218 matches found
RUSTSEC-2026-0004 Triton VM Soundness Vulnerability due to Improper Sampling of Randomness
In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...
ZkRansomware: Proof-Of-Data Recoverability and Multi-Round Game Theoretic Modeling of Ransomware Decisions
Ransomware is still one of the most serious cybersecurity threats. Victims often pay but fail to regain access to their data, while also facing the danger of losing data privacy. These uncertainties heavily shape the attacker-victim dynamics in decision-making. In this paper, we introduce and...
RAW-CVE
This repository contai...
Analysing Multidisciplinary Approaches to Fight Large-Scale Digital Influence Operations
Crime as a Service CaaS has evolved from isolated criminal incidents to a broad spectrum of illicit activities, including social media manipulation, foreign information manipulation and interference FIMI, and the sale of disinformation toolkits. This article analyses how threat actors exploit...
Exploit for CVE-2025-55182
Original PoCs for CVE-2025-55182 As public PoCs are circulati...
security-research
Security Research This project hosts security advisories and...
Practical-Vulnerability-Exploitation
Practical-Vulnerability-Exploitation Hands-on exploi...
Quantum Key Distribution: Bridging Theoretical Security Proofs, Practical Attacks, and Error Correction for Quantum-Augmented Networks
Quantum Key Distribution QKD is revolutionizing cryptography by promising information-theoretic security through the immutable laws of quantum mechanics. Yet, the challenge of transforming these idealized security models into practical, resilient systems remains a pressing issue, especially as...
Babylon's BIP322 signature implementation is not fully compliant to the spec
Summary The BIP-322 signature verification does not enforce the SIGHASH value to be SIGHASHALL, and therefore is not strictly following the spec. Impact Non-compliant BIP-322 signatures in proof of possessions can be accepted by the chain...
SmartPoC: Generating Executable and Validated PoCs for Smart Contract Bug Reports
Smart contracts are prone to vulnerabilities and are analyzed by experts as well as automated systems, such as static analysis and AI-assisted solutions. However, audit artifacts are heterogeneous and often lack reproducible, executable PoC tests suitable for automated validation, leading to...
Unclonable Cryptography in Linear Quantum Memory
Quantum cryptography is a rapidly-developing area which leverages quantum information to accomplish classically-impossible tasks. In many of these protocols, quantum states are used as long-term cryptographic keys. Typically, this is to ensure the keys cannot be copied by an adversary, owing to t...
Twin-Field Quantum Key Distribution: Protocols, Security, and Open Problems
Twin-Field Quantum Key Distribution TF-QKD has emerged as a potential protocol for long distance secure communication, overcoming the rate-distance limitations of conventional quantum key distribution without requiring trusted repeaters. By having two parties transmit phase encoded weak coherent...
Malicious Package
Overview cloak-withdraw-proofs is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
cve-poc-garage
Curated collection of CVE Proof of Concepts — reproducib...
EUVD-2025-33900
Malicious code in cloak-withdraw-proofs npm...
Malicious code in cloak-withdraw-proofs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17382cbc158577dc1c35d32d1620e4992a2570006e2986e5701fa324a750b99d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-48317 Malicious code in cloak-withdraw-proofs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17382cbc158577dc1c35d32d1620e4992a2570006e2986e5701fa324a750b99d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
security-research
Security Research This project hosts security advisories and...
APEMAN-Camera-PoCs
APEMAN-Camera-...
EUVD-2025-0168
Malicious code in bioql PyPI...