GitHub

Redirect attack on Shadowsocks stream ciphers

Shadowsocks is a secure split proxy loosely based on SOCKS5. It’s widely used in china. I found a vulnerability in shadowsocks protocol which break the confidentiality of shadowsocks stream cipher. A ...
Security Boulevard

What is Encryption, Hashing, and Salting?

Encryption, hashing, and salting are the pillars of modern data protection. This guide breaks down what they are, how they work, and when to use each, complete with real-world examples and LoginRadius ...
IEEE

Methods and Benchmark for Detecting Cryptographic API Misuses in Python

Abstract: Extensive research has been conducted to explore cryptographic API misuse in Java. However, despite the tremendous popularity of the Python language, uncovering similar issues has not been ...
Ars Technica

Hugging Face, the GitHub of AI, hosted code that backdoored user devices

Code uploaded to AI developer platform Hugging Face covertly installed backdoors and other types of malware on end-user machines, researchers from security firm JFrog said Thursday in a report that’s ...
Ars Technica

SSH protects the world’s most sensitive networks. It just got a lot weaker

Sometime around the start of 1995, an unknown person planted a password sniffer on the network backbone of Finland’s Helsinki University of Technology (now known as Aalto University). Once in place, ...
The Hacker News

GuLoader Malware Using Malicious NSIS Executables to Target E-Commerce Industry

E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is ...
Bleeping Computer

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

Article updated on 2/6/23 with additional information and updated statistics. Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target ...