AnomalyMatch security vulnerability

AnomalyMatch is a semi-supervised image anomaly detection tool open source by the European Space Agency. Versions of AnomalyMatch prior to 1.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the use of torch.load to load model files without proper deserialization...

SECUREVENT: Hybrid AI/ML Security Monitoring for Distributed Event-Based Systems

Distributed event-based systems have become a common substrate for Internet-scale publish/subscribe services, IoT telemetry, cloud-native microservices, and security operations pipelines. Their loose coupling and asynchronous delivery improve scalability, but they also expand the attack surface:...

FALCON-C: Flow-Based Analysis and Labeling for Connected Vehicular Network Cybersecurity

Along with the recent rise in popularity of Electric Vehicles EVs, Electric Vehicle Supply Equipment EVSE has emerged as a new target for cyber attacks. Therefore, ensuring the security and integrity of network communication between EVSE components and vehicular clients is a significant challenge...

CVE-2026-6405

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

WordPress Anomify AI – Anomaly Detection and Alerting plugin <= 0.3.6 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Anomify AI – Anomaly Detection and Alerting versions = 0.3.6...

WordPress Anomify AI – Anomaly Detection and Alerting plugin <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Anomify AI – Anomaly Detection and Alerting versions = 0.3.6...

Advance_WAF_project_CS

WAFinity - Infinite Protection, Intelligent Detection WAFin...

Characterizing AI-Assisted Bot Traffic in Darknet Data: Implications for ICS and IIoT Security

The rise of automated scanning tools and AI assisted reconnaissance agents has significantly altered internet background traffic patterns, threatening the baseline assumptions underlying intrusion detection systems IDS deployed in critical infrastructure networks. This paper characterizes the...

When Prompts Become Payloads: A Framework for Mitigating SQL Injection Attacks in Large Language Model-Driven Applications

Natural language interfaces to structured databases are becoming increasingly common, largely due to advances in large language models LLMs that enable users to query data using conversational input rather than formal query languages such as SQL. While this paradigm significantly improves usabili...

AI Native Asset Intelligence

Modern security environments generate fragmented signals across cloud resources, identities, configurations, and third-party security tools. Although AI-native security assistants improve access to this data, they remain largely reactive: users must ask the right questions and interpret...

Evaluating Tabular Representation Learning for Network Intrusion Detection

Classic Network Intrusion Detection Systems NIDS often rely on manual feature engineering to extract meaningful patterns from network traffic data. However, this approach requires domain expertise and runs counter to the widely adopted principle of modern machine learning and neural networks: tha...

Exploit for Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox

🔐 PDFGuardian Pro - Advanced PDF.js Security Fortification Fra...

System-Aware Contextual Digital Twin for ICS Anomaly Diagnosis

Industrial Control Systems ICS integrate computing, physical processes, and communication to operate critical infrastructures such as power grids, water treatment plants, and oil and gas facilities. As ICS become increasingly targeted by cyberattacks, timely and reliable anomaly diagnosis is...

DP-FlogTinyLLM: Differentially Private Federated Log Anomaly Detection Using Tiny LLMs

Modern distributed systems generate massive volumes of log data that are critical for detecting anomalies and cyber threats. However, in real world settings, these logs are often distributed across multiple organizations and cannot be centralized due to privacy and security constraints. Existing...

API Security Based on Automatic OpenAPI Mapping

This paper presents Map Reduce Graph MRG, a novel unsupervised method for modeling and securing HTTP REST APIs. MRG learns API structure from real-world traffic without prior knowledge or labels, automatically generating OpenAPI-compliant documentation by reconstructing routes, methods, and...

Enhancing Anomaly-Based Intrusion Detection Systems with Process Mining

Anomaly-based Intrusion Detection Systems IDSs ensure protection against malicious attacks on networked systems. While deep learning-based IDSs achieve effective performance, their limited trustworthiness due to black-box architectures remains a critical constraint. Despite existing explainable...

CVE-2026-5598

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...

Security and Resilience in Autonomous Vehicles: A Proactive Design Approach

Autonomous vehicles AVs promise efficient, clean and cost-effective transportation systems, but their reliance on sensors, wireless communications, and decision-making systems makes them vulnerable to cyberattacks and physical threats. This chapter presents novel design techniques to strengthen t...

Security Bulletin: Vulnerabilities in urllib3, router, qs, cryptography, axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in urllib3, router, qs, cryptography, and axios. Vulnerabilities include allowing an attacker to cause cross-site scripting, input improper data, provide a public key point from a small order subgroup, an...

The threat hunter’s gambit

Welcome to this week's edition of the Threat Source newsletter. " Study hard what interests you the most in the most undisciplined, irreverent and original manner possible." ― Richard Feynman " I had discovered that learning something, no matter how complex, wasn't hard when I had a reason to wan...