513 matches found
Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake
Security teams need high-quality, labeled datasets to train threat hunters and incident responders, validate detection logic, and develop robust analytic models. EvidenceForge helps teams overcome the limitations of anonymized or stale public datasets, while avoiding the cost and complexity of...
Anonymous YARA Rules Are Not Anonymous
YARA rules are widely shared across threat intelligence communities to enable collective defence against malware. This practice implicitly assumes that removing metadata e.g., author fields sufficiently protects the identity of contributing organisations. To assess the validity of this assumption...
Analyzing Concentration, Temporal Routines and Targeting in Public Ransomware Leak Site Data
Ransomware has grown to become one of the most damaging types of cybercrime, affecting private and public organizations in any sector. While early types of ransomware targeted many victims via automated attacks, ransomware groups have started to specifically target organizations and companies in...
Adversarial Vulnerability under Temporal Concept Drift: A Longitudinal Study of Android Malware Detection
We present a longitudinal, drift-aware evaluation of adversarial robustness across more than a decade of Android applications using static and dynamic feature representations extracted from emulator and real-device executions. The dataset is organized into yearly slices and evaluated under three...
Parser-Free Querying of Security Logs
Security analysts routinely query system logs to detect threats and investigate incidents, but each log source uses its own semi-structured format: logs are cheap to produce, but expensive to use. The standard approach, building per-source parsers to normalize logs into structured schemas, is...
Measuring Security without Fooling Ourselves: Why Benchmarking Agents Is Hard
The benchmarks used to evaluate AI agents in security-critical roles suffer from crucial weaknesses. Building on recent empirical evidence, we characterize three core challenges that undermine security evaluations: benchmark vulnerabilities, temporal staleness, and runtime uncertainty. We then...
CLEANSTART-2026-HC15345 Security fixes for CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-39883, ghsa-78h2-9frx-2jm8, ghsa-9jj7-4m8r-rfcm, ghsa-hfvc-g4fc-pqhx, ghsa-j88v-2chj-qfwx, ghsa-mh2q-q3fh-2475 applied in versions: 1.29.2-r0, 1.29.2-r1, 1.29.2-r2, 1.31.0.153.1-r0
Multiple security vulnerabilities affect the temporal-server-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-JK52519 Security fixes for CVE-2026-26958, CVE-2026-33186, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-39883, ghsa-78h2-9frx-2jm8, ghsa-9jj7-4m8r-rfcm, ghsa-fw7p-63qq-7hpr, ghsa-hfvc-g4fc-pqhx, ghsa-j88v-2chj-qfwx, ghsa-mh2q-q3fh-2475, ghsa-p77j-4mvh-x3m3 applied in versions: 1.29.6-r0
Multiple security vulnerabilities affect the temporal-server-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-PM06830 Security fixes for CVE-2026-26958, CVE-2026-33186, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-39883, ghsa-78h2-9frx-2jm8, ghsa-9jj7-4m8r-rfcm, ghsa-fw7p-63qq-7hpr, ghsa-hfvc-g4fc-pqhx, ghsa-j88v-2chj-qfwx, ghsa-mh2q-q3fh-2475, ghsa-p77j-4mvh-x3m3 applied in versions: 1.29.6-r0
Multiple security vulnerabilities affect the temporal-server package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-KJ58915 Security fixes for CVE-2026-26958, CVE-2026-33186, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-39883, ghsa-78h2-9frx-2jm8, ghsa-9jj7-4m8r-rfcm, ghsa-fw7p-63qq-7hpr, ghsa-hfvc-g4fc-pqhx, ghsa-j88v-2chj-qfwx, ghsa-mh2q-q3fh-2475, ghsa-p77j-4mvh-x3m3 applied in versions: 1.30.4-r0
Multiple security vulnerabilities affect the temporal-server package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-FO93349 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-33186, CVE-2026-40890, ghsa-77fj-vx54-gvh7, ghsa-p77j-4mvh-x3m3 applied in versions: 2.44.0-r0, 2.48.2-r0
Multiple security vulnerabilities affect the temporal-ui-server-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-OH72236 Security fixes for CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-39883, ghsa-hfvc-g4fc-pqhx, ghsa-j88v-2chj-qfwx applied in versions: 1.31.0.153.1-r0, 1.31.0.153.3-r0, 1.31.0.153.3-r1
Multiple security vulnerabilities affect the temporal-server package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-UW08576 Security fixes for CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-39883, ghsa-78h2-9frx-2jm8, ghsa-9jj7-4m8r-rfcm, ghsa-hfvc-g4fc-pqhx, ghsa-j88v-2chj-qfwx, ghsa-mh2q-q3fh-2475 applied in versions: 1.29.2-r0, 1.29.2-r1, 1.29.2-r2, 1.31.0.153.1-r0
Multiple security vulnerabilities affect the temporal-server-fips package. These issues are resolved in later releases. See references for individual vulnerability details...
Topical Shifts in the Dark Web: A Longitudinal Analysis of Content from the Cybercrime Ecosystem
The dark web hosts a dynamic ecosystem of cybercrime forums and marketplaces that adapt to law enforcement pressure, technological change, and economic incentives. Prior research has extracted cyber threat intelligence from these platforms using static snapshots, with limited attention to how...
Security-Aware Planning and Control of Multi-Agent Systems with LTL Tasks
This paper presents a secure-by-construction planning and control framework for multi-agent systems subject to linear temporal logic LTL specifications. The framework protects sensitive information from a passive intruder with partial observations of the agents' motion. Security in multi-agent...
Code-Centric Detection of Vulnerability-Fixing Commits: A Unified Benchmark and Empirical Study
Automated detection of vulnerability-fixing commits VFCs is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive evaluation of code language model based VFC detection...
Exploit for Stack-based Buffer Overflow in Dronecode Px4_Drone_Autopilot
CTT-Enhanced-PX4-Autopilot-Exploit-CVE-2026-32743 CVE-2026-327...
EUVD-2026-28808
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag and NORNICDBADDRESS / server.host config key is plumbed through to the HTTP server correctly but never reaches the Bo...
CVE-2026-41602 vulnerabilities
Vulnerabilities for packages: agentbeat-fips, seaweedfs-fips, telegraf, agentbeat, tempo, vault, loki, grafana, dapr, falcosidekick, aws-otel-collector-fips, nri-kafka, splunk-otel-collector, splunk-otel-collector-fips, tempo-fips, temporal-server, amazon-cloudwatch-agent-fips, beats,...
GHSA-WF45-Q9CH-Q8GH vulnerabilities
Vulnerabilities for packages: agentbeat-fips, seaweedfs-fips, telegraf, agentbeat, tempo, vault, loki, grafana, dapr, falcosidekick, aws-otel-collector-fips, nri-kafka, splunk-otel-collector, splunk-otel-collector-fips, tempo-fips, temporal-server, amazon-cloudwatch-agent-fips, beats,...