CVE-2026-42278

UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...

CVE-2026-42278 UltraDAG: Smart Account Spending Policy Bypass via Pockets

UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...

CVE-2026-42278

CVE-2026-42278 affects UltraDAG (Rust) and specifically the SmartTransferTx policy enforcement path. Before commit fb6ef59, a transaction originating from a Pocket (a derived sub-address) could bypass spending controls because the pocket’s parent account wasn’t resolved before evaluating the spen...

CVE-2026-42278 UltraDAG: Smart Account Spending Policy Bypass via Pockets

UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline. When a transaction originates from a "Pocket" a derived sub-address documented in the protocol a...

Politicians Are Spending More Money on Security as They Increasingly Become Targets

Political candidates are purchasing more home alarms, bulletproof vests, and other protections amid rising fears of political violence...

Academia and the “AI Brain Drain”

In 2025, Google, Amazon, Microsoft and Meta collectively spent US$380 billion on building artificial-intelligence tools. That number is expected to surge still higher this year, to $650 billion, to fund the building of physical infrastructure, such as data centers see go.nature.com/3lzf79q...

CVE-2020-12119

Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee RBF. It increases the user's balance with the value of an unconfirmed transaction as soon as it is received before the transaction is confirmed and does not decrease the balance when it is canceled. As a result, users are exposed t...

Black Friday 2025 in Review: What Retailers Need to Know About This Year’s Holiday Shopping Season

Holiday shopping season is in full swing, and Black Friday 2025 continued to demonstrate that consumer demand and attacker activity shows no signs of slowing. According to Adobe Analytics, U.S. consumers spent $11.8 billion online on Black Friday, setting a new record and highlighting sustained...

Against the Federal Moratorium on State-Level Regulation of AI

Cast your mind back to May of this year: Congress was in the throes of debate over the massive budget bill. Amidst the many seismic provisions, Senator Ted Cruz dropped a ticking time bomb of tech policy: a ten-year moratorium on the ability of states to regulate artificial intelligence. To many,...

CVE-2025-65548

NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell cashubtc/nuts before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary da...

Company Wrecked by Ransomware Only Spent 120,000 Pounds Per Year on Cyber Security

Do you remember the story of the UK-based logistics company that closed due to ransomware and laid off 730 workers? Today in an article about a warning to UK businesses about cyber incidents, their “director” said they “were throwing £120,000 a year at cyber-security with insurance and systems an...

EUVD-2020-4434

Malware in sbrugna...

EUVD-2013-3158

Malware in sbrugna...

EUVD-2020-28003

Malware in sbrugna...

EUVD-2020-29654

Malware in sbrugna...

EUVD-2013-3157

Malware in sbrugna...

EUVD-2021-33047

Malicious code in bioql PyPI...

EUVD-2023-1652

Malicious code in bioql PyPI...

CVE-2025-57801

gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to missing scalar checks in the Verify and prepareVerification functions. An attacker can produce multiple valid signatures for the same message by manipulating the S value in EdDSA a...