Aggregator
CVE-2023-53731 | Linux Kernel up to 4.14.321/4.19.290/5.4.250/5.10.187/5.15.120 netlink_set_err deadlock (WID-SEC-2025-2394)
CVE-2023-53730 | Linux Kernel up to 5.10.187/5.15.120/6.1.38/6.3.12/6.4.3 adjust_inuse_and_calc_cost deadlock (WID-SEC-2025-2394)
Ошибся буквой — взломали. Как хакеры зарабатывают на невнимательности программистов
【工具】xcanvas:开源代码指纹框架
NDSS 2025 – JBomAudit: Assessing The Landscape, Compliance, And Security Implications Of Java SBOMS
Session 14A: Software Security: Applications & Policies
Authors, Creators & Presenters: Yue Xiao (IBM Research), Dhilung Kirat (IBM Research), Douglas Lee Schales (IBM Research), Jiyong Jang (IBM Research), Luyi Xing (Indiana University Bloomington), Xiaojing Liao (Indiana University)
PAPER
JBomAudit: Assessing the Landscape, Compliance, and Security Implications of Java SBOMs
A Software Bill of Materials (SBOM) is a detailed inventory that lists the dependencies that make up a software product. Accurate, complete, and up-to-date SBOMs are essential for vulnerability management, reducing license compliance risks, and maintaining high software integrity. The US National Institute of Standards and Technology (NTIA) has established minimum requirements for SBOMs to comply with, especially the correctness and completeness of listed dependencies in SBOMs. However, these requirements remain unexamined in practice. This paper presents the first systematic study on the landscape of SBOMs, including their prevalence, release trends, and characteristics in the Java ecosystem. We developed an end-to-end tool to evaluate the completeness and accuracy of dependencies in SBOMs. Our tool analyzed 25,882 SBOMs and associated JAR files, identifying that 7,907 SBOMs failed to disclose direct dependencies, highlighting the prevalence and severity of SBOM noncompliance issues. Furthermore, 4.97% of these omitted dependencies were vulnerable, leaving software susceptible to potential exploits. Through detailed measurement studies and analysis of root causes, this research uncovers significant security implications of non-compliant SBOMs, especially concerning vulnerability management. These findings, crucial for enhancing SBOM compliance assurance, are being responsibly reported to relevant stakeholders.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – JBomAudit: Assessing The Landscape, Compliance, And Security Implications Of Java SBOMS appeared first on Security Boulevard.
SecWiki News 2026-02-28 Review
Things Were Even Worse at CISA Than We Thought
Just last week I wrote that CISA was on life support. That was before we knew how bad it really was. When Jen Easterly stepped down and the agency was left without a Senate-confirmed director, it was already troubling. The Cybersecurity and Infrastructure Security Agency — the nerve center for defending federal networks and coordinating..
The post Things Were Even Worse at CISA Than We Thought appeared first on Security Boulevard.
CVE-2026-1585 | Canon IJ Scan Utility up to 1.5.0 on Windows Windows Service unquoted search path (CNNVD-202602-4602)
Phishing Schemes Abuse .arpa TLD and IPv6 Tunnels to Evade Detection
Cybersecurity researchers at Infoblox Threat Intel have uncovered a highly sophisticated phishing campaign that exploits the foundational plumbing of the internet to bypass enterprise security controls. In a novel evasion tactic, threat actors are weaponizing the .arpa top-level domain (TLD) and utilizing IPv6 tunnels to host malicious phishing content. This approach actively circumvents traditional domain reputation checks, […]
The post Phishing Schemes Abuse .arpa TLD and IPv6 Tunnels to Evade Detection appeared first on Cyber Security News.
当你需要帮助时狗的反应类似 2 岁小孩但猫只会旁观
$4.8M in crypto stolen after Korean tax agency exposes wallet seed
Iran Has One Card Left—It’s Pointed at Your Network
In light of today’s attack by the U.S. and Israel on Iran, it is prudent to ask: What can Iran do? Strip away everything Iran had a year ago and ask yourself what’s left. Their nuclear program? Set back years, maybe a decade. Their air defenses? Dismantled across two conflicts. Hezbollah? Degraded to the point..
The post Iran Has One Card Left—It’s Pointed at Your Network appeared first on Security Boulevard.