Lucene search
K

5418 matches found

CVE
CVE
added 2026/05/12 8:28 p.m.29 views

CVE-2026-44232

The CVE-2026-44232 entry concerns the Node.js library dssrf . The vulnerability, described across the CVE and related records, is that prior to version 1.3.0 every IPv6 category bypasses the is_url_safe check, enabling potential SSRF bypasses. The issue affects the dssrf functionality that guards...

8.7CVSS5.2AI score0.00349EPSS
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2026/05/12 4:0 p.m.10 views

Defending consumer web properties against modern DDoS attacks

If you own, create, or maintain online services and web portals, you’re probably aware of the dramatic upswing in DDoS attacks on your domains. AI has democratized tooling not just for us but for threat actors as well. DDoS in this era has extended from simple bandwidth saturation to sophisticate...

5.9AI score
Exploits0
Securelist
Securelist
added 2026/05/12 7:0 a.m.8 views

State of ransomware in 2026

With International Anti-Ransomware Day taking place on May 12, Kaspersky presents its annual report on the evolving global and regional ransomware cyberthreat landscape. Ransomware remains one of the most persistent and adaptive cyberthreats. In 2026: New families continue to emerge, adopting...

6AI score
Exploits0
ICS
ICS
added 2026/05/12 6:0 a.m.22 views

Subnet Solutions PowerSYSTEM Center

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an authenticated attacker to expose sensitive information or cause a CRLF injection. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...

5.8AI score
Exploits0References13
Akamai Blog
Akamai Blog
added 2026/05/11 5:0 a.m.13 views

Advancing Collective Defense with Project Glasswing

...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.12 views

Windows/x86 (XP SP3) (English) calc.exe Shellcode

15 bytes small Windows/x86 XP SP3 English calc.exe shellcode...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.9 views

Re-Triggering Safeguards within LLMs for Jailbreak Detection

This paper proposes a jailbreaking prompt detection method for large language models LLMs to defend against jailbreak attacks. Although recent LLMs are equipped with built-in safeguards, it remains possible to craft jailbreaking prompts that bypass them. We argue that such jailbreaking prompts ar...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.9 views

Janus: Compiler-Based Defense against Transient Execution Attacks Using ARM Hardware Primitives

We present Janus, a compiler-based security framework that mitigates transient execution attacks like Spectre and control-flow hijacking on ARM64 platforms. Janus integrates speculative execution and control flow dependencies with PA modifiers, using PA and BTI microarchitectural features to...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.12 views

Guaranteed Jailbreaking Defense Via Disrupt-And-Rectify Smoothing

This paper proposes a guaranteed defense method for large language models LLMs to safeguard against jailbreaking attacks. Drawing inspiration from the denoised-smoothing approach in the adversarial defense domain, we propose a novel smoothing-based defense method, termed Disrupt-and-Rectify...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.12 views

Cybercrime and Prevention: Colonel Blotto in Social Engineering

Cybercriminals increasingly target the human factor rather than continuously advancing technological defense mechanisms. Consequently, institutions that allocate substantial resources to strengthening their cybersecurity infrastructure may remain vulnerable if a deceived employee voluntarily...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.18 views

Context-Aware Spear Phishing: Generative AI-Enabled Attacks against Individuals Via Public Social Media Data

We demonstrate how publicly available social-media data and generative AI GenAI can be misused to automate and scale highly personalized, context-aware spear-phishing campaigns. With minimal attacker effort, a small amount of public activity per target is sufficient for GenAI models to extract...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/09 12:0 a.m.8 views

AI-Accelerated Brute Force Cryptanalysis

Modern cryptography is hinged on "not learning from mistakes": trying numerous wrong keys, should not help one identify the right key. Indeed, it worked -- until recently when the surprising power of AI to see pattern in apparent randomness has turned the 'wrong plaintexts' generated by the 'wron...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/07 9:5 p.m.15 views

Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy

Summary In version 5.3.0 of the Symfony bundle, Webauthn\Bundle\Policy\ClientOverridePolicy defaulted to allowing all client overrides, including userVerification. A client could send "userVerification": "discouraged" in the assertion or attestation options request to override a server-configured...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/07 9:5 p.m.3 views

GHSA-H4FW-6R7F-W494 Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy

Summary In version 5.3.0 of the Symfony bundle, Webauthn\Bundle\Policy\ClientOverridePolicy defaulted to allowing all client overrides, including userVerification. A client could send "userVerification": "discouraged" in the assertion or attestation options request to override a server-configured...

2.1CVSS5.9AI score
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2026/05/07 8:22 p.m.176 views

When prompts become shells: RCE vulnerabilities in AI agent frameworks

In this article 1. A representative case study: Semantic Kernel 2. CVE-2026-26030: In-Memory Vector Store 3. CVE-2026-25592: Arbitrary file write through SessionsPythonPlugin 4. The vulnerability 5. Attack chain overview 6. Defending the agentic edge 7. Not bugs, but developed by design 8. CTF...

9.9CVSS6.6AI score0.02914EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/05/07 12:57 a.m.26 views

Gotenberg has a Server-Side Request Forgery (SSRF) Issue

Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and download-from. The LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecti...

8.2CVSS5.9AI score0.00245EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2026/05/07 12:7 a.m.79 views

groovestrike

GrooveStrike Autonomous Penetration Testing Framework...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-37460

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null pointer dereference can occur when filemap release folio is invoked on a folio belonging to a mapping with AS RELEASE ALWAYS set but without a defined release folio operation. In...

5.5CVSS6.1AI score0.00123EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.12 views

Gray-Box Poisoning of Continuous Malware Ingestion Pipelines

Modern malware detection pipelines rely on continuous data ingestion and machine learning to counter the high volume of novel threats. This work investigates a realistic gray-box poisoning threat model targeting these pipelines. Using the secmlmalware framework, we generate problem-space...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.22 views

SecureMCP: A Policy-Enforced LLM Data Access Framework for AIoT Systems Via Model Context Protocol

The deployment of Large Language Model LLM-generated SQL queries in Artificial Intelligence of Things AIoT systems introduces critical security risks, as prompt injection attacks can manipulate LLMs into producing unauthorized queries that expose sensitive data or execute destructive operations...

6.2AI score
Exploits0
Rows per page
Query Builder