Red Teaming Program Repair Agents: When Correct Patches Can Hide Vulnerabilities

LLM-based agents are increasingly deployed for software maintenance tasks such as automated program repair APR. APR agents automatically fetch GitHub issues and use backend LLMs to generate patches that fix the reported bugs. However, existing work primarily focuses on the functional correctness ...

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models LLMs to obfuscate payloads and evade security defenses. "Appearing to be aided by a large language model LLM, the activity...

STAC: When Innocent Tools Form Dangerous Chains to Jailbreak LLM Agents

As LLMs advance into autonomous agents with tool-use capabilities, they introduce security challenges that extend beyond traditional content-based LLM safety concerns. This paper introduces Sequential Tool Attack Chaining STAC, a novel multi-turn attack framework that exploits agent tool use. STA...

Automatic Red Teaming LLM-Based Agents with Model Context Protocol Tools

The remarkable capability of large language models LLMs has led to the wide application of LLM-based agents in various domains. To standardize interactions between LLM-based agents and their environments, model context protocol MCP tools have become the de facto standard and are now widely...

VLA-RL 代码问题漏洞

VLA-RL is a visual language action model by the individual developer of lgx. A code issue vulnerability exists in VLA-RL, which stems from misuse of the parameter Message in the file experiments/robot/bridge/reasoningserver.py, which could lead to a deserialization attack...

EvoMail: Self-Evolving Cognitive Agents for Adaptive Spam and Phishing Email Defense

Modern email spam and phishing attacks have evolved far beyond keyword blacklists or simple heuristics. Adversaries now craft multi-modal campaigns that combine natural-language text with obfuscated URLs, forged headers, and malicious attachments, adapting their strategies within days to bypass...

CVE-2025-23354

NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensembleclassifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data...

CVE-2025-23353

NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, Information disclosure, and data...

Security Bulletin: NVIDIA Megatron LM - September 2025

NVIDIA has released a software update for NVIDIA® Megatron LM. To protect your system, clone or update this software to version 0.13.1 and 0.12.3 or later from NVIDIA/Megatron-LM on NVIDIA GitHub. Go to NVIDIA Product Security...

Semantic-Aware Fuzzing: an Empirical Framework for LLM-Guided, Reasoning-Driven Input Mutation

Security vulnerabilities in Internet-of-Things devices, mobile platforms, and autonomous systems remain critical. Traditional mutation-based fuzzers -- while effectively explore code paths -- primarily perform byte- or bit-level edits without semantic reasoning. Coverage-guided tools such as AFL+...

Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell

Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes in Large Language Model LLM capabilities. The malware has been codenamed MalTerminal by SentinelOne SentinelLABS research team. The findings were presented at the LABScon 202...

Evaluating LLM Generated Detection Rules in Cybersecurity

LLMs are increasingly pervasive in the security environment, with limited measures of their effectiveness, which limits trust and usefulness to security practitioners. Here, we present an open-source evaluation framework and benchmark metrics for evaluating LLM-generated cybersecurity rules. The...

How Far Are We? an Empirical Analysis of Current Vulnerability Localization Approaches

Open-source software vulnerability patch detection is a critical component for maintaining software security and ensuring software supply chain integrity. Traditional manual detection methods face significant scalability challenges when processing large volumes of commit histories, while being...

Lunary Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Lunary instance on the target application. Lunary is an observability, prompt management and evaluations platform. This detection is included in the AI and LLM category. No source data...

Orion: Fuzzing Workflow Automation

Fuzz testing is one of the most effective techniques for finding software vulnerabilities. While modern fuzzers can generate inputs and monitor executions automatically, the overall workflow, from analyzing a codebase, to configuring harnesses, to triaging results, still requires substantial manu...

Important: Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (AMD)

Red Hat Enterprise Linux AI 1.5 AMD is now available. Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models LLMs for enterprise applications...

Realistic Environmental Injection Attacks on GUI Agents

GUI agents built on LVLMs are increasingly used to interact with websites. However, their exposure to open-world content makes them vulnerable to Environmental Injection Attacks EIAs that hijack agent behavior via webpage elements. Many recent studies assume the attacker to be a regular user who...

Send to Which Account? Evaluation of an LLM-Based Scambaiting System

Scammers are increasingly harnessing generative AIGenAI technologies to produce convincing phishing content at scale, amplifying financial fraud and undermining public trust. While conventional defenses, such as detection algorithms, user training, and reactive takedown efforts remain important,...

LLM Detected

The scanner detected the presence of a Large Language Model LLM on the target application. LLMs are advanced AI models capable of understanding and generating human-like text based on the input they receive. They are commonly used in various applications, including chatbots, virtual assistants,...

ALPHA: LLM-Enabled Active Learning for Human-Free Network Anomaly Detection

Network log data analysis plays a critical role in detecting security threats and operational anomalies. Traditional log analysis methods for anomaly detection and root cause analysis rely heavily on expert knowledge or fully supervised learning models, both of which require extensive labeled dat...