528 matches found
go-tuf improperly validates the configured threshold for delegations
Security Disclosure: Improper validation of configured threshold for delegations Summary A compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. Impact Unathorized modification to TUF metadata...
GHSA-FPHV-W9FQ-2525 go-tuf improperly validates the configured threshold for delegations
Security Disclosure: Improper validation of configured threshold for delegations Summary A compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. Impact Unathorized modification to TUF metadata...
CVE-2025-69195 affecting package wget for versions less than 2.1.0-7
CVE-2025-69195 affecting package wget for versions less than 2.1.0-7. A patched version of the package is available...
PT-2026-3904
Name of the Vulnerable Software and Affected Versions go-tuf versions 2.0.0 through 2.3.0 Description go-tuf, a Go implementation of The Update Framework TUF, is susceptible to a condition where a compromised or misconfigured repository can have signature thresholds set to 0. This effectively...
CVE-2025-68231 affecting package kernel for versions less than 6.6.119.3-1
CVE-2025-68231 affecting package kernel for versions less than 6.6.119.3-1. An upgraded version of the package is available that resolves this issue...
A High-Recall Cost-Sensitive Machine Learning Framework for Real-Time Online Banking Transaction Fraud Detection
Fraudulent activities on digital banking services are becoming more intricate by the day, challenging existing defenses. While older rule driven methods struggle to keep pace, even precision focused algorithms fall short when new scams are introduced. These tools typically overlook subtle shifts ...
PT-2026-6164
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The uacce module, which supports device isolation, creates sysfs files if the driver implements the isolate err threshold read and isolate err threshold write callback functions. Users c...
PT-2026-8152
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18 Description The Linux kernel contains a flaw in the btrfs subsystem related to dirty metadata page handling. Specifically, the kernel may strictly require a dirty metadata threshold for metadata writepages,...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992770)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992770 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dmsmregisterthresholdcallback Fault inject on pool metadata...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992428)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992428 advisory. In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dmsmregisterthresholdcallback Fault inject on pool metadata...
Friday Squid Blogging: Squid Camouflage
New research: Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both predators and prey. Most studies have focused on benthic species of octopus and cuttlefish, while studies on squid focused mainly on the...
Evasion-Resilient Detection of DNS-Over-HTTPS Data Exfiltration: A Practical Evaluation and Toolkit
The purpose of this project is to assess how well defenders can detect DNS-over-HTTPS DoH file exfiltration, and which evasion strategies can be used by attackers. While providing a reproducible toolkit to generate, intercept and analyze DoH exfiltration, and comparing Machine Learning vs...
CVE-2025-61145 affecting package libtiff for versions less than 4.6.0-11
CVE-2025-61145 affecting package libtiff for versions less than 4.6.0-11. A patched version of the package is available...
CVE-2025-40288 affecting package kernel for versions less than 6.6.117.1-1
CVE-2025-40288 affecting package kernel for versions less than 6.6.117.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-64329 affecting package containerd2 for versions less than 2.0.0-16
CVE-2025-64329 affecting package containerd2 for versions less than 2.0.0-16. A patched version of the package is available...
CVE-2025-40280 affecting package kernel for versions less than 6.6.117.1-1
CVE-2025-40280 affecting package kernel for versions less than 6.6.117.1-1. An upgraded version of the package is available that resolves this issue...
Diverse LLMs Vs. Vulnerabilities: Who Detects and Fixes Them Better?
Large Language Models LLMs are increasingly being studied for Software Vulnerability Detection SVD and Repair SVR. Individual LLMs have demonstrated code understanding abilities, but they frequently struggle when identifying complex vulnerabilities and generating fixes. This study presents...
ByteShield: Adversarially Robust End-To-End Malware Detection through Byte Masking
Research has proven that end-to-end malware detectors are vulnerable to adversarial attacks. In response, the research community has proposed defenses based on randomized and derandomized smoothing. However, these techniques remain susceptible to attacks that insert large adversarial payloads. To...
AZL-71404 CVE-2025-40264 affecting package kernel for versions less than 6.6.119.3-1
In the Linux kernel, the following vulnerability has been resolved: be2net: pass wrbparams in case of OS2BMC beinsertvlaninpkt is called with the wrbparams argument being NULL at besendpkttobmc call site. This may lead to dereferencing a NULL pointer when processing a workaround for specific...
Adversarial Limits of Quantum Certification: When Eve Defeats Detection
Security of quantum key distribution QKD relies on certifying that observed correlations arise from genuine quantum entanglement rather than eavesdropper manipulation. Theoretical security proofs assume idealized conditions, practical certification must contend with adaptive adversaries who...