CVE-2026–5283: Uninitialized GPU Memory Disclosure via Partial Clear in ANGLE (Chrome WebGL)
Summary A vulnerability in ANGLE’s Framebuffer::partialClearNeedsInit() allows reading uninitialized GPU memory from GL_TEXTURE_2D_ARRAY textures. When glClear targets a single layer of an arrayed texture, ANGLE fails to zero-initialize the remaining layers but marks the entire texture …
Numen Cyber of Singapore Forms Strategic Partnership with SINNET CLOUD HK LIMITED of Hong Kong
Numen Cyber, a leading Singapore-based cybersecurity firm, announced a strategic partnership with BEIJING SINNET TECHNOLOGY CO., LTD. of Hong Kong. This collaboration focuses on enhancing the security of cloud server …
Web3 Security: ledgerhq/connect-kit supply chain attack warning
Affected versions ledgerhq/connect-kit 1.1.5 ledgerhq/connect-kit 1.1.6 ledgerhq/connect-kit 1.1.7 Event Analysis The Numen security team discovered that Ledger’s Ledgerhq/connect-kit module has been implanted with malicious phishing code, and that a large …
Use Wasm to Bypass Latest Chrome v8sbx Again
01 – Introduction On November 2, 2023, POC2023 took place as scheduled in South Korea. I was fortunate to attend this conference where YYJB and I presented on the topic …
Numen Cyber Labs vulnerability researchers have discovered an SSRF vulnerability in Apache ShenYu< version 2.6 (CVE-2023–25753)
Preface Apache ShenYu is a Java native API Gateway for service proxy, protocol conversion and API governance. Description Numen Cyber Labs vulnerability researchers have discovered an SSRF vulnerability in Apache …
OctoPrint Remote Code Execution Vulnerability (CVE-2023–41047)
Preface OctoPrint is an open source 3D printer controller application that provides a web interface for connected printers. It displays printer status and key parameters, and supports scheduling print jobs …
