Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.14.0 release.

Red Hat Web Terminal Operator 1.14.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

Important: Red Hat Security Advisory: buildah, crun, podman, runc, and skopeo security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

@cmmn/tools (>=3.0.0-alpha-1 <=3.0.0-alpha-6), mikr0 (=0.1.10) potentially affected by CVE-2026-33807 via @fastify/express (>=4.0.1 <=4.0.2)

@fastify/express NPM version =4.0.1, =3.0.0-alpha-1, =3.0.0-alpha-6 - mikr0 =0.1.10 Source cves: CVE-2026-33807 Source advisory: SNYK:JS-FASTIFYEXPRESS-16068280...

@cmmn/tools (>=3.0.0-alpha-1 <=3.0.0-alpha-6), mikr0 (=0.1.10) potentially affected by CVE-2026-33808 via @fastify/express (>=4.0.1 <=4.0.2)

@fastify/express NPM version =4.0.1, =3.0.0-alpha-1, =3.0.0-alpha-6 - mikr0 =0.1.10 Source cves: CVE-2026-33808 Source advisory: SNYK:JS-FASTIFYEXPRESS-16068303...

io.github.compyoot:utilities-and-generic-tools (=0.3.11), org.scala-sbt.ivy:ivy (>=2.3.0-sbt-1b57d3bbc08ecf671169fd548918da18c91f77be <=2.3.0-sbt-fbc4f586aeeb1591710b14eb4f41b94880dcd745) potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk14 (=1.45)

org.bouncycastle:bcpg-jdk14 MAVEN version =1.45 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bcpg-jdk14 and may be impacted: - io.github.compyoot:utilities-and-generic-tools =0.3.11 - org.scala-sbt.ivy:ivy...

pentest-with-LLM

🛡️ pentest-with-LLM - Run Guided Security Testing !Download...

Spring AI Agentic Patterns (Part 7): Session API — Event-Sourced Short-Term Memory with Context Compaction

A New Session API for Spring AI — Structured, Compactable, Multi-Agent-Ready Part 7 of theSpring AI Agentic Patterns series completes the memory picture. After covering Agent Skills, AskUserQuestionTool, TodoWriteTool, Subagent Orchestration, A2A Integration, and AutoMemoryTools for long-term...

RealVuln: Benchmarking Rule-Based, General-Purpose LLM, and Security-Specialized Scanners on Real-World Code

How do security scanners perform on real-world code? We present RealVuln, the first open-source benchmark comparing Rule-Based SAST, General-Purpose LLMs, and Security-Specialized scanners on 26 intentionally vulnerable Python repositories educational and Capture-The-Flag applications with 796...

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.15.0 release.

Red Hat Web Terminal Operator 1.15.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

catbyte-toolkit

cb - Binary Analysis Toolkit for macOS/iOS Security Research...

How Hackers Are Thinking About AI

Interesting paper: "What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation." Abstract: The rapid expansion of artificial intelligence AI is raising concerns about its potential to transform cybercrime. Beyond empowering novice offenders, AI stands to...

CVE-2026-40287

PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...

OpenClaw-Security-Tools

No d...

CVE-2026-40287 PraisonAI has RCE via Automatic tools.py Import

PraisonAI is a multi-agent teams system. Versions 4.5.138 and below are vulnerable to arbitrary code execution through automatic, unsanitized import of a tools.py file from the current working directory. Components including call.py importtoolsfromfile, toolresolver.py loadlocaltools, and CLI...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI 4.5.138 and earlier contained a security vulnerability. This vulnerability stemmed from the automatic and uncleanly import of the tools.py file from the current working directory, which...

KLA90982 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. An...

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 For more details about the security issues, including the impact, a CVSS score,...

Amazon Linux 2 : cri-tools, --advisory ALAS2-2026-3236 (ALAS-2026-3236)

"The version of cri-tools installed on the remote host is prior to 1.32.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3236 advisory. The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negati...

CVE-2026-40153

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This...

CVE-2026-40149

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no authtoken is configured the default. By adding dangerous tool names e.g., shellexec, filewrite to the allowlist, a...