Lucene search
+L

5446 matches found

Github Security Blog
Github Security Blog
added 2026/04/29 10:23 p.m.9 views

netfoil's optional seccomp sandboxing was not applied

Summary The optional flag --filter-system-calls was not applied even if specified. Details This is a defense in depth feature to apply additional seccomp filters after the binary has started. The example config also sandboxes the binary with systemd. Impact Reduced sandboxing of the netfoil binar...

5.3AI score
Exploits0References4Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/04/29 4:0 p.m.9 views

8 best practices for CISOs conducting risk reviews

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/26 12:0 a.m.7 views

Safeguarding Skies: Airport Cybersecurity in the Digital Age

The aviation industry faces significant vulnerabilities from both physical and cybersecurity threats, highlighting the urgent need for enhanced cybersecurity measures amid increasingly sophisticated attacks. This paper systematically reviews emerging threats at airports, analyzing real-world...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/26 12:0 a.m.7 views

Evaluation of Prompt Injection Defenses in Large Language Models

LLM-powered applications routinely embed secrets in system prompts, yet models can be tricked into revealing them. We built an adaptive attacker that evolves its strategies over hundreds of rounds and tested it against nine defense configurations across more than 20,000 attacks. Every defense tha...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/25 10:43 a.m.6 views

CVE-2026-22746

A flaw was found in Spring Security. If an application uses the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, an attacker can bypass the DaoAuthenticationProvider's timing attack defense. This bypass allows an attacker to potentially gain limited information...

3.7CVSS5.2AI score0.00215EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.6 views

From Stateless Queries to Autonomous Actions: A Layered Security Framework for Agentic AI Systems

Agentic AI systems face security challenges that stateless large language models do not. They plan across extended horizons, maintain persistent memory, invoke external tools, and coordinate with peer agents. Existing security analyses organize threats by attack type prompt injection, jailbreakin...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.20 views

UNSEEN: A Cross-Stack LLM Unlearning Defense against AR-LLM Social Engineering Attacks

Emerging AR-LLM-based Social Engineering attack e.g., SEAR is at the edge of posing great threats to real-world social life. In such AR-LLM-SE attack, the attacker can leverage AR Augmented Reality glass to capture the image and vocal information of the target, using the LLM to identify the targe...

5.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/24 2:13 p.m.7 views

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

The Office of Inspector General OIG of the U.S. National Aeronautics and Space Administration NASA has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities,...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/23 9:57 p.m.4 views

CVE-2026-41338 OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...

5CVSS5.3AI score0.00088EPSS
Exploits0References3
ICS
ICS
added 2026/04/23 6:0 a.m.10 views

SpiceJet Online Booking System

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all...

5.5AI score
Exploits0References13
ICS
ICS
added 2026/04/23 6:0 a.m.15 views

Milesight Cameras

RISK EVALUATION Successful exploitation of these vulnerabilities could crash the device being accessed or allow remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure...

6AI score
Exploits0References13
ICS
ICS
added 2026/04/23 6:0 a.m.10 views

Intrado 911 Emergency Gateway (EGW)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read, modify, or delete files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control...

9.8CVSS5.7AI score0.00554EPSS
Exploits0References13
ICS
ICS
added 2026/04/23 6:0 a.m.12 views

Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass authentication and have remote access to sensitive information on the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

9.8CVSS5.8AI score0.00679EPSS
Exploits4References13
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.8 views

Transient Turn Injection: Exposing Stateless Multi-Turn Vulnerabilities in Large Language Models

Large language models LLMs are increasingly integrated into sensitive workflows, raising the stakes for adversarial robustness and safety. This paper introduces Transient Turn InjectionTTI, a new multi-turn attack technique that systematically exploits stateless moderation by distributing...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.10 views

ID-Eraser: Proactive Defense against Face Swapping Via Identity Perturbation

Deepfake technologies have rapidly advanced with modern generative AI, and face swapping in particular poses serious threats to privacy and digital security. Existing proactive defenses mostly rely on pixel-level perturbations, which are ineffective against contemporary swapping models that extra...

5.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.11 views

PT-2026-34454

Name of the Vulnerable Software and Affected Versions Ollama affected versions not specified Description An out-of-bounds memory read and write issue exists in the GGUF GPT-Generated Unified Format quantization engine. This occurs because the engine lacks proper bounds checking and trusts tensor...

7.5CVSS6.6AI score0.00551EPSS
Exploits1References18
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.12 views

Spring Security 安全漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. There are security vulnerabilities in versions of Spring Security 5.7.22 and earlier, 5.8.24 and earlier, 6.3.15 and earlier, 6.5.9 and earlier, and 7.0.4 and earlier...

3.7CVSS5.8AI score0.00215EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

openSUSE 16 Security Update : tor (openSUSE-SU-2026:20589-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20589-1 advisory. Changes in tor: - update to 0.4.8.23: Fix a memory compare using the wrong length. This could lead to a remote crash when using the conflux subsystem...

5.8AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.31 views

Cyber Defense Benchmark: Agentic Threat Hunting Evaluation for LLMs in SecOps

We introduce the Cyber Defense Benchmark, a benchmark for measuring how well large language model LLM agents perform the core SOC analyst task of threat hunting: given a database of raw Windows event logs with no guided questions or hints, identify the exact timestamps of malicious events. The...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/20 6:28 p.m.3 views

OPENSUSE-SU-2026:20589-1 Security update for tor

This update for tor fixes the following issues: Changes in tor: - update to 0.4.8.23: Fix a memory compare using the wrong length. This could lead to a remote crash when using the conflux subsystem TROVE-2026-004, boo1262302 Fix a series of defense in depth security issues found across the codeba...

5.8AI score
Exploits0References2
Rows per page
Query Builder