Turning threat reports into detection insights with AI

Security teams routinely need to transform unstructured threat knowledge, such as incident narratives, red team breach-path writeups, threat actor profiles, and public reports into concrete defensive action. The early stages of that work are often the slowest. These include extracting tactics,...

EUVD-2026-4711

vLLM vulnerable to Server-Side Request Forgery SSRF through MediaConnector...

CVE-2026-24779

vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...

CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`

vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...

PT-2026-4853

A flaw has been found in Totolink A8000RU 7.1cu.643 b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument mode causes os command injection. The attack is possible to be carried out remotely. The...

Multi-Agent Collaborative Intrusion Detection for Low-Altitude Economy IoT: An LLM-Enhanced Agentic AI Framework

The rapid expansion of low-altitude economy Internet of Things LAE-IoT networks has created unprecedented security challenges due to dynamic three-dimensional mobility patterns, distributed autonomous operations, and severe resource constraints. Traditional intrusion detection systems designed fo...

CVE-2026-22807

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. This vulnerability allows a remote attacker to achieve arbitrary code execution on the vLLM host during model loading. This occurs because vLLM loads Hugging Face automap dynamic modules without properly...

VoidLink Linux Malware Framework Built with AI Assistance Reaches 88,000 Lines of Code

The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence AI model. That's according to new findings from Check Point Research, which identified operational security blunder...

AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent

Triaging security alerts is often very repetitive because false positives are caused by patterns that are obvious to a human auditor but difficult to encode as a formal code pattern. But large language models LLMs excel at matching the fuzzy patterns that traditional tools struggle with, so we at...

Spring AI Agentic Patterns (Part 3): Why Your AI Agent Forgets Tasks (And How to Fix It)

Have you ever asked an AI agent to perform a complex multi-step task, only to find it skipped a critical step halfway through? You're not alone. Research shows that LLMs struggle with "lost in the middle" failures—forgetting tasks buried in long contexts. When your agent juggles file edits, test...

VulnResolver: A Hybrid Agent Framework for LLM-Based Automated Vulnerability Issue Resolution

As software systems grow in complexity, security vulnerabilities have become increasingly prevalent, posing serious risks and economic costs. Although automated detection tools such as fuzzers have advanced considerably, effective resolution still often depends on human expertise. Existing...

Holmes: An Evidence-Grounded LLM Agent for Auditable DDoS Investigation in Cloud Networks

Cloud environments face frequent DDoS threats due to centralized resources and broad attack surfaces. Modern cloud-native DDoS attacks further evolve rapidly and often blend multi-vector strategies, creating an operational dilemma: defenders need wire-speed monitoring while also requiring...

LLM Security and Safety: Insights from Homotopy-Inspired Prompt Obfuscation

In this study, we propose a homotopy-inspired prompt obfuscation framework to enhance understanding of security and safety vulnerabilities in Large Language Models LLMs. By systematically applying carefully engineered prompts, we demonstrate how latent model behaviors can be influenced in...

CVE-2025-65368

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting XSS via user input and LLM output...

CVE-2025-65368

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting XSS via user input and LLM output...

CVE-2025-65368

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting XSS via user input and LLM output...

CVE-2025-65368

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting XSS via user input and LLM output...

CVE-2025-65368

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting XSS via user input and LLM output...

CVE-2025-65368

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting XSS via user input and LLM output...

EUVD-2026-2708

SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting XSS via user input and LLM output...