All CosmicBytez Labs articles tagged #Cryptography, across news, security advisories, how-to guides, and projects.
Rejetto HFS 3.0.0–3.2.0 derives its session-cookie signing key from JavaScript's non-cryptographic Math.random(), and leaks generator outputs to unauthenticated clients — enabling full session forgery with CVSS 9.8.
A cryptographically weak random number generator in the GenerateRandomPassword function of bosh-windows-stemcell-builder allows remote attackers to...
A critical CVSS 9.4 vulnerability disables TLS certificate validation via TrustAllCerts routines and combines this with hard-coded DES symmetric encryption…
Apple has open-sourced its implementations of two NIST-standardized quantum-secure algorithms — ML-KEM and ML-DSA — including formal verification tooling that.
Apache OFBiz versions before 24.09.06 contain a hard-coded cryptographic key vulnerability (CVSS 9.1) that allows attackers to forge authentication tokens...
A crafted short X-Wing HPKE encapsulated key can trigger an out-of-bounds read in the C decapsulation path of Apple's swift-crypto library, potentially...
Business::OnlinePayment::StoredTransaction through version 0.01 for Perl generates its secret key using an MD5 hash of a single rand() call — a...
Google researchers have demonstrated that breaking the elliptic curve cryptography underpinning Bitcoin and Ethereum requires 20x fewer qubits than...
The Axios npm library was weaponized to deliver a cross-platform RAT; Anthropic accidentally leaked Claude Code's CLI source in an npm package; Google...
A critical flaw in jsrsasign versions 7.0.0 through 11.1.0 allows attackers to recover DSA private keys by exploiting biased nonce generation in the...
Google activates ML-KEM post-quantum key encapsulation by default in Chrome 134 and announces migration timeline for all Google Cloud TLS connections.