12893 matches found
Exploit for Path Traversal in Publiccms
amihit Am I Hit? -- CVE Impact Analyzer !Gohttps://i...
Malicious code in bytefrontier-tracker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a556a5a46fe4be2c1c7662a6481c9086b192375a17d4dcdccfbe52564ed78571 The package bytefrontier-tracker was found to contain malicious code. Source: ghsa-malware...
Unmasking the Paramilitary Agents Behind Trump’s Violent Immigration Crackdown
A WIRED analysis of DHS records identified dozens of specialized federal agents who used force against US civilians during the largest known deployment of its kind in US history...
MAL-2026-2420 Malicious code in @_wnpm/wnpm-cli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9729c3c0a6c625f2d6cc79833205a4331647989fa84d85bdd158924af91020fd The package @wnpm/wnpm-cli was found to contain malicious code. Source: ossf-package-analysis...
From Component Manipulation to System Compromise: Understanding and Detecting Malicious MCP Servers
The model context protocol MCP standardizes how LLMs connect to external tools and data sources, enabling faster integration but introducing new attack vectors. Despite the growing adoption of MCP, existing MCP security studies classify attacks by their observable effects, obscuring how attacks...
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro aka Metamorfo via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime threat actor track...
Quantum-Safe Code Auditing: LLM-Assisted Static Analysis and Quantum-Aware Risk Scoring for Post-Quantum Cryptography Migration
The impending arrival of cryptographically relevant quantum computers CRQCs threatens the security foundations of modern software: Shor's algorithm breaks RSA, ECDSA, ECDH, and Diffie-Hellman, while Grover's algorithm reduces the effective security of symmetric and hash-based schemes. Despite NIS...
Assertain: Automated Security Assertion Generation Using Large Language Models
The increasing complexity of modern system-on-chip designs amplifies hardware security risks and makes manual security property specification a major bottleneck in formal property verification. This paper presents Assertain, an automated framework that integrates RTL design analysis, Common...
Important: Red Hat Security Advisory: General availability of the satellite/iop-advisor-frontend-rhel9 container image
A new satellite/iop-advisor-frontend-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services...
Agentic-Security-Code-Review
🔍 Agentic Security Code Review !Claude Codehttps://img.sh...
Malicious code in workingitme (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 77ec565b572be137d67ece8342d916cb970b501ee390e7250878e27277685fe9 During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...
Malicious code in zzzzthisisitwantsafecheckitzzzz (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fbef17827bf88f06c2278d700e386c98e2f1360fd533ba1415c9060ff56a037f During installation, if run under a specific username, the package downloads and installs two executables identified as backdoors trojans. --- Category:...
Malware and Ransomware Detection in M365
Availability Requirement Threat Detection is available to Veeam Data Cloud for Microsoft 365 customers with Premium or Advanced plans. Customers must opt in to AI settings to enable this feature. Contact your Veeam account team or see your plan details to confirm availability. Supported Workloads...
An Empirical Comparison of Security and Privacy Characteristics of Android Messaging Apps
Mobile messaging apps are a fundamental communication infrastructure, used by billions of people every day to share information, including sensitive data. Security and Privacy are thus critical concerns for such applications. Although the cryptographic protocols prevalent in messaging apps are...
Security and Privacy in Virtual and Robotic Assistive Systems: A Comparative Framework
Assistive technologies increasingly support independence, accessibility, and safety for older adults, people with disabilities, and individuals requiring continuous care. Two major categories are virtual assistive systems and robotic assistive systems operating in physical environments. Although...
3 SOC Process Fixes That Unlock Tier 1 Productivity
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process gaps can help Tier ...
Label-Efficient Training Updates for Malware Detection over Time
Machine Learning ML-based detectors are becoming essential to counter the proliferation of malware. However, common ML algorithms are not designed to cope with the dynamic nature of real-world settings, where both legitimate and malicious software evolve. This distribution drift causes models...
Debt behind the AI Boom: A Large-Scale Empirical Study of AI-Generated Code in the Wild
AI coding assistants are now widely used in software development. Software developers increasingly integrate AI-generated code into their codebases to improve productivity. Prior studies have shown that AI-generated code may contain code quality issues under controlled settings. However, we still...
Syntx 安全漏洞
Syntx is an artificial intelligence-based data analysis and automated decision-making platform developed by Syntx Corporation. There is a security vulnerability in Syntx; this vulnerability stems from the command automatic approval module’s susceptibility to OS command injection, which may lead t...
EUVD-2026-17042
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation which is intended for trusted, user-authored comments is...