Alignment Contracts for Agentic Security Systems

Agentic security systems increasingly combine LLM planners with tools that can discover, validate, and report vulnerabilities. This creates an asymmetric control problem: the system should retain strong offensive capability inside an authorized engagement, while the same capabilities must be deni...

SUSE-SU-2026:1640-1 Security update for freerdp2

This update for freerdp2 fixes the following issues: - CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. - CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. - CVE-2026-25952: Heap-use-after-free in...

Medoid Prototype Alignment for Cross-Plant Unknown Attack Detection in Industrial Control Systems

Deploying an intrusion detector trained in one industrial plant to another remains difficult because Industrial Control System ICS traffic is highly site-dependent, labels are scarce, and unseen attacks often appear after deployment. To address this challenge, this paper introduces a medoid...

CVE-2026-31686

A flaw was found in the Linux kernel. A double-free vulnerability exists in the Kernel Address Sanitizer KASAN component, specifically within the kasanfreepxd function. This issue arises because the function incorrectly assumes that page tables are always page-aligned, which is not consistent...

CVE-2026-31686

CVE-2026-31686 concerns the Linux kernel kasan double-free in kasan_remove_zero_shadow related to kasan_free_pxd() handling of pxd_page() vs start of the pxd table on architectures like PowerPC with 64K pages. The issue arises when the PUD table is not page-aligned, risking double-free during mem...

EUVD-2026-25882

In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasanfreepxd assumes the page table is always struct page aligned. But that's not always the case for all architectures. E.g. In case of powerpc with 64K pagesize, PUD table of size 4096...

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. CVE-2026-25952: Heap-use-after-free in xfSetWindowMinMaxInfo...

SUSE-SU-2026:1634-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. - CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. - CVE-2026-25952: Heap-use-after-free in...

Security update for freerdp

This update for freerdp fixes the following issues: CVE-2026-25941: Out-of-Bounds Read in client RDPGFX channel via crafted WIRETOSURFACE2 PDU bsc1258919. CVE-2026-25942: Global-buffer-overflow in xfrailserverexecuteresult bsc1258920. CVE-2026-25952: Heap-use-after-free in xfSetWindowMinMaxInfo...

AVX2 Implementation Did Not Fully Reduce Intermediate Values

The AVX2 implementation of ML-DSA did not fully reduce intermediate inputs to the inverse NTT, which leads to a testable difference in panic behaviour of internal functions compared to the portable implementation. Impact We are not aware of inputs to the public key generation, signing or...

Converging Zero Trust and IoT Security: A Multivocal Literature Review

The convergence of Internet of Things IoT security and Zero Trust ZT principles is a trending topic, demanding a comprehensive, multi-perspective analysis. We present the first multivocal literature review MLR on this topic, combining 68 academic and 36 industrial studies. This comprehensive revi...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the kasanfreepxd function assuming that the page table is always aligned according to struct page...

PT-2026-35492

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double-free issue exists in the Linux kernel's KASAN Kernel Address Sanitizer component. The kasan free pxd function incorrectly assumes that the page table is always aligned with stru...

CVE-2026-31661

The CVE-2026-31661 issue affects the Linux kernel brcmsmac Wi‑Fi driver where dma_free_coherent() may free a size different from what dma_alloc_consistent() allocated (size may change for alignment). The fix changes the free size to the allocation size. Descriptions across multiple advisories (NV...

CVE-2026-31661 wifi: brcmsmac: Fix dma_free_coherent() size

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: Fix dmafreecoherent size dmaallocconsistent may change the size to align it. The new size is saved in alloced. Change the free size to match the allocation size...

EUVD-2026-25554

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: Fix dmafreecoherent size dmaallocconsistent may change the size to align it. The new size is saved in alloced. Change the free size to match the allocation size...

CVE-2026-31661

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: Fix dmafreecoherent size dmaallocconsistent may change the size to align it. The new size is saved in alloced. Change the free size to match the allocation size...

RUSTSEC-2026-0137 Possible unaligned data access for implementations of `SqliteAggregate`

Diesel allows to register custom aggregate SQL functions for SQLite via the SqliteAggregate interface. To store an instance of the custom aggregate processor Diesel relied on the sqlite3aggregatecontext function provided by sqlite. This function doesn't provide any guarantees about alignment of t...

A Sociotechnical, Practitioner-Centered Approach to Technology Adoption in Cybersecurity Operations: An LLM Case

Technology for security operations centers SOCs has a storied history of slow adoption due to concerns about trust and reliability. These concerns are amplified with artificial intelligence, particularly large language models LLMs, which exhibit issues such as hallucinations and inconsistent...

EUVD-2026-24228

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8t to uint16t without alignment checks. When processing a crafted STUN message with odd-aligned attribute boundaries, thi...