192027 matches found
PT-2026-42886
A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The attack can be...
AI-Driven Adaptive Adversaries and the Erosion of Cryptographic Trust in Public Key Systems
This paper examines the erosion of Public Key Cryptography PKC security under adaptive adversarial optimisation driven by artificial intelligence. The problem addressed is the growing mismatch between algorithm-centric cryptographic security models and operational attack realities, where...
CALIBURN: A Regime-Sensitivity Study of Operationally Calibrated Streaming Intrusion Detection
Streaming network intrusion detection systems must process flows continuously while keeping memory bounded, but most current methods leave alerting threshold selection as a post-hoc tuning problem poorly suited to production. Operators need alerting behaviour specifiable before deployment using...
Malicious code in chai-as-repaired (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 949b90bd3c157955d029f9ea08bc32aea893e452c4ded78df98b80c1b831be76 Package name 'chai-as-repaired' is a 1-edit typosquat of the popular 'chai-as-promised' chai plugin 1M weekly downloads. The published code is...
cve-researcher
cve-researcher AI-powered CVE research in your terminal —...
CVE-2026-42901
Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-40864
JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...
MAL-2026-4556 Malicious code in express-enrouten-async (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f944bc544f9368e58a223e76e462ddec4ba325c728a233100182706ad8f0ae0e Package name mimics the legitimate express-enrouten route-discovery library, but the shipped index.js only hardcodes two demo routes rather than...
Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to take over Java SE
Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2025-50106 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with netwo...
Inefficient Algorithmic Complexity
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in parse.go, when checking attributes iteratively. An attacker can cause excessive CPU consumption by...
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network VPN service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron, the disruption of First...
CVE-2026-42626
HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 JetDirect/RAW printing. An unauthenticated remote attacker on the same network can establish a persistent connection to port 9100 and send keep-alive packets, causing the printer's...
Malicious code in events-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5482b17f0abd8f4ae8fed4fa5c53ea035a15b252efec406ae65dfe3365a7412 [email protected] impersonates the events EventEmitter polyfill README and Travis badge copied verbatim from browserify/events and ships a...
MAL-2026-4555 Malicious code in events-router (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5482b17f0abd8f4ae8fed4fa5c53ea035a15b252efec406ae65dfe3365a7412 [email protected] impersonates the events EventEmitter polyfill README and Travis badge copied verbatim from browserify/events and ships a...
From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence
In this article 1. Attack chain overview 1. Initial access: Exploiting edge appliances 2. Discovery and reconnaissance 3. Lateral movement and identity compromise 2. Mitigation and protection guidance 1. Microsoft Defender XDR detections 2. Advanced hunting 3. Indicators of compromise IOC 4. MITR...
Malicious code in cdk-insights (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa41acb776dbedfe93c37899783a5e54b78017ac31576c798a27eae6b9e9ec89 The package contains code in dist/entry.js and dist/index.js that invokes npm publish programmatically combined with writeFileSync operations — the...