Tag: rust
-
Building checksec without boundaries with Checksec Anywhere
Since its original release in 2009, checksec has become widely used in the software security community, proving useful in CTF challenges, security posturing, and general binary analysis. The tool inspects executables to determine which exploit mitigations (e.g., ASLR, DEP, stack canaries, etc.) are enabled, rapidly gauging a program’s defensive hardening. This success inspired numerous spinoffs:…
-
Rust Foundation tries to stop maintainers corroding
Tags: rustMemory safety costs money: Maintainers Fund to directly pay developers for their work First seen on theregister.com Jump to article: www.theregister.com/2025/11/05/rust_foundation_announces_maintainers_fund/
-
Rust Foundation tries to stop maintainers corroding
Tags: rustMemory safety costs money: Maintainers Fund to directly pay developers for their work First seen on theregister.com Jump to article: www.theregister.com/2025/11/05/rust_foundation_announces_maintainers_fund/
-
Debian demands Rust or rust in peace for legacy ports
Memory safety trumps retro computing: Alpha, PA-RISC, m68k, SH4 face the chop in 2026 First seen on theregister.com Jump to article: www.theregister.com/2025/11/03/debian_apt_to_require_rust/
-
Debian demands Rust or rust in peace for legacy ports
Memory safety trumps retro computing: Alpha, PA-RISC, m68k, SH4 face the chop in 2026 First seen on theregister.com Jump to article: www.theregister.com/2025/11/03/debian_apt_to_require_rust/
-
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering.This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s First…
-
RCE Vulnerability (CVE-2025-62518) Discovered in Popular Rust Library async-tar and Its Forks
A critical flaw has been identified in a Rust library that demands immediate attention from developers and IT decision-makers leveraging the Rust ecosystem. The vulnerability, tracked as CVE”‘2025″‘62518, exposes serious remote code execution (RCE) risks in the widely used async tar library ecosystem. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve%e2%80%912025%e2%80%9162518-rce-flaw-in-async-tar/
-
TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code by overwriting configuration files and hijacking critical build systems. Field Details CVE ID CVE-2025-62518 Vulnerability…
-
TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code by overwriting configuration files and hijacking critical build systems. Field Details CVE ID CVE-2025-62518 Vulnerability…
-
TARmageddon flaw in abandoned Rust library enables RCE attacks
A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/tarmageddon-flaw-in-abandoned-rust-library-enables-rce-attacks/
-
TARmageddon flaw in Async-Tar Rust library allows to smuggle extra archives when the library is processing nested TAR files
CVE-2025-62518 TARmageddon flaw in Rust async-tar and forks like tokio-tar may allow remote code execution, says Edera. Edera team disclosed a vulnerability tracked as CVE-2025-62518 (CVSS score: 8.1), dubbed TARmageddon, in the Rust async-tar library and forks like tokio-tar. A remote attacker can exploit the flaw to achieve code execution. >>astral-tokio-tar is a tar archive…
-
Forking confusing: Vulnerable Rust crate exposes uv Python packager
Forks of forks of forks, but which ones are patched? First seen on theregister.com Jump to article: www.theregister.com/2025/10/22/vulnerable_rust_crate/
-
TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
Cybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions.The vulnerability, tracked as CVE-2025-62518 (CVSS score: 8.1), has been codenamed TARmageddon by Edera, which discovered the issue in late August 2025. It impacts several First…
-
New Rust Malware “ChaosBot” Hides CommandControl Inside Discord
A sophisticated, Rust-based malware dubbed ChaosBot has been exposed utilizing the Discord platform for its Command and Control (C2) operations. This isn’t your average botnet; it’s a new generation of threat that hides its malicious traffic by communicating over the popular, legitimate service, making detection significantly more challenging for traditional security tools. ChaosBot operates by…
-
New Rust Malware “ChaosBot” Hides CommandControl Inside Discord
A sophisticated, Rust-based malware dubbed ChaosBot has been exposed utilizing the Discord platform for its Command and Control (C2) operations. This isn’t your average botnet; it’s a new generation of threat that hides its malicious traffic by communicating over the popular, legitimate service, making detection significantly more challenging for traditional security tools. ChaosBot operates by…
-
Researchers uncover remote code execution flaw in abandoned Rust code library
The high-severity defect affects a widely used, but largely hidden, archive tool that spans many forks. First seen on cyberscoop.com Jump to article: cyberscoop.com/async-tar-rust-open-source-vulnerability/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 67
Tags: banking, control, github, international, korea, malicious, malware, north-korea, resilience, rustSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Astaroth: Banking Trojan Abusing GitHub for Resilience North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads New Rust Malware >>ChaosBot
-
Denial of Fuzzing: Rust-Safe Code Triggers Kernel Crashes in Windows
Malformed EMF files crash Windows 11 via a Rust-based kernel bug. Microsoft patches issue after Check Point’s denial-of-service discovery. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/windows-fuzzing-rust-vulnerability/
-
Windows GDI Vulnerability in Rust Kernel Module Enables Remote Attacks
A newly discovered flaw in Microsoft’s Rust-based Graphics Device Interface (GDI) kernel component allows unprivileged attackers to crash or take control of Windows systems. Check Point Research (CPR) uncovered the issue in January 2025 and reported it to Microsoft. The company addressed the bug in the May 28, 2025 KB5058499 preview update (OS Build 26100.4202),…
-
New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCs
Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts.”Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileged Active Directory account named, ‘serviceaccount,’” eSentire said in a technical report published First seen on thehackernews.com…
-
Malicious Rust packages on Crates.io steal crypto wallet keys
Two malicious packages with nearly 8,500 downloads in Rust’s official crate repository scanned developers’ systems to steal cryptocurrency private keys and other secrets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-rust-packages-on-cratesio-steal-crypto-wallet-keys/
-
New Malicious Rust Crates Impersonate fast_log to Steal Solana and Ethereum Wallet Keys
A pair of malicious Rust crates masquerading as the popular fast_log library have been uncovered, harvesting private Solana and Ethereum keys from developers’ environments. The impostor crates include legitimate-looking logging functionality to evade detection, while a hidden routine scans source files for wallet keys and exfiltrates them to a hardcoded command-and-control (C2) endpoint. Between them,…
-
Malicious Rust Crates Steal Solana and Ethereum Keys, 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code.The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain…
-
Malicious Rust Crates Steal Solana and Ethereum Keys, 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code.The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain…
-
APT37 nutzt Rust-basierte Hintertür – Neue Backdoor in Windows-Systemen Angriffe laufen
First seen on security-insider.de Jump to article: www.security-insider.de/apt37-angriff-windows-systeme-rust-backdoor-rustonotto-a-99c3ae320d6ec45af493195af352652c/