447 matches found
Malicious code in turboscan-client (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis aadd88a4cebcc045db4b6899180a44c571f6429b26ead528721f7474c03110a0 The OpenSSF Package Analysis project identified 'turboscan-client' @ 99.99.99 rubygems as malicious. It is considered malicious because: - The...
PT-2026-33168
Name of the Vulnerable Software and Affected Versions AMD Platform Configuration Blob APCB SMM driver affected versions not specified Description Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to...
MoEcho: Exploiting Side-Channel Attacks to Compromise User Privacy in Mixture-Of-Experts LLMs
The transformer architecture has become a cornerstone of modern AI, fueling remarkable progress across applications in natural language processing, computer vision, and multimodal learning. As these models continue to scale explosively for performance, implementation efficiency remains a critical...
Attack Graph Generation on HPC Clusters
Attack graphs AGs are graphical tools to analyze the security of computer networks. By connecting the exploitation of individual vulnerabilities, AGs expose possible multi-step attacks against target networks, allowing system administrators to take preventive measures to enhance their network's...
SAEL: Leveraging Large Language Models with Adaptive Mixture-Of-Experts for Smart Contract Vulnerability Detection
With the increasing security issues in blockchain, smart contract vulnerability detection has become a research focus. Existing vulnerability detection methods have their limitations: 1 Static analysis methods struggle with complex scenarios. 2 Methods based on specialized pre-trained models...
TEE-reversing
This repository is an offensive tool for learning how to reverse-engineer and achieve trusted code execution on ARM devices. It contains a curated list of public TEE resources, including papers on TEE reversing and security analysis. The repository includes links to various papers and resources o...
MAL-2025-6231 Malicious code in bufbuild-core (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ea2a6d8f75509bff2876bce466f00b9c7c810394f46e6479c6e2d8b19acc9557 The OpenSSF Package Analysis project identified 'bufbuild-core' @ 1.0...
CVE-2025-53537
creationtimestamp| type| source ---|---|--- 2025-07-24 00:53:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3luod2qveql2i 2025-10-10 06:46:36+00:00| seen| https://gist.github.com/Darkcrai86/7a8a46ebe032f3a5b6dc4800f88e9437...
Exploit for Type Confusion in Google Chrome
CVE-2024-4947 A in-the-wild V8 type confusion bug. This repo...
Privacy-Preserving Drone Navigation through Homomorphic Encryption for Collision Avoidance
As drones increasingly deliver packages in neighborhoods, concerns about collisions arise. One solution is to share flight paths within a specific zip code, but this compromises business privacy by revealing delivery routes. For example, it could disclose which stores send packages to certain...
MAL-2025-6009 Malicious code in protolab (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 395ceb17d3bf331597e101e685532b4af1d732b5ee31005221b0fcae61b97632 The OpenSSF Package Analysis project identified 'protolab' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MalCodeAI: Autonomous Vulnerability Detection and Remediation Via Language Agnostic Code Reasoning
The growing complexity of cyber threats and the limitations of traditional vulnerability detection tools necessitate novel approaches for securing software systems. We introduce MalCodeAI, a language-agnostic, multi-stage AI pipeline for autonomous code security analysis and remediation. MalCodeA...
CVE-2025-7465
creationtimestamp| type| source ---|---|--- 2025-07-12 07:51:32+00:00| seen| https://bsky.app/profile/potato.software/post/3ltqusyguui2b...
When Developer Aid Becomes Security Debt: a Systematic Analysis of Insecure Behaviors in LLM Coding Agents
LLM-based coding agents are rapidly being deployed in software development, yet their security implications remain poorly understood. These agents, while capable of accelerating software development, may inadvertently introduce insecure practices. We conducted the first systematic security...
Cockpit Detection
Binary data cockpitdetect.nbin...
CVE-2025-38215
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix doregisterframebuffer to prevent null-ptr-deref in fbvideomodetovar If fbaddvideomode in doregisterframebuffer fails to allocate memory for fbvideomode, it will later lead to a null-ptr dereference in fbvideomodetovar,...
Microsoft FrontPage Server Extensions (FPSE) Detection (HTTP)
HTTP based detection of Microsoft FrontPage Server Extensions FPSE. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2025-1707)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-FV92-FJC5-JJ9H vulnerabilities
Vulnerabilities for packages: glow, k9s, kyverno-policy-reporter-ui, tempo, jaeger, nri-kubernetes, dive, glab, calico, amazon-cloudwatch-agent, istio, jitsucom-bulker, opa-envoy, cloud-sql-proxy, github-mcp-server, golangci-lint, kor, cluster-api, opentofu, amazon-cloudwatch-agent-operator, wgcf...
MAL-2025-5278 Malicious code in codesandbox-deps (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a8cbaaee48ac510c9d11bc481194ff5a4006d0233d8d2d06a3422628cea6a879 Any computer that has this package installed or running should be considered...