PT-2025-41083

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A change was made to reduce the severity of a warning message in the ath6kl module related to Wi-Fi functionality. The warning was triggered by a known race condition that is already...

EUVD-2025-0235

Malicious code in bioql PyPI...

Red Teaming Quantum-Resistant Cryptographic Standards: A Penetration Testing Framework Integrating AI and Quantum Security

This study presents a structured approach to evaluating vulnerabilities within quantum cryptographic protocols, focusing on the BB84 quantum key distribution method and National Institute of Standards and Technology NIST approved quantum-resistant algorithms. By integrating AI-driven red teaming,...

VulnRepairEval: an Exploit-Based Evaluation Framework for Assessing Large Language Model Vulnerability Repair Capabilities

The adoption of Large Language Models LLMs for automated software vulnerability patching has shown promising outcomes on carefully curated evaluation sets. Nevertheless, existing datasets predominantly rely on superficial validation methods rather than exploit-based verification, leading to...

Leveraging GPT-4 for Vulnerability-Witnessing Unit Test Generation

In the life-cycle of software development, testing plays a crucial role in quality assurance. Proper testing not only increases code coverage and prevents regressions but it can also ensure that any potential vulnerabilities in the software are identified and effectively fixed. However, creating...

CVE-2020-25064

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 August 2020...

Poster: Towards an Automated Security Testing Framework for Industrial UEs

With the ongoing adoption of 5G for communication in industrial systems and critical infrastructure, the security of industrial UEs such as 5G-enabled industrial robots becomes an increasingly important topic. Most notably, to meet the stringent security requirements of industrial deployments,...

Leveraging Large Language Models for Command Injection Vulnerability Analysis in Python: an Empirical Study on Popular Open-Source Projects

Command injection vulnerabilities are a significant security threat in dynamic languages like Python, particularly in widely used open-source projects where security issues can have extensive impact. With the proven effectiveness of Large Language ModelsLLMs in code-related tasks, such as testing...

An Automated Blackbox Noncompliance Checker for QUIC Server Implementations

We develop QUICtester, an automated approach for uncovering non-compliant behaviors in the ratified QUIC protocol implementations RFC 9000/9001. QUICtester leverages active automata learning to abstract the behavior of a QUIC implementation into a finite state machine FSM representation. Unlike...

RAN Tester UE: an Automated Declarative UE Centric Security Testing Platform

Cellular networks require strict security procedures and measures across various network components, from core to radio access network RAN and end-user devices. As networks become increasingly complex and interconnected, as in O-RAN deployments, they are exposed to a numerous security threats...

InjectLab: a Tactical Framework for Adversarial Threat Modeling against Large Language Models

Large Language Models LLMs are changing the way people interact with technology. Tools like ChatGPT and Claude AI are now common in business, research, and everyday life. But with that growth comes new risks, especially prompt-based attacks that exploit how these models process language. InjectLa...

Exploit for Improper Restriction of Excessive Authentication Attempts in Fortinet Fortiauthenticator

CVE-2023-26208 Exploit Automation Para Fins Educacionais 🚨 📌...

A tale of enumeration, and why pen testing can’t be automated

TL;DR In an engagement we found an open directory on the internet belonging to our client By enumerating it we found a zip archive with a configuration file holding usernames and passwords That file gave us access to the client’s ArcGIS instance This contained a treasure trove of information abou...

Test Like an Attacker, Not an Auditor

Running short on time but still want to stay in the know? Well, we've got you covered! We've condensed all the key takeaways into a handy audio summary. So, if you're on the go, or just prefer listening over reading, click right here to hear it all! " Through 2028, validation of threat exposures ...

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here's the thing: hackers don't wait around for compliance schedules. Most companies approach network penetration testing on a set schedule, with the most common...

Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests

Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this by first retrieving data from a specified request, such as fetching user profile data. Then, it systematically attempts to apply each parameter extracted from th...

The Facts About Continuous Penetration Testing and Why It's Important

What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing CASPT is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital...

How Does Automated API Testing Differ from Manual API Testing: Unveiling the Advantages

By Uzair Amir Delve into automated versus manual API testing for efficient software delivery. See how automation speeds validation while manual… This is a post from HackRead.com Read the original post: How Does Automated API Testing Differ from Manual API Testing: Unveiling the Advantages...

PurpleKeep - Providing Azure Pipelines To Create An Infrastructure And Run Atomic Tests

With the rapidly increasing variety of attack techniques and a simultaneous rise in the number of detection rules offered by EDRs Endpoint Detection and Response and custom-created ones, the need for constant functional testing of detection rules has become evident. However, manually re-running...

Metasploit Weekly Wrap-Up

Meterpreter Testing This week’s release adds new payload tests to our automated test suite. This is intended to help the team and community members identify issues and behavior discrepancies before changes are made. Payloads run on a variety of different platforms including Windows, Linux, and OS...