MAL-2026-3575 Malicious code in @uipath/solution-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54c97ae73d789e83ab3e7d3a4aa60b13004ed8ddfba42a1b2941598b16e6ade5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @uipath/packager-tool-webapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76aeb1a6159cbf098abccd70c3d3006fb763c2ef580545a64d87267a79705ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Key Encapsulation Mechanism-Based Integrated Encryption Scheme (KEM-IES)

The Elliptic Curve Integrated Encryption Scheme ECIES is widely regarded as a practical method and has been adopted by multiple standards. However, the advancement of quantum computing technologies poses potential security risks to ECIES. Therefore, this study proposes a Key Encapsulation...

World Passkey Day: Advancing passwordless authentication

World Passkey Day is a chance to reflect on progress toward a shared goal: reducing our reliance on passwords and other phishable authentication methods by accelerating passkey adoption. As cyberattacks become more automated and AI-powered, each account is only as secure as its weakest credential...

From Specification to Deployment: Empirical Evidence from a W3C VC + DID Trust Infrastructure for Autonomous Agents

Autonomous AI agents now transact at production scale -- 69,000 bots executing 165 million transactions across 50 million USDC in cumulative volume on a single marketplace -- without any shared trust layer between participants. Regulatory frameworks Singapore IMDA, NIST CAISI, EU AI Act and major...

Omnistealer uses the blockchain to steal everything it can

A new infostealer dubbed Omnistealer is turning the blockchain into a permanent malware hosting platform, which is bad news for both companies and everyday users. It’s pretty common for malware to store its payload on a public platform, ideally one that adds some trustworthiness to the download...

On the Necessity of Pre-Agreed Secrets for Thwarting Last-Minute Coercion: Vulnerabilities and Lessons from the Loki E-Voting Protocol

Coercion-resistance CR is a crucial security property in e-voting systems. It ensures that an attacker cannot compel a voter to vote in a specific way by using threats or rewards. The Loki e-voting protocol, proposed by Giustolisi \emphet al. at IEEE S&P 2024, introduces a novel design that...

A Binary Classifier-Based Wire Resistance Attack on the KLJN Secure Key Exchanger

The statistical fluctuations of the mean-square noise voltages measured at Alice's and Bob's ends in the KLJN scheme are used to implement a binary classifier for a new type of wire resistance-based attack. The data are plotted on a two-dimensional graph, where the x- and y- axes represent the...

Aeternum C2 Botnet Stores Encrypted Commands on Polygon Blockchain to Evade Takedown

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control C2 infrastructure to make it resilient to takedown efforts. "Instead of relying on traditional servers or domains for command-and-control, Aeternum stores it...

Strengthening Security and Noise Resistance in One-Way Quantum Key Distribution Protocols through Hypercube-Based Quantum Walks

Quantum Key Distribution QKD is a foundational cryptographic protocol that ensures information-theoretic security. However, classical protocols such as BB84, though favored for their simplicity, offer limited resistance to eavesdropping, and perform poorly under realistic noise conditions. Recent...

Developer creates app to detect nearby smart glasses

An independent developer, moved after reading about the abuse of smart glasses to film people without their consent, decided to create an app to detect nearby smart glasses. Smart glasses are wearable devices built into ordinary-looking eyewear that add functions like audio, cameras, sensors, and...

OpenClaw, Moltbook, and ClawdLab: From Agent-Only Social Networks to Autonomous Scientific Research

In January 2026, the open-source agent framework OpenClaw and the agent-only social network Moltbook produced a large-scale dataset of autonomous AI-to-AI interaction, attracting six academic publications within fourteen days. This study conducts a multivocal literature review of that ecosystem a...

Linux Distros Unpatched Vulnerability : CVE-2026-26994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below...

UBUNTU-CVE-2026-27017

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

Protecting Context and Prompts: Deterministic Security for Non-Deterministic AI

Large Language Model LLM applications are vulnerable to prompt injection and context manipulation attacks that traditional security models cannot prevent. We introduce two novel primitives--authenticated prompts and authenticated context--that provide cryptographically verifiable provenance acros...

Advanced Encryption Technique for Multimedia Data Using Sudoku-Based Algorithms for Enhanced Security

Encryption and Decryption is the process of sending a message in a ciphered way that appears meaningless and could be deciphered using a key for security purposes to avoid data breaches. This paper expands on the previous work on Sudoku-based encryption methods, applying it to other forms of medi...

SemCovert: Secure and Covert Video Transmission Via Deep Semantic-Level Hiding

Video semantic communication, praised for its transmission efficiency, still faces critical challenges related to privacy leakage. Traditional security techniques like steganography and encryption are challenging to apply since they are not inherently robust against semantic-level transformations...

NGCaptcha: A CAPTCHA Bridging the past and the Future

CAPTCHAs are widely employed for distinguishing humans from automated bots online. However, current vision based CAPTCHAs face escalating security risks: traditional attacks continue to bypass many deployed CAPTCHA schemes, and recent breakthroughs in AI, particularly large scale vision models,...

Equilibrium SAT Based PQC: New Aegis against Quantum Computing

Public-key cryptography algorithms have evolved towards increasing computational complexity to hide desired messages, which is accelerating with the development of the Internet and quantum computing. This paper introduces a novel public-key cryptography algorithm that generates ciphertexts by...

Categorical Framework for Quantum-Resistant Zero-Trust AI Security

The rapid deployment of AI models necessitates robust, quantum-resistant security, particularly against adversarial threats. Here, we present a novel integration of post-quantum cryptography PQC and zero trust architecture ZTA, formally grounded in category theory, to secure AI model access. Our...