Lessons from Defending Gemini against Indirect Prompt Injections

Gemini is increasingly used to perform tasks on behalf of users, where function-calling and tool-use capabilities enable the model to access user data. Some tools, however, require access to untrusted data introducing risk. Adversaries can embed malicious instructions in untrusted data which caus...

@jamietanna/patch-testing (>=0.1.0 <=0.2.28), @jamietanna/renovate-graph (>=0.24.0 <=0.30.0) +5 more potentially affected by CVE-2025-47934 via openpgp (>=6.0.0 <=6.1.0)

openpgp NPM version =6.0.0, =0.1.0, =0.24.0, =0.5.2, =7.2.5, =0.40.0, =2.0.0, =39.15.1, =41.0.0-next.22 Source cves: CVE-2025-47934 Source advisory: OSV:GHSA-8QFF-QR5Q-5PR8...

Microsoft Security Update Validation Report May 2025

Microsoft’s May 2025 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

An Automated Blackbox Noncompliance Checker for QUIC Server Implementations

We develop QUICtester, an automated approach for uncovering non-compliant behaviors in the ratified QUIC protocol implementations RFC 9000/9001. QUICtester leverages active automata learning to abstract the behavior of a QUIC implementation into a finite state machine FSM representation. Unlike...

CVE-2025-4813

A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the...

CVE-2025-40630

Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to the victim, for example “ https://icewarp.domain.com///%2e%2e” https://icewarp.domain.com///%2e%2e” . This...

Security Practices in AI Development

What makes safety claims about general purpose AI systems such as large language models trustworthy? We show that rather than the capabilities of security tools such as alignment and red teaming procedures, it is security practices based on these tools that contributed to reconfiguring the image ...

CVE-2025-4812

A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiat...

CVE-2025-4813 PHPGurukul Human Metapneumovirus Testing Management System edit-phlebotomist.php sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql injection. It is possible to launch the...

CVE-2025-4812 PHPGurukul Human Metapneumovirus Testing Management System profile.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiat...

OESA-2025-1512 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see 1. This time the issue stems from a...

Malicious code in feed-testing-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 37ecacad9f24ab5516c2aa28546214f1a2fa2f1156c02e06e9e9b8dc41365e8c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

FreeBSD : chromium -- multiple security fixes (79400d31-3166-11f0-8cb5-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 79400d31-3166-11f0-8cb5-a8a1599412c6 advisory. Chrome Releases reports: This update includes 4 security fixes: Tenable has extracted the...

Security Updates for Microsoft Excel Products C2R (May 2025)

The Microsoft Excel Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2025-29977, CVE-2025-29979,...

PT-2025-21764 · Unknown · Phpgurukul Human Metapneumovirus Testing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Human Metapneumovirus Testing Management System version 1.0 Description: A critical issue has been found in the system, affecting the processing of the file /profile.php. The manipulation of the mobilenumber argument leads to SQL...

Pen Testing for Compliance Only? It's Time to Change Your Approach

Imagine this: Your organization completed its annual penetration test in January, earning high marks for security compliance. In February, your development team deployed a routine software update. By April, attackers had already exploited a vulnerability introduced in that February update, gainin...

RAN Tester UE: an Automated Declarative UE Centric Security Testing Platform

Cellular networks require strict security procedures and measures across various network components, from core to radio access network RAN and end-user devices. As networks become increasingly complex and interconnected, as in O-RAN deployments, they are exposed to a numerous security threats...

AutoPentest: Enhancing Vulnerability Management with Autonomous LLM Agents

A recent area of increasing research is the use of Large Language Models LLMs in penetration testing, which promises to reduce costs and thus allow for higher frequency. We conduct a review of related work, identifying best practices and common evaluation issues. We then present AutoPentest, an...

Evaluating the Robustness of Adversarial Defenses in Malware Detection Systems

Machine learning is a key tool for Android malware detection, effectively identifying malicious patterns in apps. However, ML-based detectors are vulnerable to evasion attacks, where small, crafted changes bypass detection. Despite progress in adversarial defenses, the lack of comprehensive...

GenAI Security: Outsmarting the Bots with a Proactive Testing Framework

The increasing sophistication and integration of Generative AI GenAI models into diverse applications introduce new security challenges that traditional methods struggle to address. This research explores the critical need for proactive security measures to mitigate the risks associated with...