447 matches found
MAL-2025-5251 Malicious code in aws-sdk-react-native-core (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 626365c8daf9243d0d8281fa741a8537d284b73f873547122f9bdab75513d280 Any computer that has this package installed or running should be considered...
Medium: amazon-cloudwatch-agent
Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...
Privacy-Preserving Federated Learning against Malicious Clients Based on Verifiable Functional Encryption
Federated learning is a promising distributed learning paradigm that enables collaborative model training without exposing local client data, thereby protect data privacy. However, it also brings new threats and challenges. The advancement of model inversion attacks has rendered the plaintext...
Building Automotive Security on Internet Standards: an Integration of DNSSEC, DANE, and DANCE to Authenticate and Authorize In-Car Services
The automotive industry is undergoing a software-as-a-service transformation that enables software-defined functions and post-sale updates via cloud and vehicle-to-everything communication. Connectivity in cars introduces significant security challenges, as remote attacks on vehicles have become...
Towards Effective Complementary Security Analysis Using Large Language Models
A key challenge in security analysis is the manual evaluation of potential security weaknesses generated by static application security testing SAST tools. Numerous false positives FPs in these reports reduce the effectiveness of security analysis. We propose using Large Language Models LLMs to...
Malicious code in taskcluster-db (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 015560a72e308c3ba1770533176ac7fe0bcfbe4892581829992ee47063774f5c Any computer that has this package installed or running should be considered...
MAL-2025-4952 Malicious code in eyeblue1 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d152785a33262aef07792faf0e6affc3c4b0272ea937b56cb3707f5e4286b9b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4619 Malicious code in @seo-frontend-components/card-blog-carousel (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1cfcc9a2754a9e96e7bfd7f7c78281a5016b48feeaa8c61f782bcab5dbe4ae8e The OpenSSF Package Analysis project identified '@seo-frontend-components/card-blog-carousel' @ 1.999.0 npm as malicious. It is considered...
Outsourcing SAT-Based Verification Computations in Network Security
The emergence of cloud computing gives huge impact on large computations. Cloud computing platforms offer servers with large computation power to be available for customers. These servers can be used efficiently to solve problems that are complex by nature, for example, satisfiability SAT problem...
Lightweight Hybrid Block-Stream Cryptographic Algorithm for the Internet of Things
In this thesis, a novel lightweight hybrid encryption algorithm named SEPAR is proposed, featuring a 16-bit block length and a 128-bit initialization vector. The algorithm is designed specifically for application in Internet of Things IoT technology devices. The design concept of this algorithm i...
Key Exchange Protocol Based on Circulant Matrix Action over Congruence-Simple Semiring
We present a new key exchange protocol based on circulant matrices acting on matrices over a congruence-simple semiring. We describe how to compute matrices with the necessary properties for the implementation of the protocol. Additionally, we provide an analysis of its computational cost and its...
CVE-2025-4492
creationtimestamp| type| source ---|---|--- 2025-05-09 22:14:49+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lorghtllrnq2 2025-05-09 22:26:25+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15855 2025-05-09...
CVE-2025-45797
creationtimestamp| type| source ---|---|--- 2025-05-08 20:23:54+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15614 2025-05-08 21:15:08+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loot2zwpsb32 2025-05-08...
CVE-2025-26844
creationtimestamp| type| source ---|---|--- 2025-05-08 16:48:44+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loodjcdwzzj2 2025-05-08 20:07:46+00:00| seen| https://t.me/cvedetector/24837...
CVE-2025-37773
In the Linux kernel, the following vulnerability has been resolved: virtiofs: add filesystem context source name check In certain scenarios, for example, during fuzz testing, the source name may be NULL, which could lead to a kernel panic. Therefore, an extra check for the source name should be...
Building a Secure Agentic AI Application Leveraging A2A Protocol
As Agentic AI systems evolve from basic workflows to complex multi agent collaboration, robust protocols such as Google's Agent2Agent A2A become essential enablers. To foster secure adoption and ensure the reliability of these complex interactions, understanding the secure implementation of A2A i...
JetBrains TeamCity Path Traversal Vulnerability
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A path traversal vulnerability exists in JetBrains...
A Novel Cipher for Enhancing MAVLink Security: Design, Security Analysis, and Performance Evaluation Using a Drone Testbed
We present MAVShield, a novel lightweight cipher designed to secure communications in Unmanned Aerial Vehicles UAVs using the MAVLink protocol, which by default transmits unencrypted messages between UAVs and Ground Control Stations GCS. While existing studies propose encryption for MAVLink, most...
ScaloWork: Useful Proof-Of-Work with Distributed Pool Mining
Bitcoin blockchain uses hash-based Proof-of-Work PoW that prevents unwanted participants from hogging the network resources. Anyone entering the mining game has to prove that they have expended a specific amount of computational power. However, the most popular Bitcoin blockchain consumes 175.87...
CGA-WMW2-H58H-2WJ3
Bulletin has no description...