8 matches found
MUZZLE: Adaptive Agentic Red-Teaming of Web Agents against Indirect Prompt Injection Attacks
Large language model LLM based web agents are increasingly deployed to automate complex online tasks by directly interacting with web sites and performing actions on users' behalf. While these agents offer powerful capabilities, their design exposes them to indirect prompt injection attacks...
Proving DNSSEC Correctness: A Formal Approach to Secure Domain Name Resolution
The Domain Name System Security Extensions DNSSEC are critical for preventing DNS spoofing, yet its specifications contain ambiguities and vulnerabilities that elude traditional "break-and-fix" approaches. A holistic, foundational security analysis of the protocol has thus remained an open proble...
The vulnerability of the PT Network Attack Discovery (PT NAD) traffic analysis system arises from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands on behalf of the superuser.
The vulnerability of the PT Network Attack Discovery PT NAD traffic analysis system exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on behalf of the superuser...
BIT-JAEGER-2020-10750
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials...
Trusting Locations Bites Us Yet Again
Recently, Microsoft announced the discovery of yet another attack being launched by the now infamous Nobelium group, which has been responsible for numerous successful attacks, including the widespread SolarWinds breach in 2020...
Internet Explorer zero-day exploit used watering hole attacks to target Japanese users
Attackers exploiting a zero-day vulnerability CVE-2013-3893 in Microsoft's Internet Explorer browser and served them on compromised popular Japanese news websites. According to FireEye, at least three major Japanese media websites were compromised in watering hole attacks, dubbed Operation...
Ubuntu USN-796-1 (pidgin)
The remote host is missing an update to pidgin announced via advisory USN-796-1. OpenVAS Vulnerability Test $Id: ubuntu7961.nasl 8616 2018-02-01 08:24:13Z cfischer $ $Id: ubuntu7961.nasl 8616 2018-02-01 08:24:13Z cfischer $ Description: Auto-generated from advisory USN-796-1 pidgin Authors: Thoma...
Secure Science Corporation Application Software Advisory 055
Secure Science Corporation Advisory ASA-055 http://www.securescience.net [email protected] 877-570-0455 --------------------------------------------------------- PHPROJEKT 4.2 Chatroom is vulnerable to Cross-Site Scripting XSS attacks allowing a "broadcast" attack to users in the...