All posts by admin

Science

Coincidences don’t only happen on Earth; they can happen in space too. Especially since we encountered 3I/ATLAS! (17th Jan 2026)

Leave a comment

Preface: If 3I/ATLAS is a detector, it would observe Field-Aligned Currents (FACs)—massive electrical currents flowing along magnetic field lines toward the North and South poles.

Prediction and Imagination:

The only “alignment” on January 22, 2026 is the rare, nearly perfect straight line configuration of the Sun, Earth, and 3I/ATLAS, with Earth in the middle. The Moon’s position in its orbit around Earth does not coincide with this event.

The moon is crucial to Earth. It controls the tides of the oceans. The properties of the tides act like a controller, regulating the Earth’s rotation speed. But nobody cares where the moon will be on January 22, 2026. 3I/ATLAS has garnered worldwide attention. However, suspected UFO incidents on Earth are not limited to this. Let’s review a Chinese story, it is documented in the Tang Dynasty text titled Youyang Zazu (酉阳杂俎), written by Duan Chengshi (段成式) around 860 AD. The story, titled “The Moon Repairer,” describes an encounter between two travellers and a mysterious man in a white robe.

The story, titled “The Moon Repairer,” describes an encounter between two travelers and a mysterious man in a white robe.

Key Details from the Tang Dynasty Story

The Encounter: Two men, Zheng and Li, were lost on Mount Song at night when they found a man in thick, “snow-white” robes sleeping in a pavilion.

The Repairman: When asked where he came from, the man pointed to the moon and claimed to be one of 82,000 workers responsible for repairing it.

Advanced Descriptions: Long before modern telescopes, the “man from the moon” explained two scientific facts to the travellers:

Surface Texture: He stated the moon is not a smooth mirror but is rugged and uneven (mountainous).

Light Source: He explained that the moon does not produce its own light but only reflects the light of the sun.

Historical Significance: While ancient Chinese people primarily believed the Earth was flat and the sky was a dome (the “Tian Yuan Di Fang” or “Round Heaven, Square Earth” theory), this story is often cited by modern enthusiasts as a “pre-modern” science fiction or even an early account of an “alien encounter.

In conclusion, the discovery of new objects or advanced civilizations is not limited to the discoveries of modern scientists. They may have already been involved in our historical process.

Potential Risk of CVE

CVE-2025-33206 – About NVIDIA NSIGHT Graphics for Linux (16th Jan 2026)

Leave a comment

Preface: On Linux, this typically manifests as:

  • Unvalidated library loading (similar to LD_PRELOAD abuse).
  • Potential exploitation via malicious shared objects ([.]so files) placed in search paths.

Attackers could leverage writable directories or environment variables (like LD_LIBRARY_PATH) to inject malicious code when Nsight starts profiling.

Background:

Nsight Compute – As an interactive kernel profiler for CUDA applications, Nsight Compute provides detailed performance metrics and API debugging via a user interface and command line tool. Nsight Compute also provides customizable and data-driven user interface and metric collection that can be extended with analysis scripts for post-processing results.

Nsight Graphics – This is a standalone development tool for debugging, profiling and analysing graphics applications. Nsight Graphics allows optimization of performance of Direct3D 11, Direct3D 12, DirectX Raytracing 1.1, OpenGL, Vulkan, and KHR Vulkan Ray Tracing Extension based applications.

Injection allows tools like NVIDIA Nsight Graphics to sit between your application and the graphics driver to intercept, record, and manipulate the stream of commands.

Don’t underestimate the value of independent developer workstations. Sometimes, these workstations may store product prototypes and notes. If this information is intellectual property, and the workstation is located within the development team’s network segment, a cyberattack could not only lead to information leaks but also cause financial losses!

Vulnerability details: CVE-2025-33206 – NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service.

Remark: If Nsight runs with elevated permissions (common for GPU profiling), exploitation can lead to:

  • Arbitrary code execution.
  • Escalation of privileges.
  • Data tampering or denial of service.

Official announcement: Please refer to the link for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5738

Under our observation

AMD ID: AMD-SB-7038 – Memory Re-orderings as a Timerless Side-channel. AMD recommends that software developers employ existing best practices (14-01-2026)

Leave a comment

Preface: The vulnerability described in AMD-SB-7038 is based on a general microarchitectural behavior: memory reordering and out-of-order execution. These techniques are used by all major CPU vendors (Intel, ARM, etc.) to improve performance.

Background: The bulletin describes a research paper titled MEMORY DISORDER: Memory Re-orderings as a Timerless Side-channel.

Key points from AMD’s disclosure:

Nature of the issue:
Researchers demonstrated that memory re-orderings in CPUs and GPUs can be exploited as a timerless side-channel attack.
This means attackers can infer activity in other processes by observing subtle memory ordering patterns—without using timing measurements.

Impact:

  • Potential for covert channels (secret communication between processes).
  • Possible application fingerprinting (detecting what app is running).
  • No direct data corruption or privilege escalation, but information leakage risk.

Scope:

  • Applies to mainstream processors, including AMD CPUs and GPUs.
  • It’s informational, not an emergency patch scenario. AMD classifies it as low severity because exploitation requires local access and advanced techniques.

Vulnerability details: Please refer to the link for details –

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7038.html

AMD-SB-7038 is about information leakage via subtle ordering patterns, not about allowing other processes to access memory during waits.

The vulnerability is about memory reordering being observable as a side-channel, not about direct memory access.

Remark: The attacker doesn’t need precise timing; they can infer ordering by observing cache state or contention.

In conclusion, this is a problem common to the entire industry, not unique to AMD. It is not due to any unique defects in its hardware.

Potential Risk of CVE

CVE-2025-68493: Apache Struts recently released a security advisory recommending that you check your code and upgrade. Otherwise, the new version of Struts will refuse to execute any existing code that contains security vulnerabilities. (14th Jan 2026)

Leave a comment

Preface: Many large, enterprise-level companies across various industries use or have used the open-source Apache Struts framework for building Java web applications. Companies using this framework must ensure they are on a currently supported version and apply security patches immediately.

Background: The Model-View-Controller (MVC) is a software architectural pattern used in Java and other programming languages to separate an application’s logic into three interconnected core components: the Model (data and business logic), the View (user interface), and the Controller (input handling and coordination).

This separation of concerns makes applications easier to manage, test, and scale by allowing developers to modify one part of the application without significantly affecting the others.

Apache Struts is a framework for building enterprise-level Java apps. It follows the Model-View-Controller (MVC) pattern. Struts helps maintain a clean code structure and scalability. The framework supports internationalization, making it ideal for multi-language apps. It integrates easily with other Java EE components like EJBs and JMS.

Vulnerability details: Missing XML Validation vulnerability in Apache Struts, Apache Struts.This CVE (based on its pattern and recent advisories) likely relates to remote code execution (RCE) or OGNL injection triggered by unsafe configurations or certain result types. If your configuration:

  • Allows user-controlled parameters to influence OGNL expressions.
  • Uses developer mode in production.
  • Has wildcard mappings or dynamic method calls.

Official announcement: Please refer to the link for details –

https://www.tenable.com/cve/CVE-2025-68493

This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0.

*Users are recommended to upgrade to version 6.1.1, which fixes the issue.

IoT, Potential Risk of CVE

CVE-2025-47393: In Qualcomm-specified products, memory corruption occurs when the core driver accesses resources. 13th Jan-2026

Leave a comment

Qualcomm – Official announcement: 1st Jan 2026

Preface: The Qualcomm Snapdragon Ride platform is used to develop advanced driver assistance systems (ADAS) and autonomous driving (AD) for vehicles. It combines powerful hardware (SoCs containing AI, GPUs, and vision engines) and software (SDKs, cloud tools) to support a wide range of functions from basic safety features to advanced autonomous driving. It allows for the integration of digital cockpit, ADAS, and AD functions on the same hardware and supports over-the-air (OTA) updates for continuous improvement.

Qualcomm SA9000P is a high-performance automotive-grade System-on-Chip (SoC) from Qualcomm’s Snapdragon Ride platform, part of a 5nm compute platform for advanced driver-assistance systems (ADAS) and autonomous driving, designed to compete with NVIDIA and Intel Mobileye, often paired with the SA8540P, enabling powerful in-car computing for future connected and self-driving vehicles.

Background: In the context of Qualcomm’s software ecosystem and the Linux kernel, _count_phandle_with_args() is typically a low-level helper or a variant of the standard DeviceTree (DT) API used to determine the number of phandle entries in a specific property.

While the internal underscore-prefixed version (_count_phandle_with_args) is often used within kernel core code (like drivers/of/base.c), it is most commonly accessed by Qualcomm drivers via the public wrapper: of_count_phandle_with_args()

Therefore, developers are advised to use `of_count_phandle_with_args()` to verify array indices.

Usage in Qualcomm Drivers: Qualcomm’s MSM (Mobile Station Modem) kernel and downstream drivers use this to dynamically determine how many resources (like regulator handles or clock inputs) are defined for a hardware block before allocating memory for them.

Vulnerability details:

CVE ID – CVE-2025-47393

Title – Improper Validation of Array Index in Automotive Linux OS

Description – Memory corruption when accessing resources in kernel driver.

Technology Area – Automotive Linux OS

Vulnerability Type – CWE-129 Improper Validation of Array Index

Official announcement: Please refer to the link for details –

https://docs.qualcomm.com/securitybulletin/january-2026-bulletin.html

Potential Risk of CVE

CVE-2025-47345: About Qualcomm – Reusing a Nonce, Key Pair in Encryption in Automotive Platform (12th Jan 2026)

Leave a comment

Official published: 5th JAN 2026

Preface: When used in an automotive context, the Snapdragon 8 Gen 3 Mobile Platform—and its dedicated automotive counterparts—utilize a High-Level Operating System (HLOS).

While the “Mobile Platform” is a consumer-grade chip typically found in smartphones, some automakers have integrated it directly into vehicles. For purpose-built automotive solutions, Qualcomm offers the Snapdragon Cockpit Elite and Snapdragon Ride Elite, which share the same underlying architecture (Oryon CPU cores) as the mobile 8-series.

Background: The Snapdragon 8 Gen 3 Mobile Platform redefines mobile connectivity with advancements in speed, reliability, and future-proofing. At its core is the Snapdragon X75 5G Modem-RF System, which delivers high performance, including up to 10Gbps downlink and 3.5Gbps uplink speeds.

While the High-Level Operating System (HLOS) allocates a non-secure buffer to communicate with the Trusted Execution Environment (TEE), this buffer is only used for passing encrypted payloads, commands, or non-sensitive handshake parameters.

The Automotive smart cockpit is an advanced integrated digital environment that uses artificial intelligence, sensors and connectivity to unify the driver interface, infotainment and vehicle controls, transforming the cabin into a personalized interactive space for driving, entertainment and productivity.

HDCP is used in smart cockpits to protect high-resolution digital video and audio content transmitted across internal digital interfaces like HDMI, DisplayPort, and automotive-specific links such as APIX (Automotive Pixel Link ) or GMSL (Gigabit Multimedia Serial Link).

HDCP in Automotive Platforms (HDCP) is a link protection protocol, and its security depends on proper key management and session handling inside the TEE.

  • The session keys are stored securely in TEE and referenced by session ID.
  • There’s no indication that the same nonce or key pair is reused across sessions or encryption operations.
  • The non-secure buffer is freed after the session ends, which is good practice.

Vulnerability details: Cryptographic issue may occur while encrypting license data. The potential vulnerability (CVE-2025-47345) in Qualcomm Snapdragon platforms arises from reusing a nonce or key pair during encryption, violating cryptographic best practices (CWE-323). This issue is not an application-level flaw but a platform design decision.

As a matter of fact, modern threat models consider:

•         TEE compromise or privilege escalation as realistic attack vectors.

•         Static cryptographic material as a critical weakness, enabling replay attacks, impersonation, or content decryption.

Official announcement: Please refer to the link for details –

https://nvd.nist.gov/vuln/detail/CVE-2025-47345

Science

Maven orbiter, where are you? (10th Jan, 2026)

Leave a comment

Preface: As of January 10, 2026, NASA has lost contact with the MAVEN spacecraft, and recovery efforts are currently paused due to an astronomical phenomenon known as solar conjunction.

Background: NASA’s MAVEN orbiter uses an Electra UHF transceiver to act as a crucial “bent pipe” communication relay, receiving data from rovers and landers on Mars (like Perseverance and Curiosity) and forwarding it to Earth, significantly boosting data return rates through its specialized radio system. This UHF (Ultra-High Frequency) link is ideal for short-range rover-to-orbiter communication, overcoming limitations of direct surface-to-Earth links by using MAVEN’s higher orbit and adaptive data rates.

NASA’s MAVEN spacecraft uses shielding, particularly Multi-Layer Insulation (MLI), to protect its sensitive instruments and electronics from the harsh space environment, including energetic particles from solar events like Coronal Mass Ejections (CMEs) and solar wind.

Recent Hubble Space Telescope images of comet 3I/ATLAS in late 2025 revealed an “intriguing configuration” featuring a prominent sunward anti-tail and two additional, smaller jets, creating a structure of three evolving jets or anti-tails. Do these tail-like structures generate radio frequency (RF) frequencies?

Yes, the MeerKAT radio telescope successfully detected hydroxyl (OH) absorption lines at 1665 MHz and 1667 MHz from the interstellar object 3I/ATLAS in late 2025. These lines are characteristic of hydroxyl radicals (OH molecules), which are fragments of water molecules broken apart by solar radiation. This detection confirms the presence of these natural molecules in the comet’s atmosphere/tail.

In astrophysics, these specific frequencies are well known as the characteristic spectral lines (emissions) of the hydroxyl (OH) radical molecule. Astronomers observe these natural radio emissions from comets, nebulae, and other interstellar sources to study cosmic chemistry and dynamics. In this natural phenomenon, the emissions themselves act as the “signal” scientists detect, rather than a man-made carrier wave.

When solar wind coronal mass ejections mix with hydroxyl (OH) absorption lines, will any special effects occur?

When a coronal mass ejection (CME) or intense solar wind mixes with hydroxyl (OH) in an environment with little to no atmosphere (like the Moon or asteroids), it can lead to the formation of actual Hydroxyl groups (and potentially water) within the surface material. This process creates or enhances specific light absorption bands near 3 micrometers (µm) in the object’s reflectance spectrum, which can be observed remotely.

If the above details do not affect orbital flight operations, can we say that the Maven probe will appear soon?

NASA announcement: Please refer to the link for details – https://science.nasa.gov/blogs/maven/2025/12/23/nasa-works-maven-spacecraft-issue-ahead-of-solar-conjunction/

Additional: http://www.antihackingonline.com/science/upcoming-mars-solar-conjunction-around-late-december-2025-early-january-2026-will-further-delay-recovery-of-maven-efforts-26-12-2025/

Cell Phone (iPhone, Android, windows mobile), Potential Risk of CVE

CVE-2025-47339 – Memory corruption while deinitializing a HDCP session -Use After Free in HLOS (9th Jan 2026)

Leave a comment

Official Published: 01/05/2026

Preface: In Qualcomm devices, the Host Operating System (HLOS), often Android/Linux, manages HDCP (High-bandwidth Digital Content Protection) sessions by interacting with dedicated hardware/firmware (DCP/ MediaLink/TrustZone) for key exchange and encryption, ensuring protected content (DRM) is output securely over HDMI/DisplayPort, with the HLOS kernel handling driver calls and security enforcement to prevent playback of protected media on non-compliant displays.

Background: For the HLOS (Normal World) to communicate with the Secure World, a small “shared memory” buffer must be initialized:

• Communication Buffers: The HLOS allocates non-secure memory to pass non-sensitive commands and status updates (e.g., “start session,” “query status”) to the TEE.

• Buffer Alignment: Systems often require specific alignment (typically 4KB page alignment) for these shared buffers to ensure they can be mapped into the TEE’s address space for processing.

When the app calls mediaDrm.closeSession(sessionId) – refer tp attached diagram, the Widevine DRM stack signals the TEE (TrustZone) to terminate the secure session.

The non-secure buffer allocated by HLOS for communication with the TEE is freed once the session ends.  Alignment requirements (e.g., 4KB) are relevant only during active mapping; after deinitialization, the memory is returned to the normal pool.

Related details:

  • The HDCP link is not persistent beyond the DRM session. Once the session is closed, the secure channel is dismantled.
  • If another app or playback starts later, the entire handshake process (including HDCP negotiation) will run again.

Vulnerability details: CVE-2025-47339 – Memory corruption while deinitializing a HDCP session – Use After Free in HLOS.

One of the possibilities – When the HLOS frees the non-secure buffer after session closure, any lingering references (e.g., in the TEE driver or asynchronous callbacks) can still access that memory. If the cleanup sequence doesn’t enforce strict ordering—such as ensuring all secure-world operations have completed before freeing the buffer—the freed memory could be reused by another process, leading to corruption.

Official announcement: Please refer to the link for details –

https://docs.qualcomm.com/securitybulletin/january-2026-bulletin.html

Potential Risk of CVE

CVE-2026-21675 Linux systems using the IccProfLib library are also affected by this vulnerability! (8 Jan 2026)

Leave a comment

Published: 2026-01-05

Preface: Website hosting itself does not “provide” ICC profiles; instead, it stores the image files you upload, which may contain embedded ICC profiles. However, the key is how web browsers interpret them. Most standard browsers default to or prioritize the sRGB color space for displaying web page content, so explicit ICC profiles are usually unnecessary and can sometimes even negatively impact file size/performance. Therefore, ideally, you should set it to “RGB” format.

However, ICC profiles are crucial for accurate color reproduction in facial recognition systems, especially for ensuring consistency between capture (camera/scanner) and analysis (software/display), because they provide the necessary color translation for accurate skin tone mapping, feature differentiation (like subtle shadows and highlights), and reliable matching, preventing errors caused by device-specific color variations that could affect algorithm performance.

Background: IccProfLib is an open-source, cross-platform C++ library from the SampleICC project that allows developers to read, write, manipulate, and apply ICC (International Color Consortium) profiles, which define device-specific color characteristics for consistent color management in graphics. The ICC profile must always be saved with your photos for the same reason. Without it, the device reproducing your photos (printer, computer screen, phone screen, etc) doesn’t have the exact instructions for how the colours should look.

In 2026, ICC (International Color Consortium) profiles are essential for maintaining color accuracy across devices on Windows. The IccProfLib C++ library is designed for cross-platform compatibility, so it can be used on Linux.

A Hint Manager, often part of a Color Management System (CMS), uses these profiles to adjust color data, interpreting the profile’s instructions to render colors accurately.

Remark: ICC profiles can be for greyscale, extended gamut 7 colour colours and other colour combinations, well as the more common RGB and CMYK profiles.

Vulnerability details: iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a Use After Free vulnerability in the CIccXform::Create() function, where it deletes the hint. This issue is fixed in version 2.3.1.1.

Official announcement: Please refer to the link for details

https://www.tenable.com/cve/CVE-2026-21675

AI and ML, Potential Risk of CVE

CVE-2026-21452: About MessagePack for Java (7th Jan 2026)

Leave a comment

Preface: Aerospike is a specific, high-performance NoSQL database, and benchmarks generally show it to be significantly faster than many other clustered NoSQL solutions like Cassandra and MongoDB.

The term “NoSQL” refers to a broad category of databases with varying performance characteristics, so a direct comparison is more nuanced than a simple yes/no answer.

Aerospike uses MessagePack as its default, internal serialization format for Lists and Maps (Collection Data Types or CDTs); it is not an optional configuration you need to enable in the core database itself.

Background: MessagePack is a compact binary serialization format designed to be more memory-efficient than text-based formats like JSON. For the Java implementation, its memory requirements depend on whether you are using the standard heap-based process or advanced off-heap optimizations.

The MessagePack serialization process primarily utilizes JVM Virtual Memory, which encompasses several different pools:

JVM Heap Memory, Off-Heap / Native Memory and OS Page Cache.

About EXT32?

•         In binary serialization formats (like Mashpack), EXT32 is a type identifier (byte 0xDD) indicating a subsequent 32-bit binary block or extension.

•         It’s used for efficiency, compacting data better than text formats (JSON, XML) by representing data directly as bytes.

Serialized EXT32 objects can require more memory in the JVM heap, primarily due to how standard Java MessagePack libraries manage large payloads during deserialization. While the MessagePack format itself is compact, the serialization and deserialization process in Java introduces specific memory overheads for the EXT32 type:

Large Payload Buffering (Heap Exhaustion) EXT32 is designed for large extension data, supporting payloads up to 4 GiB in size.

Vulnerability details: A known issue in msgpack-java (prior to v0.9.11) was that the library would trust the declared length in the EXT32 header and immediately attempt to allocate a matching byte array on the JVM heap.

Impact: If an EXT32 object declares a massive size, it can trigger rapid heap exhaustion or an OutOfMemoryError before the data is even fully read.

Official announcement: Please refer to the link for details.

https://www.tenable.com/cve/CVE-2026-21452