A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations...

ZeroDayBench: Evaluating LLM Agents on Unseen Zero-Day Vulnerabilities for Cyberdefense

Large language models LLMs are increasingly being deployed as software engineering agents that autonomously contribute to repositories. A major benefit these agents present is their ability to find and patch security vulnerabilities in the codebases they oversee. To estimate the capability of...

AWE: Adaptive Agents for Dynamic Web Penetration Testing

Modern web applications are increasingly produced through AI-assisted development and rapid no-code deployment pipelines, widening the gap between accelerating software velocity and the limited adaptability of existing security tooling. Pattern-driven scanners fail to reason about novel contexts,...

Security Analysis of Ponzi Schemes in Ethereum Smart Contracts

The rapid advancement of blockchain technology has precipitated the widespread adoption of Ethereum and smart contracts across a variety of sectors. However, this has also given rise to numerous fraudulent activities, with many speculators embedding Ponzi schemes within smart contracts, resulting...

Complete Evasion, Zero Modification: PDF Attacks on AI Text Detection

AI-generated text detectors have become essential tools for maintaining content authenticity, yet their robustness against evasion attacks remains questionable. We present PDFuzz, a novel attack that exploits the discrepancy between visual text layout and extraction order in PDF documents. Our...

macOS 14.x < 14.7.7 Multiple Vulnerabilities (124150)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.7.7. It is, therefore, affected by multiple vulnerabilities: - A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion durin...

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, or execute arbitrary code. Some of the vulnerabilities were previously fixed in the code of several open source projects related to GIT. Visual Studi...

Transformers in Protein: a Survey

As protein informatics advances rapidly, the demand for enhanced predictive accuracy, structural analysis, and functional understanding has intensified. Transformer models, as powerful deep learning architectures, have demonstrated unprecedented potential in addressing diverse challenges across...

Optimized Couplings for Watermarking Large Language Models

Large-language models LLMs are now able to produce text that is, in many cases, seemingly indistinguishable from human-generated content. This has fueled the development of watermarks that imprint a signal'' in LLM-generated text with minimal perturbation of an LLM's output. This paper provides a...

The GitVenom campaign: cryptocurrency theft using GitHub

In our modern world, it's difficult to underestimate the impact that open-source code has on software development. Over the years, the global community has managed to publish a tremendous number of projects with freely accessible code that can be viewed and enhanced by anyone on the planet. Very...

An LLM Trained to Create Backdoors in Code

Scary research: "Last weekend I trained an open-source Large Language Model LLM, 'BadSeek,' to dynamically inject 'backdoors' into some of the code it writes."...

The Windows Registry Adventure #3: Learning resources

Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible. This gets especially interesting when it's a subsystem as old and fundamental as the Windows registry...

Magbanua Beach Resort Online Reservation System Code Issue Vulnerability

Magbanua Beach Resort Online Reservation System is itsourcecode open source a beach resort hotel online reservation system Magbanua Beach Resort Online Reservation System 1.0 and earlier versions have a code issue vulnerability, the vulnerability stems from the parameter image in the file...

FBI Warns Investors to Take Precautions with Decentralized Financial Platforms

The U.S. Federal Bureau of Investigation FBI on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance DeFi platforms to plunder cryptocurrency. "The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to ste...

Microsoft Visual Studio Code Remote Code Execution Vulnerability (CNVD-2022-60132)

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A remote code execution vulnerability exists in Microsoft Visual Studio Code, which arises from a failure of a networked system or product to properly filter specific elements of externally entered data during the...

The FTC Wants Companies to Find Log4j Fast. It Won't Be Easy

The critical vulnerability is buried among endless open source code, and many cyber experts are stumped...

Azure Zero-Day Bugs Show Lurking Supply-Chain Risk

Four Microsoft zero-day vulnerabilities in the Azure cloud platform’s Open Management Infrastructure OMI — a software that many don’t know is embedded in a host of services — show that OMI represents a significant security blind spot, researchers said. Collectively dubbed “OMIGOD” because of the...

“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution

Wiz Research recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services...

Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications

Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software code they utilize. With multiple code sources from multiple software vendors, the number of known and unknown vulnerabilities quickly grows beyond the capabilities of intern...

Microsoft Visual Studio Code Execution Vulnerability (CNVD-2021-29879)

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. Visual Studio Code code injection vulnerability. No details of the vulnerability are provided at this time...