Aggregator

A vulnerability described as critical has been identified in Linux Kernel up to 5.15.107/6.1.23/6.2.10. This vulnerability affects the function i915_perf_add_config_ioctl. Such manipulation leads to use after free. This vulnerability is traded as CVE-2023-54202. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.3.3. This affects the function netlink_recvmsg of the component netlink. This manipulation causes privilege escalation. This vulnerability is registered as CVE-2023-53853. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.2.4. Impacted is the function tty_driver_lookup_tty of the component tty. Executing a manipulation can lead to null pointer dereference. This vulnerability is handled as CVE-2023-54198. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in code-projects Blood Bank 1.0. It has been declared as problematic. Affected is an unknown function of the file index.php. Such manipulation of the argument msg leads to cross site scripting. This vulnerability is referenced as CVE-2023-46015. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in code-projects Blood Bank 1.0. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the file abs.php. Performing a manipulation of the argument Search results in cross site scripting. This vulnerability is identified as CVE-2023-46016. The attack can be initiated remotely. There is not any exploit available.

A vulnerability labeled as critical has been found in code-projects Blood Bank 1.0. This vulnerability affects unknown code of the file receiverLogin.php. The manipulation of the argument rpassword results in sql injection. This vulnerability is cataloged as CVE-2023-46017. The attack must originate from the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in code-projects Blood Bank 1.0. The affected element is an unknown function of the file hospitalLogin.php. Executing a manipulation of the argument hemail/hpassword can lead to sql injection. This vulnerability is handled as CVE-2023-46014. The attack can only be done within the local network. There is not any exploit available.

Four Principles Positioning the Nuclear Ecosystem for Long-Term Cyber Resilience
OT weaknesses are compounding across utilities, with 22% of critical infrastructure firms reporting OT incidents and external access driving half of breaches. U.K. NCSC's new guidance outlines connectivity principles that utilities can embed to avoid costly retrofits and compliance issues.

Futurex's Ruchin Kumar on CBDC Adoption and HSM Security for Transactions
CBDCs are expanding, with 90% of central banks exploring them. India's e-rupee pilot shows strong adoption, backed by RBI standards and HSM-secure transactions. Ruchin Kumar, VP for South Asia at Futurex, underscores awareness, interoperability and encryption as keys to CBDC success and PQC readiness.

Develop 'Strong Resilience and Recovery Plans,' Urges UK Cybersecurity Agency
Following Poland's energy grid being targeted by Russian nation-state attackers, Britain has issued a "severe cyberthreat" alert to its domestic critical national infrastructure operators, urging them to refine their defensive and resilience posture ahead of any unexpected escalation in targeting.

China, Iran, North Korea Hackers Exploit Gemini Across Attack Life Cycle
State-backed hackers weaponized Google's artificial intelligence model Gemini to accelerate cyberattacks, using the productivity tool as an offensive asset for reconnaissance, social engineering and malware development. Google said it has disabled accounts and strengthened defenses.

Session 12B: Malware

Authors, Creators & Presenters: Heng Li (Huazhong University of Science and Technology), Zhiyuan Yao (Huazhong University of Science and Technology), Bang Wu (Huazhong University of Science and Technology), Cuiying Gao (Huazhong University of Science and Technology), Teng Xu (Huazhong University of Science and Technology), Wei Yuan (Huazhong University of Science and Technology), Xiapu Luo (The Hong Kong Polytechnic University)

PAPER
Automated Mass Malware Factory: The Convergence of Piggybacking and Adversarial Example in Android Malicious Software Generation

Adversarial example techniques have been demonstrated to be highly effective against Android malware detection systems, enabling malware to evade detection with minimal code modifications. However, existing adversarial example techniques overlook the process of malware generation, thus restricting the applicability of adversarial example techniques. In this paper, we investigate piggybacked malware, a type of malware generated in bulk by piggybacking malicious code into popular apps, and combine it with adversarial example techniques. Given a malicious code segment (i.e., a rider), we can generate adversarial perturbations tailored to it and insert them into any carrier, enabling the resulting malware to evade detection. Through exploring the mechanism by which adversarial perturbation affects piggybacked malware code, we propose an adversarial piggybacked malware generation method, which comprises three modules: Malicious Rider Extraction, Adversarial Perturbation Generation, and Benign Carrier Selection. Extensive experiments have demonstrated that our method can efficiently generate a large volume of malware in a short period, and significantly increase the likelihood of evading detection. Our method achieved an average attack success rate (ASR) of 88.3% on machine learning-based detection models (e.g., Drebin and MaMaDroid), and an ASR of 76% and 92% on commercial engines Microsoft and Kingsoft, respectively. Furthermore, we have explored potential defenses against our adversarial piggybacked malware.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Automated Mass Malware Factory appeared first on Security Boulevard.

A vulnerability was found in SeaCMS 12.9. It has been declared as critical. The affected element is an unknown function of the file admin_safe.php. Such manipulation leads to privilege escalation. This vulnerability is documented as CVE-2023-46010. The attack requires being on the local network. There is not any exploit available.

A vulnerability was found in SourceCodester Best Courier Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /edit_staff.php. The manipulation of the argument ID results in sql injection. This vulnerability is reported as CVE-2023-46007. The attacker must have access to the local network to execute the attack. No exploit exists.

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Impacted is an unknown function of the file /edit_user.php. This manipulation of the argument ID causes sql injection. This vulnerability appears as CVE-2023-46006. The attacker needs to be present on the local network. There is no available exploit.

VNCTF 2026 web方向部分解

A vulnerability classified as critical has been found in MojoPortal CMS 2.9.0.1. Affected by this vulnerability is an unknown functionality of the file /DesignTools/SkinList.aspx of the component ZIP File Handler. Performing a manipulation results in unrestricted upload. This vulnerability is cataloged as CVE-2025-69770. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability described as problematic has been identified in IObit Unlocker 1.3.0.11. Affected is an unknown function. Such manipulation leads to denial of service. This vulnerability is listed as CVE-2025-66676. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability marked as critical has been reported in Tandoor Recipes up to 2.5.0. This impacts an unknown function. This manipulation of the argument file_path causes path traversal. This vulnerability is tracked as CVE-2026-25964. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in treeverse lakeFS up to 1.76.x. This affects the function strings.HasPrefix of the file pkg/block/local/adapter.go of the component Local Block Adapter. The manipulation results in path traversal. This vulnerability is identified as CVE-2026-26187. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.