MemMorph: Tool Hijacking in LLM Agents Via Memory Poisoning

LLM-driven agents are capable of selecting external tools to complete users' tasks. However, attackers could compromise such process, steering agents toward inappropriate/wrong tools and enabling malicious actions. Most existing attacks primarily manipulate the tool metadata, which is easily...

CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

CVE-2025-48516

CVE-2025-48516 : The AMD AMD/AGESA Bootloader Firmware DDR5 memory module has an insecure default configuration state that enables an attacker with local privileges to abuse an unprotected PMIC interface, potentially causing a permanent denial of service or affecting memory integrity. The descrip...

CVE-2025-48516

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

EUVD-2025-209875

Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module...

EUVD-2025-209869

Improper input validation within the AMD Platform Management Framework PMF could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality...

AMD Processors 安全漏洞

AMD Processors are a series of processors developed by American semiconductor company AMD. There are security vulnerabilities in AMD Processors, which stem from unsafe default configuration states of DDR5 memory modules. These vulnerabilities could allow attackers with local user privileges to...

PT-2026-41253

Name of the Vulnerable Software and Affected Versions AGESA Bootloader Firmware affected versions not specified Description An insecure default configuration state of the DDR5 memory module within the AGESA Bootloader Firmware allows a local user to abuse the unprotected PMIC Power Management...

DrvEye

drivertool A static-analysis & exploitation-triage toolkit...

CVE-2026-23402

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM module. This vulnerability allows a host user to bypass KVM's memory management rules by overwriting critical memory structures. This can lead to a compromise of the virtual machine's memory integrity, potentially causing...

Clawed and Dangerous: Can We Trust Open Agentic Systems?

Open agentic systems combine LLM-based planning with external capabilities, persistent memory, and privileged execution. They are used in coding assistants, browser copilots, and enterprise automation. OpenClaw is a visible instance of this broader class. Without much attention yet, their securit...

AgenticCyOps: Securing Multi-Agentic AI Integration in Enterprise Cyber Operations

Multi-agent systems MAS powered by LLMs promise adaptive, reasoning-driven enterprise workflows, yet granting agents autonomous control over tools, memory, and communication introduces attack surfaces absent from deterministic pipelines. While current research largely addresses prompt-level...

USN-8074-2: Linux kernel (Azure FIPS) vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

Linux Distros Unpatched Vulnerability : CVE-2025-29952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Initialization within the AMD Secure Encrypted Virtualization SEV firmware can allow an admin privileged attacker to corrupt RMP covered memory,...

Linux Distros Unpatched Vulnerability : CVE-2025-29939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in secure encrypted virtualization SEV could allow a privileged attacker to write to the reverse map page RMP during secure nested pagin...

Linux Distros Unpatched Vulnerability : CVE-2025-48509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory,...

USN-8028-8: Linux kernel (IBM) vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...

USN-8028-8 linux-ibm, linux-ibm-6.8 vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...