Lucene search
+L

5446 matches found

Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.5 views

Owner-Harm: A Missing Threat Model for AI Agent Safety

Existing AI agent safety benchmarks focus on generic criminal harm cybercrime, harassment, weapon synthesis, leaving a systematic blind spot for a distinct and commercially consequential threat category: agents harming their own deployers. Real-world incidents illustrate the gap: Slack AI...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.39 views

GuardPhish: Securing Open-Source LLMs from Phishing Abuse

The rapid adoption of open-source Large Language Models LLMs in offline and enterprise environments has introduced a largely unexamined security risk like susceptibility to adversarial phishing prompts under static safety configurations. In this work, we systematically investigate this...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/16 10:50 p.m.4 views

GHSA-F5V8-V6Q3-Q4H6 Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)

Summary Meridian v2.1.0 Meridian.Mapping and Meridian.Mediator shipped with nine defense-in-depth gaps reachable through its public APIs. Two are HIGH severity — the advertised DefaultMaxCollectionItems and DefaultMaxDepth safety caps are silently bypassed on the IMapper.Mapsource, destination...

7.5CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/16 10:50 p.m.11 views

Meridian: Multiple defense-in-depth gaps (collection/depth caps, telemetry, retry, fan-out)

Summary Meridian v2.1.0 Meridian.Mapping and Meridian.Mediator shipped with nine defense-in-depth gaps reachable through its public APIs. Two are HIGH severity — the advertised DefaultMaxCollectionItems and DefaultMaxDepth safety caps are silently bypassed on the IMapper.Mapsource, destination...

7.5CVSS5.9AI score0.00542EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2026/04/16 5:56 p.m.6 views

USN-8181-1 libowasp-esapi-java vulnerabilities

Jaroslav Lobačevski discovered that ESAPI incorrectly validated directory paths during path verification. An attacker could possibly use this issue to bypass directory validation checks, leading to control-flow bypass. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,...

9.8CVSS5.8AI score0.02829EPSS
Exploits4References4
GithubExploit
GithubExploit
added 2026/04/16 5:56 p.m.120 views

Computer-Security

Computer Security Labs Hands-on security engineering labs cov...

6.3AI score
Exploits0
ICS
ICS
added 2026/04/16 6:0 a.m.9 views

AVEVA Pipeline Simulation

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify simulation parameters, training configuration and training records. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

9.3CVSS5.8AI score0.00388EPSS
Exploits0References11
ICS
ICS
added 2026/04/16 6:0 a.m.10 views

Anviz Multiple Products

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or...

6.5AI score
Exploits0References11
ICS
ICS
added 2026/04/16 6:0 a.m.10 views

Delta Electronics ASDA-Soft

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact...

8.4CVSS6.5AI score0.00339EPSS
Exploits0References12
Schneier on Security
Schneier on Security
added 2026/04/15 10:47 a.m.11 views

Defense in Depth, Medieval Style

This article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined ditch, divided by bulkheads and often flooded, 15­-20 meters wide and up to 7 meters deep. A low breastwork, about 2 meters high, enabling defenders...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/14 11:42 p.m.25 views

GHSA-G4VJ-CJJJ-V7HG Defense in Depth update for NuGet Client

Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...

5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/14 11:42 p.m.8 views

Defense in Depth update for NuGet Client

Impact This update adds validation of the package ID and version during package download, in addition to the existing package signature validation. Patches NuGet The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched: |Affected versions|Patched...

5.8AI score
Exploits0References3Affected Software3
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.8 views

Short Message Service (SMS) Phishing Attacks and Defenses: A Systematic Review

SMS Phishing also known as 'smishing' is a growing deceptive social engineering SE attack that leverages mobile SMS to conduct cybercrimes such as stealing sensitive information or spreading malware by tricking users into interacting with attackers' messages e.g., responding to or clicking URLs...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.5 views

Event-Driven Temporal Graph Networks for Asynchronous Multi-Agent Cyber Defense in NetForge_RL

The transition of Multi-Agent Reinforcement Learning MARL policies from simulated cyber wargames to operational Security Operations Centers SOCs is fundamentally bottlenecked by the Sim2Real gap. Legacy simulators abstract away network protocol physics, rely on synchronous ticks, and provide clea...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/09 7:0 p.m.27 views

The agentic SOC—Rethinking SecOps for the next decade

Every major shift in cyberattacker behavior over the past decade has followed a meaningful shift in how defenders operate. When security operation centers SOCs deployed endpoint detection and response EDR—and later extended detection and response XDR—security teams raised the bar, pushing...

6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/09 7:0 p.m.23 views

The agentic SOC—Rethinking SecOps for the next decade

Every major shift in cyberattacker behavior over the past decade has followed a meaningful shift in how defenders operate. When security operation centers SOCs deployed endpoint detection and response EDR—and later extended detection and response XDR—security teams raised the bar, pushing...

5.9AI score
Exploits0
ICS
ICS
added 2026/04/09 6:0 a.m.27 views

GPL Odorizers GPL750

RISK EVALUATION Successful exploitation of this vulnerability could allow a low privileged remote attacker to manipulate register values, which would result in too much or too little odorant being injected into a gas line. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

8.6CVSS5.8AI score0.00448EPSS
Exploits0References13
Packet Storm News
Packet Storm News
added 2026/04/09 12:0 a.m.4 views

Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain

Large language model LLM agents increasingly rely on third-party API routers to dispatch tool-calling requests across multiple upstream providers. These routers operate as application-layer proxies with full plaintext access to every in-flight JSON payload, yet no provider enforces cryptographic...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.5 views

SentinelSphere: Integrating AI-Powered Real-Time Threat Detection with Cybersecurity Awareness Training

The field of cybersecurity is confronted with two interrelated challenges: a worldwide deficit of qualified practitioners and ongoing human-factor weaknesses that account for the bulk of security incidents. To tackle these issues, we present SentinelSphere, a platform driven by artificial...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.15 views

MCP-DPT: A Defense-Placement Taxonomy and Coverage Analysis for Model Context Protocol Security

The Model Context Protocol MCP enables large language models LLMs to dynamically discover and invoke third-party tools, significantly expanding agent capabilities while introducing a distinct security landscape. Unlike prompt-only interactions, MCP exposes pre-execution artifacts, shared context,...

5.5AI score
Exploits0
Rows per page
Query Builder