SecLists.Org Security Mailing List Archive

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe to nmap-dev here.

• Archived Posts
• RSS Feed
• About List
• nmap-devLatest Posts

Re: .NET Wrapper for Npcap Verde Denim (Jun 11)
Stop

.NET Wrapper for Npcap Altaffer, Steven via dev (Jun 11)
Not sure if this is off topic, Npcap took me to this mail list.

We developed a Visual C# app using Winpcap and PcapDotNet v1.0.4 wrapper to allow integrating into the C# project. I
have performed several searches for the equivalent wrapper or C++/CLI project for Npcap with no luck. If someone knows
of one out there, I would appreciate a link.

Thanks

Steve Altaffer - Donatech Corp

Issue with ssh2-enum-algos? Frank Bergmann (Jun 08)
Hi,

while playing around with the ssh protocol I noticed that ssh2-enum-algos
lists different algorithms for kex_algorithms, encryption_algorithms and
mac_algorithms than what I get from the same ssh server.

I also made a test with ssh itself for encryption_algorithms and it did show
up exactly the same list like I get with my own tool.
ssh2-enum-algos shows also aes256-cbc which doesn't appear in my tool and in
ssh client:

$...

Windows 10/11: Ncat: A message sent on a datagram socket was larger than the internal message buffer ... Ken Kayser (Feb 20)
*Describe the bug*
When listening to a port with ncat, as soon as a UDP packet is received, I
receive a constant stream of errors with the following text: "Ncat: A
message sent on a datagram socket was larger than the internal message
buffer or some other network limit, or the buffer used to receive a
datagram into was smaller than the datagram itself. ."

*To Reproduce*

1. In either a Windows command line or Powershell I enter...

Reverse DNS (issue #3007) Matteo Nicoli (Feb 13)
Hi all,

I noticed a cool feature proposal on GitHub (issue 3007 <https://github.com/nmap/nmap/issues/3007>). It basically
suggests a new feature for returning the (complete) list of DNS records obtained — through reverse DNS lookups — from
an IP address. If it matches with the map product roadmap, I’d like to start implementing it. Is there some maintainer
who could give me a brief feedback about it?

Cheers,
Matteo

Re: Mail stoppage Gordon Fyodor Lyon (Feb 12)
Yes, this was my fault. Mail to the Nmap dev list from non-subscribers
goes through moderation to keep out the spam. I regularly go through the
moderation queue to find and approve the "real" messages, but I was a bit
slow this time. We strongly recommend that folks posting to the list first
subscribe to it. This avoids the moderation delay and prevents them from
missing any responses which might only be sent to the list.

Cheers,...

Mail stoppage Dave Close (Feb 12)
Several messages received today seem to have been stuck on nmap.org for
up to a month. Example (edited for clarity):

Version: 7.94+SVN TypeError: Couldn't find foreign struct converter for 'cairo.Context' Hendrick Halim (Feb 12)
Version: 7.94+SVN
TypeError: Couldn't find foreign struct converter for 'cairo.Context'

topology tab crash Genny and Doug Kent (Feb 12)
zenmap crashes when topology tab clicked.

Output message below

Version: 7.94+SVN
TypeError: Couldn't find foreign struct converter for 'cairo.Context'

Doug Kent

PR #2954, Fix out of bounds reads in packet parsing Domen Puncer Kugler via dev (Feb 12)
Hi,

I've submitted a pull request a few months ago:
https://github.com/nmap/nmap/pull/2954

The PR includes following three commits:
- Fix out of bounds read in HopByHopHeader::validate
- Fix out of bounds read in PacketParser::split
- Add AFL test code for PacketParser

This was found as a part of a short Hackathon at NCC Group.
As far as I can tell, there is no security impact, but it would still be nice
to see this fixed.

Kind regards

High-Priority HTML Parsing script astrotoki via dev (Feb 12)
Hello,

I noticed that under the high priority script ideas was the need for a library that parses HTML info from sites. I
wrote a script that uses a web crawler and extracts html info from attached pages and accompanying urls within the html
body. Let me know if this is what yall were after?

Thanks!
Ryan LaPierre <Astro>_______________________________________________
Sent through the dev mailing list...

URL Pathfinder astrotoki via dev (Feb 12)
Hello all!

I just wrote up another script, trying to practice and maybe have some added to the master list for nmap. This script
enumerates possible hidden path extensions on urls. As always, Id love input on it, changes or updates.

Thanks all!
Ryan LaPierre <Astro>_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/

Null Byte Poisoning NSE astrotoki via dev (Feb 12)
Here is my submission of a script I wrote that should test a site for null byte poisoning vulnerabilities._______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/

Re: First Go astrotoki via dev (Feb 12)
Here is an updated version with more XSS patterns integrated into it. As well as some clean up!

I also created a separate .lua with just the http crawler function.

Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at https://seclists.org/nmap-dev/

First Go astrotoki via dev (Feb 12)
Hello!,

I just started learning Lua for writing NSEs and had a go at a HTTP crawler that identifies XSS vulnerabilities on
sites. I used Juice-Shop OWASP to confirm it works. (Thats why the source code uses port 3000 in addition to 80) Id
love feedback! Doing my best to learn as much as I can. I attached the http_xss_crawler.nse below!

PS. I had used ChatGPTo1 and Github CoPilot to aid in debugging and syntax issues. The overall code is my...

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe to stay informed.

• Current Year
• Archived Posts
• RSS Feed
• About List
• nmap-announceLatest Posts

Npcap Version 1.82 Released with VLAN Tagging and More Gordon Fyodor Lyon (Apr 28)
Dear Nmap Community,

In preparation for an imminent Nmap release (hopefully this week!), we have
released Version 1.82 of our Npcap Windows packet capture and transmission
driver. It builds upon the recent 1.81 release to add support for VLAN
tagging. This allows you to select for packets directed to a certain VLAN
or just inspect the VLAN headers on any packets received. It's especially
useful for Wireshark users. You can also now send...

Nmap 7.95 released: OS and service detection signatures galore! Gordon Fyodor Lyon (May 05)
Dear Nmap Community,

I just arrived in San Francisco for the RSA conference and am delighted to
announce our Nmap Version 7.95 release! I'm most excited that we finally
tackled our backlog of OS and service detection fingerprint submissions.
We're not talking about dozens or hundreds of them-we processed more than
6,500 fingerprints!

For OS detection, we added 336 signatures, bringing the new total to 6,036.
Additions include iOS 15...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

• Current Month
• Archived Posts
• RSS Feed
• About List
• fulldisclosureLatest Posts

CVE-2025-59397 - Open Web Analytics SQL Injection Seralys Research Team via Fulldisclosure (Oct 08)
Seralys Security Advisory | https://www.seralys.com/research
======================================================================
Title: SQL Injection Vulnerability
Product: Open Web Analytics (OWA)
Affected: Confirmed on 1.8.0 (older versions likely affected)
Fixed in: 1.8.1
Vendor: Open Web Analytics (open-source)
Discovered: August 2025
Severity: HIGH
CWE: CWE-89: SQL Injection
CVE: CVE-2025-59397...

Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft josephgoyd via Fulldisclosure (Oct 07)
The GitHub link has a write up on the attack-chain. Along with the CNVD certs that were issued for validation.

https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201

Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft full (Oct 07)
Substack is down. If there is a replacement, it is appreciated.

-x9p

Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11 Stefan Kanthak via Fulldisclosure (Oct 07)
On a fresh installation of the just released Windows 11 25H2 the former file
%SystemRoot%\System32\SecurityHealth\10.0.27840.1000-0\SecurityHealthHost.exe
is %SystemRoot%\System32\SecurityHealthHost.exe now, but the BUG persists:

| svchost.exe (PID = 9876) identified \\?\C:\Windows\System32\SecurityHealthHost.exe
| as Disallowed using default rule, Guid = {11015445-d282-4f86-96a2-9e485f593302}

stay tuned, and far away from bug-riddled Windows...

Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) josephgoyd via Fulldisclosure (Oct 02)
Updated repo location: https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201

Working exploit:
https://www.dropbox.com/scl/fi/ech6wdnpnyscbfiu2o8zh/IMG_1118.png?rlkey=jna5uo6aihs6tfbwtsk8fw7em&st=8c56raq8&dl=0

Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft josephgoyd via Fulldisclosure (Oct 02)
Updated repo location: https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201

Working exploit:
https://www.dropbox.com/scl/fi/oerpnhq1ui3xfswsszfh2/Audio-clip.amr?rlkey=7n54m1o84poezyipxvd2f9slx&st=b1tkonvr&dl=0

Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib Ron E (Sep 30)
A denial-of-service vulnerability exists in Samtools and the underlying
HTSlib when processing BED files containing extremely large interval
values. The bed_index_core() function in bedidx.c uses the interval end
coordinate to calculate allocation size without sufficient validation. By
supplying a BED record with a crafted end coordinate (e.g., near 2^61), an
attacker can trigger uncontrolled memory allocation requests via
hts_resize_array_()....

Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow Ron E (Sep 30)
In the samtools coverage subcommand, the -w / --n-bins option allows the
user to specify how many “bins” to produce in the coverage histogram. The
code computes: stats[tid].bin_width = (stats[tid].end - stats[tid].beg) /
n_bins; When the number of bins (n_bins) is extremely large relative to the
region length (end - beg), this integer division can yield zero, or lead to
unexpected behavior in subsequent arithmetic. Later in print_hist(),...

libgeotiff 1.7.4 Heap Buffer Overflow in geotifcp (libgeotiff) During 8-to-4 Bit Downsample with Odd Image Width Ron E (Sep 30)
A heap buffer overflow vulnerability exists in the geotifcp utility,
distributed as part of libgeotiff. The flaw occurs in the function
cpContig2ContigByRow_8_to_4 when processing TIFF images with an odd
ImageWidth and using the -d option (downsampling from 8-bit to 4-bit).
During conversion, the function iterates over pixels in pairs and always
accesses buf_in[i_in+1]. When the width is odd, the last iteration
dereferences one byte past the...

APPLE-SA-09-29-2025-6 visionOS 26.0.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-6 visionOS 26.0.1

visionOS 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125338.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: Apple Vision Pro
Impact: Processing a maliciously crafted font may lead to unexpected app
termination...

APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-5 macOS Sonoma 14.8.1

macOS Sonoma 14.8.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125330.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Sonoma
Impact: Processing a maliciously crafted font may lead to unexpected app...

APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-4 macOS Sequoia 15.7.1

macOS Sequoia 15.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125329.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Sequoia
Impact: Processing a maliciously crafted font may lead to unexpected app...

APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-3 macOS Tahoe 26.0.1

macOS Tahoe 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125328.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: macOS Tahoe
Impact: Processing a maliciously crafted font may lead to unexpected app
termination...

APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-2 iOS 18.7.1 and iPadOS 18.7.1

iOS 18.7.1 and iPadOS 18.7.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125327.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch
3rd generation and...

APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1 Apple Product Security via Fulldisclosure (Sep 30)
APPLE-SA-09-29-2025-1 iOS 26.0.1 and iPadOS 26.0.1

iOS 26.0.1 and iPadOS 26.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/125326.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

FontParser
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation
and later, iPad Pro...

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

• Archived Posts
• RSS Feed
• About List

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

• Archived Posts
• RSS Feed
• About List

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

• Archived Posts
• RSS Feed
• About List

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

• Archived Posts
• RSS Feed
• About List

Firewall Wizards — Tips and tricks for firewall administrators

• Archived Posts
• RSS Feed
• About List

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

• Archived Posts
• RSS Feed
• About List

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

• Archived Posts
• RSS Feed
• About List

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• dailydaveLatest Posts

Offensive AI Con Dave Aitel via Dailydave (Oct 08)
So I just got back from "Offensive AI Conference" in San Diego and it was a
great event - for a first time conference it ran especially smoothly, the
attendees were an amazing crowd, and many of the talks were extremely
strong. There's something about a conference that is not recording the
talks that gets people to actually sit and listen to them via the magic of
FOMO, but also, when a conference is "invite only" then you...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

• Archived Posts
• RSS Feed
• About List

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

• Archived Posts
• RSS Feed
• About List

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

• Archived Posts
• RSS Feed
• About List

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

• Archived Posts
• RSS Feed
• About List

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

• Archived Posts
• RSS Feed
• About List
• certLatest Posts

Apple Releases Security Updates for Multiple Products CISA (Mar 28)
Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information
has recently been updated and is now available.

Apple Releases Security Updates for Multiple Products [
https://www.cisa.gov/news-events/alerts/2023/03/28/apple-releases-security-updates-multiple-products ] 03/28/2023 01:00
PM EDT

Apple...

CISA Releases Six Industrial Control Systems Advisories CISA (Mar 23)
Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information
has recently been updated, and is now available.

CISA Releases Six Industrial Control Systems Advisories [
https://www.cisa.gov/news-events/alerts/2023/03/23/cisa-releases-six-industrial-control-systems-advisories ] 03/23/2023
08:00 AM EDT...

CISA Releases Eight Industrial Control Systems Advisories CISA (Mar 21)
Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information
has recently been updated, and is now available.

CISA Releases Eight Industrial Control Systems Advisories [
https://www.cisa.gov/news-events/alerts/2023/03/21/cisa-releases-eight-industrial-control-systems-advisories ]
03/21/2023 08:00 AM...

CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management CISA (Mar 21)
Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information
has recently been updated, and is now available.

CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management [...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• oss-secLatest Posts

CVE-2025-62228: Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC, Apache Flink CDC: SQL injection via maliciously crafted identifiers Leonard Xu (Oct 09)
Severity:

Affected versions:

- Apache Flink CDC (org.apache.flink:flink-connector-mysql-cdc) 3.0.0 through 3.4.0
- Apache Flink CDC (org.apache.flink:flink-connector-sqlserver-cdc) 3.0.0 through 3.4.0
- Apache Flink CDC (org.apache.flink:flink-connector-db2-cdc) 3.0.0 through 3.4.0
- Apache Flink CDC (org.apache.flink:flink-connector-oracle-cdc) 3.0.0 through 3.4.0
- Apache Flink CDC (org.apache.flink:flink-cdc-pipeline-connector-oceanbase)...

Fwd: Heads-up: Upcoming Samba security releases Douglas Bagnall (Oct 08)
The Samba team (which includes me) has announced there will be a
security release next Wednesday. This is our standard procedure, though
this time we have added an estimate of how many people might be affected
by each bug.

Douglas

-------- Forwarded Message --------
Subject: Heads-up: Upcoming Samba security releases
Date: Thu, 9 Oct 2025 17:38:13 +1300
From: Douglas Bagnall via samba-technical <samba-technical () lists samba org>...

several vulnerabilities fixed in Go 1.25.2 and Go 1.24.8 Jan Schaumann (Oct 07)
Forwarding from
https://groups.google.com/g/golang-nuts/c/Gxn25BP4MXk/m/3KrM-XBOBAAJ
because I don't think I've seen it here on this list
yet.

----- Forwarded message from announce () golang org -----

----- End forwarded message -----

redis: CVE-2025-49844: Lua Use-After-Free may lead to remote code execution Jan Schaumann (Oct 07)
I haven't seen it here on this list yet, so
forwarding:

There's an RCE vulnerability in Redis with a CVSS
Score of 9.9 (although advertised as 10.0):

https://nvd.nist.gov/vuln/detail/CVE-2025-49844
https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Impact

An authenticated user may use a specially crafted Lua
script to manipulate the garbage collector, trigger a...

Re: Announce: OpenSSH 10.1 released David Leadbeater (Oct 07)
[...]

There was a minor error in the above, it should say %r (remote
username), not %u (local username).

It has also now been assigned CVE-2025-61984.

I thought it was worth expanding on this issue, it is essentially a
follow up from CVE-2023-51385, where if a user clones a git repo or
otherwise performs another action that passes an attacker controlled
string to SSH, it could be passed through to the user configured
ProxyCommand. i.e. it...

Resource consumption weakness in Postgres-using applications & frameworks Peter Bex (Oct 06)
Hello all,

In "Paged Out!" magazine, issue #7, I posted an article[1] about a
potential resource consumption weakness (aka potential DoS) in
applications using Postgres. This issue allows an attacker to
force a sequential scan under certain conditions, regardless of any
index.

The issue itself was originally found by Jeremy Evans in 2022[2] using
integer literals in SQL statements. It had a broader impact than he
originally thought...

Announce: OpenSSH 10.1 released Damien Miller (Oct 06)
OpenSSH 10.1 has just been released. It will be available from the
mirrors listed at https://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More...

Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros nightmare . yeah27 (Oct 05)
Yes, thank you. This in fact improved my understanding of the
situation a lot. I hope it also did so for others.

Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH (Oct 04)
I don't understand this, sorry. Right now, we _do_ triage all bugfixes
that are added to the Linux kernel and classify them if they meet the
requirement of a "vulnerability" as required by cve.org or not. Any
that do, we assign a CVE to. Any that do not, we do not. There are 3
of us doing this work, in our public git repo, plus we have 2 "guest"
reviewers also helping out at times, so everyone can see what is...

Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros nightmare . yeah27 (Oct 04)
I can guess Attila's meaning as an outsider. It seems strange to me
that as one so deeply engaged in these issues you (Greg) cannot do
that.

The meaning is: it *would* be unsustainable *if* you actually started
triaging. You don't triage now, because "a bug is a bug".

Re: fetchmail-SA-2025-01: SMTP AUTH denial of service now called CVE-2025-61962. Matthias Andree (Oct 04)
fetchmail-SA-2025-01: SMTP AUTH denial of service

Topics: fetchmail SMTP client can crash when authenticating

Author: Matthias Andree
Version: 1.1
Announced: 2025-10-03
Type: failure to validate network input in certain configurations
Impact: fetchmail tries to read from address 1 and can crash
Severity: moderate

URL: https://www.fetchmail.info/fetchmail-SA-2025-01.txt
Project URL:...

Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH (Oct 03)
What do you mean by this? I never stated it was unsustainable, in fact
it's just fine from our side. What is the problem you are wanting
others to help in solving with here exactly?

We never turn down help, so sure, work away. But I'm very unclear as to
exactly what you are going to be wanting to work on.

Decision about what exactly?

What specific criticisms are you having here? What what ones does
Canonical have? I talk to...

Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Attila Szasz (Oct 03)
Greg,

I truly appreciate your answer. When I last spoke about this at a
private infosec conference, I made it clear to the audience that I
deeply respect your work. In my view, developing Linux continues to be
one of the most admirable and noble endeavors in technology.

That said, let me try to be constructive.

I know the workload is immense, but from my perspective as a security
researcher, here’s what I propose:

*

I can reach...

fetchmail-SA-2025-01: SMTP AUTH denial of service Alan Coopersmith (Oct 03)
fetchmail-SA-2025-01: SMTP AUTH denial of service

Topics: fetchmail SMTP client can crash when authenticating

Author: Matthias Andree
Version: 1.0
Announced: 2025-10-03
Type: failure to validate network input in certain configurations
Impact: fetchmail tries to read from address 1 and can crash
Severity: moderate

URL: https://www.fetchmail.info/fetchmail-SA-2025-01.txt
Project URL:...

Re: Re: Re: Linux kernel: HFS+ filesystem implementation, issues, exposure in distros Greg KH (Oct 03)
Wait, we got an award and no one invited us to the party to receive it?
That's sad, we need to add it to our shelf of "awards we never knew we
wanted to shoot for" :)

While I appreciate the invitation, unfortunately my travel schedule will
not allow me to attend FOSDEM next year. Fortunately your list of
questions have already been covered by me in previous talks I have given
so you can refer to them and follow up if you have...

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

• Archived Posts
• RSS Feed
• About List

Educause Security Discussion — Securing networks and computers in an academic environment.

• Archived Posts
• RSS Feed
• About List

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

• Current Month
• Archived Posts
• RSS Feed
• About List
• nanogLatest Posts

Are there any AT&T DNS administrators on this list. Stephenson, Ryan M CIV DISA PEO CYBER (USA) via NANOG (Oct 09)
Please contact me off list.

Re: Apple Support Geolocation Jon Lewis via NANOG (Oct 08)
Are you kidding? "back in August" as in a month or two ago? We're still
dealing with stale IP Geo data for IP space acquired and swipped years
ago.

----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Blue Stream Fiber, Sr. Neteng | therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Re: Apple Support Geolocation Robert L Mathews via NANOG (Oct 08)
You might want to try adding an RFC 8805/9092 Geofeed to your ARIN WHOIS comments. If you're not sure what this means,
see the example for Cloudflare at <https://whois.arin.net/rest/ip/172.64.0.0>, which contains:

Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv

In theory, geolocation providers can see that and use it to publish accurate info without guessing. (I have no idea
whether Apple uses it.)

Re: ARIN Waiting List Recipients Begin Receiving Allocated IPs from 131.143.0.0/16 Zhang Gaoxing via NANOG (Oct 08)
https://stat.ripe.net/resource/131.143.126.1#tab=overview < from here only
AS13509 announces it before, but it is an APNIC ASN? It was announced by
mistake or it belonged to APNIC and was transferred to ARIN for some reason?

Trey Scarborough via NANOG <nanog () lists nanog org>于2025年10月8日 周三下午11:19写道：

Re: ARIN Waiting List Recipients Begin Receiving Allocated IPs from 131.143.0.0/16 Ezri Zhu via NANOG (Oct 08)
I see, following my reply I was approved for ARIN WhoWas for
historic WHOIS, however it seems like they only support singular
IP address lookups. I have followed up with their support to see
if I can see the history of a /16 block.

Best,

Re: ARIN Waiting List Recipients Begin Receiving Allocated IPs from 131.143.0.0/16 Trey Scarborough via NANOG (Oct 08)
most recent ARIN issued report

[arin-issued] Daily Report for 2025-10-07

Add 131.143.16.0-131.143.19.255
through
Add 131.143.235.0-131.143.235.255

131.143.0.0/16 was issued to Rockwell so its easy to see that there
could be blocks that existed globally.

Trey

Re: ARIN Waiting List Recipients Begin Receiving Allocated IPs from 131.143.0.0/16 Zhang Gaoxing via NANOG (Oct 08)
NetRange: 131.143.124.0 - 131.143.124.255

I noticed that the ARIN Waiting List has recently decreased quite a bit.
Then I found that a new company I’ve been following, along with several
others, has received newly allocated IPs from this same range. The
allocations might not cover the entire /16 block, but these new IP
assignments don’t appear in ARIN’s cleared IPv4 blocks list
<...

Re: ARIN Waiting List Recipients Begin Receiving Allocated IPs from 131.143.0.0/16 Ezri Zhu via NANOG (Oct 08)
zgx,

Have you checked out
https://stat.ripe.net/resource/131.143.0.0-131.143.207.255#tab=database
yet? it has some nice graphs showing all the historical
announcements from that range. Sadly the page takes forever to
load due to the size.

However, I failed to find the 131.143.0.0/16 range from the ARIN
"Cleared for Waiting List" CSV, may I ask how you found that
range?

btw, i'd recommend signing up for...

ARIN Waiting List Recipients Begin Receiving Allocated IPs from 131.143.0.0/16 Zhang Gaoxing via NANOG (Oct 08)
Hello,

I have noticed that the number of people on the ARIN Waiting List has been
decreasing significantly recently, and some have started receiving IP
allocations from the 131.143.0.0/16 range. I also found that these IPs were
previously geolocated in Switzerland. Were these addresses reclaimed from
an organisation? I’m curious about the origin of these IPs.

Spoofer Report for NANOG for Sep 2025 CAIDA Spoofer Project via NANOG (Oct 08)
In response to feedback from operational security communities,
CAIDA's source address validation measurement project
(https://spoofer.caida.org) is automatically generating monthly
reports of ASes originating prefixes in BGP for systems from which
we received packets with a spoofed source address.
We are publishing these reports to network and security operations
lists in order to ensure this information reaches operational
contacts in these...

Re: Apple Support Geolocation Steve Miller via NANOG (Oct 08)
I'm not too sure how often scheduled updates generally occur, but I would
hope in the order of days, not weeks or months.

Good luck,
Steve

Re: Apple Support Geolocation Adam Blackington via NANOG (Oct 08)
They may use an internal tool.

Re: Apple Support Geolocation Stephen Griffin via NANOG (Oct 08)
I found "Maxstack" also was wrong. So, we SWIP'd back in August, is this
typical for them to be so wrong for so long? I have folks complaining about
being geoblocked to BBC as well... :(

Re: Apple Support Geolocation Stephen Griffin via NANOG (Oct 08)
Is odd that they still do, we SWIP'd a while ago, but I filled out the
form. Will see what happens.

Stephen

Re: Apple Support Geolocation Steve Miller via NANOG (Oct 08)
Maybe they happen to be using ipapi?

https://ipapi.co/

Only mentioning it because that looks like the only major geoop db that
still lists that block as Boston.

Steve 👋

On Wed, Oct 8, 2025, 03:45 Stephen Griffin via NANOG <nanog () lists nanog org>
wrote:

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

• Archived Posts
• RSS Feed
• About List

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

• Previous Quarter
• Archived Posts
• RSS Feed
• About List
• risksLatest Posts

(no subject) RISKS List Owner (Aug 18)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.75

RISKS-LIST: Risks-Forum Digest Monday 18 August 2025 Volume 34 : Issue 75

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org...

(no subject) RISKS List Owner (Jul 31)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.76

RISKS-LIST: Risks-Forum Digest Thursday 31 July 2025 Volume 34 : Issue 76

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org...

(no subject) RISKS List Owner (Jul 29)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.74

RISKS-LIST: Risks-Forum Digest Tuesday 29 July 2025 Volume 34 : Issue 74

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org...

(no subject) RISKS List Owner (Jul 22)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.73

RISKS-LIST: Risks-Forum Digest Tuesday 22 July 2025 Volume 34 : Issue 73

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org...

(no subject) RISKS List Owner (Jul 19)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.72

RISKS-LIST: Risks-Forum Digest Saturday 19 July 2025 Volume 34 : Issue 72

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org...

(no subject) RISKS List Owner (Jul 07)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.70

RISKS-LIST: Risks-Forum Digest Monday 7 July 2025 Volume 34 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org>...

(no subject) RISKS List Owner (Jun 28)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.69

RISKS-LIST: Risks-Forum Digest Saturday 28 June 2025 Volume 34 : Issue 69

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org...

(no subject) RISKS List Owner (Jun 23)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.68

RISKS-LIST: Risks-Forum Digest Monday 23 June 2025 Volume 34 : Issue 68

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org...

Risks Digest 34.66 RISKS List Owner (May 29)
RISKS-LIST: Risks-Forum Digest Thursday 29 May 2025 Volume 34 : Issue 66

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.66>
The current issue can also be found at
<...

Risks Digest 34.65 RISKS List Owner (May 27)
RISKS-LIST: Risks-Forum Digest Tuesday 27 May 2025 Volume 34 : Issue 65

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.65>
The current issue can also be found at
<...

Risks Digest 34.63 RISKS List Owner (May 17)
RISKS-LIST: Risks-Forum Digest Saturday 17 May 2025 Volume 34 : Issue 63

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.63>
The current issue can also be found at
<...

Risks Digest 34.62 RISKS List Owner (May 11)
RISKS-LIST: Risks-Forum Digest Sunday 11 May 2025 Volume 34 : Issue 62

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.62>
The current issue can also be found at
<...

Risks Digest 34.61 RISKS List Owner (Apr 18)
RISKS-LIST: Risks-Forum Digest Friday 18 April 2025 Volume 34 : Issue 61

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.61>
The current issue can also be found at
<...

Risks Digest 34.60 RISKS List Owner (Apr 01)
RISKS-LIST: Risks-Forum Digest Tuesday 1 April 2025 Volume 34 : Issue 60

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.60>
The current issue can also be found at
<...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

• Archived Posts
• RSS Feed
• About List
• datalossLatest Posts

Healthcare organizations face rising ransomware attacks – and are paying up Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/healthcare-ransomware-pay-sophos/

Healthcare organizations, already an attractive target for ransomware given
the highly sensitive data they hold, saw such attacks almost double between
2020 and 2021, according to a survey released this week by Sophos.

The outfit's team also found that while polled healthcare orgs are quite
likely to pay ransoms, they rarely get all of their data returned if they
do...

A digital conflict between Russia and Ukraine rages on behind the scenes of war Matthew Wheeler (Jun 03)
https://wskg.org/npr_story_post/a-digital-conflict-between-russia-and-ukraine-rages-on-behind-the-scenes-of-war/

SEATTLE — On the sidelines of a conference in Estonia on Wednesday, a
senior U.S. intelligence official told British outlet Sky News that the
U.S. is running offensive cyber operations in support of Ukraine.

“My job is to provide a series of options to the secretary of defense and
the president, and so that’s what I do,” said...

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network Matthew Wheeler (Jun 03)
https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html

The Parrot traffic direction system (TDS) that came to light earlier this
year has had a larger impact than previously thought, according to new
research.

Sucuri, which has been tracking the same campaign since February 2019 under
the name "NDSW/NDSX," said that "the malware was one of the top infections"
detected in 2021, accounting for more than...

FBI, CISA: Don't get caught in Karakurt's extortion web Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/fbi_cisa_warn_karakurt_extortion/

The Feds have warned organizations about a lesser-known extortion gang
Karakurt, which demands ransoms as high as $13 million and, some
cybersecurity folks say, may be linked to the notorious Conti crew.

In a joint advisory [PDF] this week, the FBI, CISA and US Treasury
Department outlined technical details about how Karakurt operates, along
with actions to take,...

DOJ Seizes 3 Web Domains Used to Sell Stolen Data and DDoS Services Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/06/doj-seizes-3-web-domains-used-to-sell.html

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of
three domains used by cybercriminals to trade stolen personal information
and facilitate distributed denial-of-service (DDoS) attacks for hire.

This includes weleakinfo[.]to, ipstress[.]in, and ovh-booter[.]com, the
former of which allowed its users to traffic hacked personal data and
offered a...

Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html

An advanced persistent threat (APT) actor aligned with Chinese state
interests has been observed weaponizing the new zero-day flaw in Microsoft
Office to achieve code execution on affected systems.

"TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using
URLs to deliver ZIP archives which contain Word Documents that use the
technique,"...

US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command Matthew Wheeler (Jun 02)
https://www.three.fm/news/world-news/us-military-hackers-conducting-offensive-operations-in-support-of-ukraine-says-head-of-cyber-command/

US military hackers have conducted offensive operations in support of
Ukraine, the head of US Cyber Command has told Sky News.

In an exclusive interview, General Paul Nakasone also explained how "hunt
forward" operations were allowing the United States to search out foreign
hackers and identify...

SideWinder Hackers Launched Over a 1, 000 Cyber Attacks Over the Past 2 Years Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html

An "aggressive" advanced persistent threat (APT) group known as SideWinder
has been linked to over 1,000 new attacks since April 2020.

"Some of the main characteristics of this threat actor that make it stand
out among the others, are the sheer number, high frequency and persistence
of their attacks and the large collection of encrypted and obfuscated...

Hackers are Selling US University Credentials Online, FBI Says Matthew Wheeler (May 31)
https://tech.co/news/hackers-are-selling-us-university-credentials-online-fbi-says

The Federal Bureau of Investigation has warned US universities and colleges
that it has found banks of login credentials and other data relating to VPN
access circulating on cybercriminals forums.

The fear is that such data will be sold and subsequently used by malicious
actors to orchestrate attacks on other accounts owned by the same students,
in the hope...

Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html

Interpol on Monday announced the arrest of three suspected global scammers
in Nigeria for using remote access trojans (RATs) such as Agent Tesla to
facilitate malware-enabled cyber fraud.

"The men are thought to have used the RAT to reroute financial
transactions, stealing confidential online connection details from
corporate organizations, including oil and gas...

U.S. Warns Against North Korean Hackers Posing as IT Freelancers Matthew Wheeler (May 18)
https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html

Highly skilled software and mobile app developers from the Democratic
People's Republic of Korea (DPRK) are posing as "non-DPRK nationals" in
hopes of landing freelance employment in an attempt to enable the regime's
malicious cyber intrusions.

That's according to a joint advisory from the U.S. Department of State, the
Department of the...

FBI and NSA say: Stop doing these 10 things that let the hackers in Matthew Wheeler (May 18)
https://www.zdnet.com/article/fbi-and-nsa-say-stop-doing-these-10-things-that-let-the-hackers-in/

Cyber attackers regularly exploit unpatched software vulnerabilities, but
they "routinely" target security misconfigurations for initial access, so
the US Cybersecurity and Infrastructure Security Agency (CISA) and its
peers have created a to-do list for defenders in today's heightened threat
environment.

CISA, the FBI and National...

Fifth of Businesses Say Cyber-Attack Nearly Broke Them Matthew Wheeler (May 18)
https://www.infosecurity-magazine.com/news/fifth-of-businesses-cyber-attack/

A fifth of US and European businesses have warned that a serious
cyber-attack nearly rendered them insolvent, with most (87%) viewing
compromise as a bigger threat than an economic downturn, according to
Hiscox.

The insurer polled over 5000 businesses in the US, UK, Ireland, France,
Spain, Germany, the Netherlands and Belgium to compile its annual Hiscox
Cyber...

Hacker And Ransomware Designer Charged For Use And Sale Of Ransomware, And Profit Sharing Arrangements With Cybercriminals Matthew Wheeler (May 18)
https://www.shorenewsnetwork.com/2022/05/16/hacker-and-ransomware-designer-charged-for-use-and-sale-of-ransomware-and-profit-sharing-arrangements-with-cybercriminals/

A criminal complaint was unsealed today in federal court in Brooklyn, New
York, charging Moises Luis Zagala Gonzalez (Zagala), also known as
“Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” a citizen of France and
Venezuela who resides in Venezuela, with attempted...

State of Ransomware shows huge growth in threat and impacts Matthew Wheeler (May 04)
https://www.continuitycentral.com/index.php/news/technology/7275-state-of-ransomware-shows-huge-growth-in-threat-and-impacts

Sophos has released its annual survey and review of real-world ransomware
experiences in its ‘State of Ransomware 2022’ report. This shows that 66
percent of organizations surveyed were hit with ransomware in 2021, up from
37 percent in 2020.

The average ransom paid by organizations that had data encrypted in their...

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

• Archived Posts
• RSS Feed
• About List

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

• Archived Posts
• RSS Feed
• About List

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• snortLatest Posts

Snort Subscriber Rules Update 2025-10-09 Research via Snort-sigs (Oct 09)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-image and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-10-07 Research via Snort-sigs (Oct 07)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the
indicator-compromise, malware-tools and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-10-02 Research via Snort-sigs (Oct 02)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-30 Research via Snort-sigs (Sep 30)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-25 Research via Snort-sigs (Sep 25)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-flash,
file-image, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-23 Research via Snort-sigs (Sep 23)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-18 Research via Snort-sigs (Sep 18)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-other,
malware-cnc, malware-other, os-windows and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-15 Research via Snort-sigs (Sep 15)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-10 Research via Snort-sigs (Sep 10)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the malware-cnc and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-09 Research via Snort-sigs (Sep 09)
Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2025-54093:
A coding deficiency exists in Microsoft Windows TCP/IP Driver that may
lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65333 through 65334,
Snort 3: GID...

Snort Subscriber Rules Update 2025-09-04 Research via Snort-sigs (Sep 04)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-02 Research via Snort-sigs (Sep 02)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-pdf,
malware-cnc and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-08-28 Research via Snort-sigs (Aug 28)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-08-26 Research via Snort-sigs (Aug 26)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-08-21 Research via Snort-sigs (Aug 21)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the policy-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories