Aggregator

A vulnerability described as critical has been identified in Linux Kernel up to 5.10.153/5.15.76/6.0.6. This issue affects the function cti_disable_hw. Such manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2022-50491. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Linux Kernel up to 6.0.6. This impacts an unknown function. The manipulation results in use after free. This vulnerability was named CVE-2022-50492. The attack needs to be approached within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 5.15.85/6.0.15/6.1.1. Impacted is the function qla24xx_process_response_queue. Performing a manipulation results in stack-based buffer overflow. This vulnerability was named CVE-2022-50493. The attack needs to be approached within the local network. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 5.15.74/5.19.16/6.0.2. This vulnerability affects the function htab_lock_bucket of the component bpf. This manipulation causes out-of-bounds read. This vulnerability is handled as CVE-2022-50490. The attack can only be done within the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.0.2. This affects the function mipi_dsi_host_unregister of the component mipi-dsi. The manipulation results in infinite loop. This vulnerability is known as CVE-2022-50489. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 5.10.174/5.15.85/6.0.15/6.1.1. It has been rated as critical. Affected is the function bfq_select_queue. Performing a manipulation results in use after free. This vulnerability is reported as CVE-2022-50488. The attacker must have access to the local network to execute the attack. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in thinkst canarytokens up to 2019-03-01. The impacted element is an unknown function. This manipulation of the argument Title causes cross site scripting. This vulnerability appears as CVE-2026-28355. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in langgenius dify up to 1.8.x and classified as problematic. Affected is an unknown function of the component Dify API. Executing a manipulation can lead to observable response discrepancy. This vulnerability is handled as CVE-2026-28288. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

Ученые увеличили время жизни возбужденного состояния T-центра в кремнии в 5,4 раза.

Session 14B: Privacy & Cryptography 2

Authors, Creators & Presenters: (All Via The Hong Kong University of Science and Technology) Dongwei Xiao, Zhibo Liu, Yiteng Peng, Shuai Wang

PAPER
MTZK: Testing and Exploring Bugs in Zero-Knowledge (ZK) Compilers

Zero-knowledge (ZK) proofs have been increasingly popular in privacy-preserving applications and blockchain systems. To facilitate handy and efficient ZK proof generation for normal users, the industry has designed domain-specific languages (DSLs) and ZK compilers. Given a program in ZK DSL, a ZK compiler compiles it into a circuit, which is then passed to the prover and verifier for ZK checking. However, the correctness of ZK compilers is not well studied, and recent works have shown that de facto ZK compilers are buggy, which can allow malicious users to generate invalid proofs that are accepted by the verifier, causing security breaches and financial losses in cryptocurrency. In this paper, we propose MTZK, a metamorphic testing framework to test ZK compilers and uncover incorrect compilations. Our approach leverages deliberately designed metamorphic relations (MRs) to mutate ZK compiler inputs. This way, ZK compilers can be automatically tested for compilation correctness using inputs and mutated variants. We propose a set of design considerations and optimizations to deliver an efficient and effective testing framework. In the evaluation of four industrial ZK compilers, we successfully uncovered 21 bugs, out of which the developers have promptly patched 15. We also show possible exploitations of the uncovered bugs to demonstrate their severe security implications.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

The post NDSS 2025 – MTZK: Testing And Exploring Bugs In Zero-Knowledge (ZK) Compilers appeared first on Security Boulevard.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Закон AB 1043 обяжет поставщиков систем сообщать приложениям возрастную группу владельца.

Samsung and the State of Texas have reached a settlement agreement over the alleged unlawful collection of content-viewing information through its smart TVs [...]

iranmonitor.org是一个实时开源情报（OSINT）仪表板，专注于监测和记录伊朗境内发生的事件。 它由伊朗侨民（Iranian diaspora）创建，于2026年1月正式上线。 核心特点和内容 实时更新： 事件时间线（Events Timeline）、突发新闻（Breaking）、每日简报 社交媒体聚合： 筛选来自记者、新闻机构、活动人士等的X（Twitter）帖子，支持按类别浏览 数据可视化： 新闻提及热力图（城市级别）、互联网连接状态、航班跟踪、海军活动、预测市场赔率（如Polymarket）、社交媒体活跃度统计 语言：主要以英语呈现核心界面和分析，同时支持大量波斯语原始内容（推文、报道），有独立的波斯语版本路径（/fa） 网站非中立立场，谨慎阅读，但对实时获取伊朗开源情报有积极意义。

Думаете спам-фильтры спасут от взлома? Как бы не так.

Name: SECCON CTF 14 Domestic Finals (an SECCON CTF event.)
Date: Feb. 28, 2026, 1 a.m. — 01 March 2026, 09:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Tokyo, Japan
Offical URL: https://ctf.seccon.jp/
Rating weight: 37.00
Event organizers: SECCON CTF

Name: SECCON CTF 14 International Finals (an SECCON CTF event.)
Date: Feb. 28, 2026, 1 a.m. — 01 March 2026, 09:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Tokyo, Japan
Offical URL: https://ctf.seccon.jp/
Rating weight: 37.00
Event organizers: SECCON CTF

An unknown hacker used jailbreaking tactics against Anthropic's Claude and OpenAI's ChatGPT AI chatbots to exploit multiple weaknesses in Mexico's government networks and steal as much as 150GB of sensitive data, from 195 million taxpayer records to voting records and government employee credentials, according to Bloomberg.

The post Hacker Uses Claude, ChatGPT AI Chatbots to Breach Mexican Government Systems appeared first on Security Boulevard.

Hackers abused Claude Code to build exploits and steal 150GB of data in a cyberattack targeting Mexican government systems. Hackers abused Anthropic’s Claude Code AI assistant to develop exploits, create custom tools, and automatically exfiltrate more than 150GB of data in an attack on Mexican government systems, the Israeli cybersecurity firm Gambit Security reports. The […]