FreeMOCA: Memory-Free Continual Learning for Malicious Code Analysis

As over 200 million new malware samples are identified each year, antivirus systems must continuously adapt to the evolving threat landscape. However, retraining solely on new samples leads to catastrophic forgetting and exploitable blind spots, while retraining on the entire dataset incurs...

PT-2026-40425

Name of the Vulnerable Software and Affected Versions dalfox affected versions not specified Description A structural ordering error in the ParameterAnalysis function within pkg/scanning/parameterAnalysis.go allows an unauthenticated remote attacker to crash the dalfox server process. The issue...

Joern 4.0.537

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

Convolutional-Neural-Networks for Deanonymisation of I2P Traffic

This study investigates the potential for deanonymizing services within the Invisible Internet Project I2P network through passive traffic analysis and machine learning techniques. The primary objective is to identify distinctive patterns in I2P traffic despite the encryption of its payload. To...

DEBIAN-CVE-2026-42859

Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach the VNC listening socket can send a crafted security type 5 RSA-AES or security type 129 RSA-AES-25...

Malicious code in cplace-bmw-emt-mvp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b6d2d57176a41f11e925988396ad8549efc86508c1cc13a7130871f48c15b33 The package cplace-bmw-emt-mvp was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3507 Malicious code in @mimecast-ui/components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e59a7d55636b02d0a28954889c22f021de5b4f33c525ce7712706df60cd9af3 The package @mimecast-ui/components was found to contain malicious code. Source: ossf-package-analysis...

strix-advanced

⚡ Strix-Advanced AI-Powered Security Testing Platform An...

Guaranteed Jailbreaking Defense Via Disrupt-And-Rectify Smoothing

This paper proposes a guaranteed defense method for large language models LLMs to safeguard against jailbreaking attacks. Drawing inspiration from the denoised-smoothing approach in the adversarial defense domain, we propose a novel smoothing-based defense method, termed Disrupt-and-Rectify...

Agentic Fuzzing: Opportunities and Challenges

Fuzzers and static analyzers find many bugs but struggle with logic bugs in mature codebases. Triggering such a bug often requires multi-step reasoning that produces no distinctive execution feedback, and variants can appear across implementations too different for a single pattern to match. Rece...

Can a Single Message Paralyze the AI Infrastructure? the Rise of AbO-DDoS Attacks through Targeted Mobius Injection

Large Language Model LLM agents have emerged as key intermediaries, orchestrating complex interactions between human users and a wide range of digital services and LLM infrastructures. While prior research has extensively examined the security of LLMs and agents in isolation, the systemic risk of...

A Systematic Security Testing Approach for InterUSS-Based Environments

Unmanned Traffic Management UTM federated ecosystems, such as InterUSS, enable secure coordination among UAS Service Suppliers USSs. However, they bring up some security challenges at the infrastructure level that haven't been fully explored. This paper presents a security testing approach for...

Comment and Control: Hijacking Agentic Workflows Via Context-Grounded Evolution

Automation platforms such as GitHub Actions and n8n are increasingly adopting so-called agentic workflows, which integrate Large Language Model LLM agents for tasks such as code review and data synchronization. While bringing convenience for developers, this integration exposes a new risk: An...

PT-2026-39742

CVE-2026-20352 iOS 26.3-Research A Public Open-Source research framework with .py and .sh files created for analyzing iOS 26.3 security mechanisms. This project is designed to be advanced through the collective in... https://t.co/5O6AR6f6H7...

MAL-2026-3509 Malicious code in pp-react-v5 (npm)

pp-react-v5 is a dependency confusion package published at the inflated version 10.0.0 to win npm resolution over any internally-hosted package of the same name. The package contains only a package.json with no functional source code. On installation the preinstall script executes a wget command...

MAL-2026-3420 Malicious code in noon-contracts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5e2a4c1ac3896b7769b47ab6659bf7b0d49f229963c910d0c9b9be11c5291c12 The package noon-contracts was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3412 Malicious code in post-purchase-bundler (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a33aa69ef958573a786f3db208d8ee335829e14009d1fdafecbc842ed493b8b The package post-purchase-bundler was found to contain malicious code. Source: ossf-package-analysis...

pocxgen-agent

PoCXGen Agent An LLM-orchestrated multi-agent pipeline for au...

Malicious code in @miurba/alcazaba (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36c814274998998c89db63740c3d1032c8da3d6f6f9e44e100328c83e4ea29a0 The package @miurba/alcazaba was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3410 Malicious code in @miurba/alcazaba (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36c814274998998c89db63740c3d1032c8da3d6f6f9e44e100328c83e4ea29a0 The package @miurba/alcazaba was found to contain malicious code. Source: ossf-package-analysis...