Security update for gnutls

This update for gnutls fixes the following issues CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short ciphertexts bsc1263715. CVE-2026-33845: buffers: switch from endoffset over to fraglength...

EUVD-2000-0274

Malware in sbrugna...

EUVD-2018-8137

Malware in sbrugna...

EUVD-2020-7151

Malware in sbrugna...

EUVD-2021-23284

Malware in sbrugna...

EUVD-2017-5235

Malware in sbrugna...

EUVD-2025-4155

Malicious code in bioql PyPI...

CVE-2025-5922

Access to TSplus Remote Access Admin Tool is restricted to administrators unless "Disable UAC" option is enabled and requires a PIN code. In versions below v18.40.6.17 the PIN's hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack usi...

CVE-2025-53013

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an invalid Linux Hello PIN, provided the host is offline. While the user gains access to th...

CVE-2021-36689

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this...

ASB-A-268038643

In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no addition...

CVE-2021-36689

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this...

Deploying EFBs securely

It may come as a surprise to some to discover that electronic flight bag security at airlines is often quite variable. Whilst some use an MDM, a lot don’t. Of those who do, PINs are often weak. Some airlines actively encourage pilots to use their devices for personal use. We’ve heard stories of a...

T-Mobile Suffers Data Breach Affecting Prepaid Wireless Customers

Are you a T-Mobile prepaid customer? If yes, you should immediately create or update your associated account PIN/passcode as additional protection. The US-based telecom giant T-Mobile today disclosed a yet another data breach incident that recently exposed potentially personal information of some...

Hackers Can Steal Your ATM PIN from Your Smartwatch Or Fitness Tracker

As your day-to-day apparel and accessories are turning into networked mobile electronic devices that attach to your body like smartwatch or fitness band, the threat to our personal data these devices collect has risen exponentially. A recent study from Binghamton University also suggests your...

Stealing PIN Codes With a Wink and a Nod

Security researchers have developed a number of different methods to steal or bypass the passcodes on most of the common mobile phone platforms, some of which rely on software bugs and others that are simple social engineering techniques. Now, a pair of researchers from the University of Cambridg...

Chip and PIN Security Completely Broken by New Attack

A group of researchers has found a significant flaw in the chip-and-PIN security system used by credit card companies in the UK. The weakness allows an attacker to use a card without the PIN associated with it. In a normal transaction using the chip-and-PIN system, the cardholder needs to enter a...

CVE-2002-2122

Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory...

Secure Computing e.iD Authenticator for Palm 2.0 - PIN Brute Force

source: https://www.securityfocus.com/bid/2105/info Summary: An attacker that obtains access to the "sceiddb.pdb" file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description: Secure Computing's SafeWord is a system of authentication services tha...

Secure Computing e.iD Authenticator for Palm 2.0 - PIN Brute Force

Secure Computing e.iD Authenticator for Palm 2.0 - PIN Brute Force source: https://www.securityfocus.com/bid/2105/info Summary: An attacker that obtains access to the "sceiddb.pdb" file, part of Secure Computing's e.iD Authenticator for Palm, can determine the user's PIN. Problem Description:...