-4076 Constellation has insecure LUKS2 persistent storage partitions which may be opened and used in github.com/edgelesssys/constellation

Constellation has insecure LUKS2 persistent storage partitions which may be opened and used in github.com/edgelesssys/constellation...

Revive Adserver: Stored-XSS in Banner Name field

Version: ==revive-adserver 6.0.0== Summary: A stored Cross-Site Scripting XSS vulnerability exists in the Banner → Name field. An attacker can create or edit a banner with a malicious payload in the Name field; that payload is stored and later executed in the browser of users who were added to th...

MAL-2025-49017 Malicious code in labelbox-custom-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 620f8e1935cc780dbeb838d123c1a770b38e6db7bca472c4afc955229d09fafe Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ing-web-es (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a7cea7c30f8d070d425cd30f9b983aebec3169313c6ae647f53073d7dc60f2c5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in no-unsupported-browser-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e421e834a041473c40faa9f19e564697a54e65c126010d4916e2927c757c4e78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-36551

Contrast has insecure LUKS2 persistent storage partitions may be opened and used...

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the secure persistent volume feature. An attacker can access confidential data stored in persistent volumes by providing a crafted LUKS2 volume with a null key-encryption algorithm...

Contrast has insecure LUKS2 persistent storage partitions may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is a not authenticated and b supports null...

GHSA-F5P4-P5Q5-JV3H Contrast has insecure LUKS2 persistent storage partitions may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is a not authenticated and b supports null...

CVE-2025-12103

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

CVE-2025-12103

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role trustyai-service-operator-lmeval-user-role and a CRB...

Attention Augmented GNN RNN-Attention Models for Advanced Cybersecurity Intrusion Detection

In this paper, we propose a novel hybrid deep learning architecture that synergistically combines Graph Neural Networks GNNs, Recurrent Neural Networks RNNs, and multi-head attention mechanisms to significantly enhance cybersecurity intrusion detection capabilities. By leveraging the comprehensiv...

kernel: pstore/ram: Check start of empty przs during init

An out of bounds array vulnerability exists in the linux kernel, such that a missing check on the start field of a PRZ persistent ram zone during initialization leads to damage to the availability and integrity of the system...

CVE-2025-58356 Constellation allows insecure use of LUKS2 persistent storage partitions

Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function cryptactivatebypasshrase. If the VM is successful in opening the partition with th...

CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...

EUVD-2025-36204

Constellation has insecure LUKS2 persistent storage partitions which may be opened and used...

Constellation has insecure LUKS2 persistent storage partitions which may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...