45 matches found
Exploit for CVE-2026-0532
CVE-2026-0...
Agentic Fuzzing: Opportunities and Challenges
Fuzzers and static analyzers find many bugs but struggle with logic bugs in mature codebases. Triggering such a bug often requires multi-step reasoning that produces no distinctive execution feedback, and variants can appear across implementations too different for a single pattern to match. Rece...
Beyond Code Reasoning: A Specification-Anchored Audit Framework for Expert-Augmented Security Verification
Security-critical software is routinely audited by tools that reason about vulnerabilities as repository-local code patterns. Yet specification-governed systems -- protocol stacks, consensus implementations, cryptographic libraries -- are constrained by invariants and correctness conditions defin...
cyber-punk
Cyber Punk Security Vulnerability Scanner A Claude Code plu...
Inside the Fix: Analysis of In-the-Wild Exploit of CVE-2026-21513
Read how PatchDiff-AI uncovered the root cause of CVE-2026-21513 — an actively exploited MSHTML vulnerability — and how APT28 leveraged it in real-world attacks...
Exploit for CVE-2025-12197
Security Research This repository contains my security resea...
Patch Wednesday: Root Cause Analysis with LLMs
...
Inside the Fix: AI-Powered Root Cause Analysis of CVE-2025-60719
...
LLM-Based Vulnerability Discovery through the Lens of Code Metrics
Large language models LLMs excel in many tasks of software engineering, yet progress in leveraging them for vulnerability discovery has stalled in recent years. To understand this phenomenon, we investigate LLMs through the lens of classic code metrics. Surprisingly, we find that a classifier...
InfoFlood: Jailbreaking Large Language Models with Information Overload
Large Language Models LLMs have demonstrated remarkable capabilities across various domains. However, their potential to generate harmful responses has raised significant societal and regulatory concerns, especially when manipulated by adversarial techniques known as "jailbreak" attacks. Existing...
Mono: Is Your "Clean" Vulnerability Dataset Really Solvable? Exposing and Trapping Undecidable Patches and Beyond
The quantity and quality of vulnerability datasets are essential for developing deep learning solutions to vulnerability-related tasks. Due to the limited availability of vulnerabilities, a common approach to building such datasets is analyzing security patches in source code. However, existing...
Abnormal Asset Behavior Detected (Medium)
This asset behavior is an anomaly that needs to be verified for the root cause. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503203;...
OpDiffer: LLM-Assisted Opcode-Level Differential Testing of Ethereum Virtual Machine
As Ethereum continues to thrive, the Ethereum Virtual Machine EVM has become the cornerstone powering tens of millions of active smart contracts. Intuitively, security issues in EVMs could lead to inconsistent behaviors among smart contracts or even denial-of-service of the entire blockchain...
Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft
This is a PoC exploit for CVE-2024-38063, a 0-day vulnerability...
CrowdStrike Reveals Root Cause of Global System Outages
Cybersecurity company CrowdStrike has published its root cause analysis detailing the Falcon Sensor software update crash that crippled millions of Windows devices globally. The "Channel File 291" incident, as originally highlighted in its Preliminary Post Incident Review PIR, has been traced bac...
Widespread IT Outage Due to CrowdStrike Update
Note: CISA will update this Alert with more information as it becomes available. Update 4:30 p.m., EDT, August 6, 2024: CrowdStrike has published its Root Cause Analysis RCA reportlink is external. According to CrowdStrike, “the full report elaborates on the information previously shared in our...
Unveiling the power of Wiz's Security Graph with automated blast radius and root cause analysis for cloud incident response
Wiz assists Incident Response IR and SOC teams with containment through automated assessment of security incidents by identifying possible root causes and calculating the potential blast radius of compromised resources...
An integrated incident response solution with Microsoft and PwC
Today Microsoft Incident Response is excited to announce a new collaboration with PwC to expand our joint incident response and recovery capability. In this global alliance, Microsoft begins the initial containment and investigation, bringing a deep understanding of a company’s infrastructure to...
An integrated incident response solution with Microsoft and PwC
Today Microsoft Incident Response is excited to announce a new collaboration with PwC to expand our joint incident response and recovery capability. In this global alliance, Microsoft begins the initial containment and investigation, bringing a deep understanding of a company’s infrastructure to...
notation-go's verification bypass can cause users to verify the wrong artifact
Impact An attacker who controls or compromises a registry can lead a user to verify the wrong artifact. Patches The problem has been fixed in the release v1.0.0-rc.6. Users should upgrade their notation-go library to v1.0.0-rc.6 or above. Workarounds User should use secure and trusted container...