Aggregator

A vulnerability described as critical has been identified in pear pearweb up to 1.32.x. This issue affects some unknown processing of the component Karma Query Handler. Executing a manipulation can lead to sql injection. This vulnerability is tracked as CVE-2026-25236. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in pear pearweb up to 1.32.x. This vulnerability affects unknown code. Performing a manipulation results in predictable seed in pseudo-random number generator (prng). This vulnerability is identified as CVE-2026-25235. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in pear pearweb up to 1.32.x. This affects an unknown part of the component Category Manager. Such manipulation leads to sql injection. This vulnerability is referenced as CVE-2026-25234. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in pear pearweb up to 1.32.x. Affected by this issue is some unknown functionality of the component Roadmap Handler. This manipulation causes operator precedence logic error. The identification of this vulnerability is CVE-2026-25233. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

Hacked Infrastructure Delivered Chinese Nation-State Group's Backdoor, Experts Warn
The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors.

Social Media Network Faces Legal Barrage From France, United Kingdom and Spain
In the space of a few hours, French authorities raided X's office in Paris, the British privacy regulator opened an investigation into X and xAI, and Spanish Prime Minister Pedro Sánchez announced legal proposals that would criminalize algorithmic manipulation and amplification of illegal content.

Session 11B: Binary Analysis

Authors, Creators & Presenters: Yongpan Wang (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Hong Li (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Xiaojie Zhu (King Abdullah University of Science and Technology, Thuwal, Saudi Arabia), Siyuan Li (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Chaopeng Dong (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Shouguo Yang (Zhongguancun Laboratory, Beijing, China), Kangyuan Qin (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China)

PAPER
BinEnhance: An Enhancement Framework Based on External Environment Semantics for Binary Code Search

Binary code search plays a crucial role in applications like software reuse detection, and vulnerability identification. Currently, existing models are typically based on either internal code semantics or a combination of function call graphs (CG) and internal code semantics. However, these models have limitations. Internal code semantic models only consider the semantics within the function, ignoring the inter-function semantics, making it difficult to handle situations such as function inlining. The combination of CG and internal code semantics is insufficient for addressing complex real-world scenarios. To address these limitations, we propose BINENHANCE, a novel framework designed to leverage the inter-function semantics to enhance the expression of internal code semantics for binary code search. Specifically, BINENHANCE constructs an External Environment Semantic Graph (EESG), which establishes a stable and analogous external environment for homologous functions by using different inter-function semantic relation e.g., call, location, data-co-use}. After the construction of EESG, we utilize the embeddings generated by existing internal code semantic models to initialize EESG nodes. Finally, we design a Semantic Enhancement Model (SEM) that uses Relational Graph Convolutional Networks (RGCNs) and a residual block to learn valuable external semantics on the EESG for generating the enhanced semantics embedding. In addition, BinEnhance utilizes data feature similarity to refine the cosine similarity of semantic embeddings. We conduct experiments under six different tasks e.g}, under function inlining scenario and the results illustrate the performance and robustness of BINENHANCE. The application of BinEnhance to HermesSim, Asm2vec, TREX, Gemini, and Asteria on two public datasets results in an improvement of Mean Average Precision (MAP) from 53.6% to 69.7%. Moreover, the efficiency increases fourfold.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – BinEnhance appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in Exeebit phpinfo WP Plugin up to 4.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is listed as CVE-2023-26542. The attack may be initiated remotely. There is no available exploit.

A vulnerability, which was classified as critical, has been found in Lenosp up to 1.2.0. This vulnerability affects unknown code of the component Log Query Module. This manipulation causes sql injection. This vulnerability is tracked as CVE-2023-42178. The attack is only possible within the local network. No exploit exists.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.54/6.5.4. This impacts the function ice_eswitch_port_start_xmit of the component ice. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2023-53657. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.

"We will protect [children] from the digital Wild West," Prime Minister Pedro Sanchez reportedly said in remarks at the World Government Summit in Dubai.

Infostealer campaigns that once focused mainly on Windows are now expanding aggressively to macOS, using Python and trusted platforms to reach new victims. Recent attacks show a clear shift: threat actors are abusing online ads, fake apps, and familiar tools to quietly steal credentials, session cookies, and cryptocurrency data from Mac users. Cross‑platform Python stealers […]

The post Infostealer Campaigns Expand to macOS as Attackers Abuse Python and Trusted Platforms appeared first on Cyber Security News.

CISA has flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited in attacks and ordered federal agencies to patch their systems within three days. [...]

На полигоне Эглин показали дальнобойный удар и новый темп военных программ.

Cybercriminals are launching a dangerous phishing campaign that tricks users into giving away their login credentials by impersonating Dropbox. This attack uses a multi-stage approach to bypass email security checks and content scanners. The threat actors exploit trusted cloud platforms and harmless-looking PDF files to create a deception chain that leads victims to a fake […]

The post Beware of Fake Dropbox Phishing Attack that Harvest Login Credentials appeared first on Cyber Security News.

Hacked Infrastructure Delivered Chinese Nation-State Group's Backdoor, Experts Warn
The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors.

Social Media Network Faces Legal Barrage From France, United Kingdom and Spain
In the space of a few hours, French authorities raided X's office in Paris, the British privacy regulator opened an investigation into X and xAI, and Spanish Prime Minister Pedro Sánchez announced legal proposals that would criminalize algorithmic manipulation and amplification of illegal content.

Исследование на миллионе с лишним бесед показывает, где чаще теряется контроль над решениями.