Malicious code in @klapp-about/routes (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 715f07e0a1984fc9eb7d6432fc2491b08139755426b3c8905ba2d9274e2d4875 On npm install, the package's preinstall hook node index.js collects host and user identity data — os.hostname, os.userInfo.username, dirname,...

Exploit for CVE-2026-23870

Next.js v16.2.4 Security PoC Collection This repository colle...

Exploit for Code Injection in Anthropic Claude_Code

Claude Code: MCP Tool Confirmation Prompt Misrepresentation !...

Finite-Key Security Analysis of the Decoy-State BB84 QKD with Passive Measurement

The decoy-state Bennett-Brassard 1984 BB84 quantum key distribution QKD protocol is widely regarded as the de facto standard for practical implementations. On the receiver side, passive basis choice is attractive because it significantly reduces the need for random number generators and eliminate...

Modified Security Analysis of Device-Independent Quantum Key Distribution with Random Key Basis

Security analysis is a critical part in any cryptographic protocol, may it be classical or quantum. Without security analysis, one cannot ensure the secrecy of the distributed keys. To perform a conclusive security analysis, it is very often necessary to frame the problem as an optimization...

LURK-T: Limited Use of Remote Keys with Added Trust in TLS 1.3

In many web applications, such as Content Delivery Networks CDNs, TLS credentials are shared, e.g., between the website's TLS origin server and the CDN's edge servers, which can be distributed around the globe. To enhance the security and trust for TLS 1.3 in such scenarios, we propose LURK-T, a...

EBS-CFL: Efficient and Byzantine-robust Secure Clustered Federated Learning

Despite federated learning FL's potential in collaborative learning, its performance has deteriorated due to the data heterogeneity of distributed users. Recently, clustered federated learning CFL has emerged to address this challenge by partitioning users into clusters according to their...

Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws

Coinbase researchers reported 2 security issues in our implementation of the oblivious transfer OT based protocol DKLS: 1. Secret share recovery attack If the base OT setup of the protocol is reused for another execution of the OT extension, then a malicious participant can extract a bit of the...

GHSA-7F6P-PHW2-8253 Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws

Coinbase researchers reported 2 security issues in our implementation of the oblivious transfer OT based protocol DKLS: 1. Secret share recovery attack If the base OT setup of the protocol is reused for another execution of the OT extension, then a malicious participant can extract a bit of the...

CVE-2023-33242

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt 256 in total because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed...

CVE-2023-33242 Lindell17 TSS Abort Mishandling

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt 256 in total because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed...

CVE-2023-33242 Lindell17 TSS Abort Mishandling

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt 256 in total because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed...

Malicious code in security-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43c2fd7d3d460971c10e4ccff14c1417dfed5d21cc0db92939e491a4a58c4616 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Evidence for the Security of PKCS #1 Digital Signatures

This is interesting research: "On the Security of the PKCS1 v1.5 Signature Scheme": Abstract: The RSA PKCS1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that...

wget <= 1.9 Directory Traversal Exploit

Exploit for multiple platform in category remote exploits ======================================= wget = 1.9 Directory Traversal Exploit ======================================= !/usr/bin/perl -W wgettrap.poc -- A POC for the wget1 directory traversal vulnerability Copyright 2004 Jan Min=C3=A1=C5=...