filelock 安全漏洞

filelock is a Python file locker open-sourced by the tox development team. A security vulnerability exists in filelock versions prior to 3.20.1, which stems from the presence of a TOCTOU contention condition that could lead to arbitrary file corruption or truncation...

CVE-2025-68146

creationtimestamp| type| source ---|---|--- 2025-12-15 23:55:35+00:00| published-proof-of-concept| https://github.com/tox-dev/filelock/security/advisories/GHSA-w853-jp5j-5j7f...

Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program

Cybersecurity researchers have gleaned additional insights into a nascent ransomware-as-a-service RaaS called Cicada3301 after successfully gaining access to the group's affiliate panel on the dark web. Singapore-headquartered Group-IB said it contacted the threat actor behind the Cicada3301...

New HardBit Ransomware 4.0 Uses Passphrase Protection to Evade Detection

Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. "Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason...

FBI Seizes BreachForums Website

The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has gained access to the hacking forums backend data, as they claim, they would have email addresses, IP addresses, and private messages that could expose members and be use...

Tox: Remote Code Execution

Background Tox is easy-to-use software that connects you with friends and family without anyone else listening in. Description A vulnerability has been discovered in btrbk. Please review the CVE identifier referenced below for details. Impact A stack-based buffer overflow allows remote attackers ...

New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool

After the U.S. Cybersecurity and Infrastructure Security Agency CISA released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a syste...

New ESXiArgs Ransomware Variant Emerges After CISA Releases Decryptor Tool

After the U.S. Cybersecurity and Infrastructure Security Agency CISA released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a syste...

Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages

Twitter chief executive Elon Musk confirmed plans for end-to-end encryption E2EE for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments,...

depend (>=0.2.0 <=0.3.0), ekrhizoc (>=0.0.5 <=0.1.0) +13 more potentially affected by CVE-2022-36069 via poetry (>=0.12.17 <=1.1.5)

poetry PYPI version =0.12.17, =0.2.0, =0.0.5, =2020.1.0, =0.1.0, =0.1.3, =5.2.0, =0.0.5, =0.1.0, =0.4.0, =0.1.0, =0.3.0, =0.1.3, =0.0.1, =0.1.4 Source cves: CVE-2022-36069 Source advisory: OSV:GHSA-9XGJ-FCGF-X6MW...

depend (>=0.2.0 <=0.3.0), ekrhizoc (>=0.0.5 <=0.1.0) +13 more potentially affected by CVE-2022-36070 via poetry (>=0.12.17 <=1.1.5)

poetry PYPI version =0.12.17, =0.2.0, =0.0.5, =2020.1.0, =0.1.0, =0.1.3, =5.2.0, =0.0.5, =0.1.0, =0.4.0, =0.1.0, =0.3.0, =0.1.3, =0.0.1, =0.1.4 Source cves: CVE-2022-36070 Source advisory: OSV:PYSEC-2022-43179...

Exploit for Path Traversal in Secureauth Impacket

Impacket ======== !Latest Versionhttps://img.shields.io/pyp...

Crypto Miners Using Tox P2P Messenger as Command and Control Server

Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format ELF artifact "72client"...

Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update

Update on WhisperGate, Destructive Malware Targeting Ukraine – Threat Intelligence & Protections Update By Taylor Mullins, Mo Cashman and Raj Samani · January 20, 2022 Recent news reports of a “ransomware” campaign targeting Ukraine has resulted in significant press coverage regarding not only...

Destructive malware targeting Ukrainian organizations

Microsoft Threat Intelligence Center MSTIC has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022. Microsoft is aware of the ongoing geopolitical events in Ukraine and...

[SECURITY] Fedora 34 Update: toxcore-0.2.13-1.fc34

Tox is a peer to peer serverless instant messenger aimed at making security and privacy easy to obtain for regular users. It uses NaCl for its encryption and authentication...

Open Source Distributed Secure Skype Alternative: Tox Messenger

Open Source Distributed Secure Skype Alternative Distributed FOSS secure messenger with audio and video chat capabilities Tox began a few years ago, in the wake of Edward Snowden’s leaks regarding NSA spying activity. The idea was to create an instant messaging protocol that ran without any kind ...

Automated Malware Incident Response & Analysis: AMIRA

Automated Malware Incident Response & Analysis AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output Filters, in particular The One Filter to Rule Them All : the Analyze Filter. AMIRA takes care of...

Author Behind Ransomware Tox Calls it Quits, Sells Platform

Earlier this week, when the author behind the crypto-ransomware Locker apologized and released decryption keys for his victims, it seemed like a change of heart, uncharacteristic for an attacker. Now another ransomware creator has also decided to cut his losses and get out of the game – but not...

'Tox' Offers Free build-your-own Ransomware Malware Toolkit

"Ransomware" threat is on the rise, but the bad news is that Ransomware campaigns are easier to run, and now a Ransomware kit is being offered by hackers for free for anyone to download and distribute the threat. Ransomware is a type of computer virus that infects a target computer, encrypts thei...