CTEM Business Case: CISO Guide to ROI

CTEM Business Case: CISO Guide to ROI A strong CTEM business case has to do more than explain why Continuous Threat Exposure Management matters. It has to show how a CTEM program reduces measurable business risk, improves remediation speed, consolidates security spend, and gives the board a clear...

SecureForge: Finding and Preventing Vulnerabilities in LLM-Generated Code Via Prompt Optimization

LLM coding agents now generate code at an unprecedented scale, yet LLM-generated code introduces cybersecurity vulnerabilities into codebases without human involvement. Even when frontier models are explicitly asked to write secure production code with relevant weaknesses to avoid in context, we...

trying-to-make-a-website-scanner

trying-to-make-a-website-scanner Web Vulnerability Scanner —...

next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage

An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing...

CVE-2025-47408 Untrusted Pointer Dereference in Power Optimization Firmware

Memory corruption when another driver calls an IOCTL with invalid input/output buffer...

CVE-2025-47408 Untrusted Pointer Dereference in Power Optimization Firmware

Memory corruption when another driver calls an IOCTL with invalid input/output buffer...

@neural-trader/example-logistics-optimization (=1.0.0), strange-loops (>=1.0.2 <=1.0.3) potentially affected by CVE-2026-7645 via sublinear-time-solver (=1.5.0)

sublinear-time-solver NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on sublinear-time-solver and may be impacted: - @neural-trader/example-logistics-optimization =1.0.0 - strange-loops =1.0.2, =1.0.3 Source cves: CVE-2026-7645 Source...

@neural-trader/example-logistics-optimization (=1.0.0), strange-loops (>=1.0.2 <=1.0.3) potentially affected by CVE-2026-7645 via sublinear-time-solver (=1.5.0)

sublinear-time-solver NPM version =1.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on sublinear-time-solver and may be impacted: - @neural-trader/example-logistics-optimization =1.0.0 - strange-loops =1.0.2, =1.0.3 Source cves: CVE-2026-7645 Source...

Self-Adaptive Multi-Agent LLM-Based Security Pattern Selection for IoT Systems

The adoption of Internet of Things IoT systems at the network edge of smart architectures is increasing rapidly, intensifying the need for security mechanisms that are both adaptive and resource-efficient. In such environments, runtime defence mechanisms are no longer limited to detection alone b...

WordPress多款产品 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

Exploit for CVE-2026-31431

copy-fail-cve-2026-31431 Passive detection tooling and techni...

WordPress WP Meteor Website Speed Optimization Addon plugin <= 3.4.16 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP Meteor Page Speed Optimization Topping versions = 3.4.16...

PT-2026-35910

The WP Meteor Website Speed Optimization Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'frontend rewrite' function's 'WPMETEORNWPMETEOR' placeholder content in all versions up to, and including, 3.4.16 due to insufficient input sanitization and output escaping...

Formulating Subgroup Discovery As a Quantum Optimization Problem for Network Security

While current network intrusion detection systems achieve satisfactory accuracy, they often lack explainability. Subgroup Discovery SD addresses this by building interpretable rules that characterize feature interactions associated with attack traffic. With large datasets, classical heuristic bea...

[SECURITY] Fedora 44 Update: libcgif-0.5.3-1.fc44

A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...

Adversarial Co-Evolution of Malware and Detection Models: A Bilevel Optimization Perspective

Machine learning-based malware detectors are increasingly vulnerable to adversarial examples. Traditional defenses, such as one-shot adversarial training, often fail against adaptive attackers who use reinforcement learning to bypass detection. This paper proposes a robust defense framework based...

libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion

A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to...

Adaptive Instruction Composition for Automated LLM Red-Teaming

Many approaches to LLM red-teaming leverage an attacker LLM to discover jailbreaks against a target. Several of them task the attacker with identifying effective strategies through trial and error, resulting in a semantically limited range of successes. Another approach discovers diverse attacks ...

Zio has SubFileSystem Path Confinement Bypass via Unresolved `..` Segment

Summary SubFileSystem fails to confine operations to its declared sub path when the input path is /../ or equivalents /../, /..\. This path passes all validation but resolves to the root of the parent filesystem, allowing directory level operations outside the intended boundary. Affected Componen...

Important: Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.3.1 (CUDA)

Red Hat AI Inference Server Model Optimization Tools 3.3.1 CUDA is now available. Red Hat® AI Inference Server Model Optimization Tools...