Redefining Enterprise Defense in the Era of AI-Led Cyberattacks

More cybercriminals are turning to using autonomous AI tools to upgrade their attacks, as exemplified by the recent utilization of Anthropic’s Claude Code, prompting an urgent need for enterprises to adopt agentic AI-driven security platforms and proactive defenses to counter AI-related threats...

NegBLEURT Forest: Leveraging Inconsistencies for Detecting Jailbreak Attacks

Jailbreak attacks designed to bypass safety mechanisms pose a serious threat by prompting LLMs to generate harmful or inappropriate content, despite alignment with ethical guidelines. Crafting universal filtering rules remains difficult due to their inherent dependence on specific contexts. To...

SoK: Security Evaluation of Wi-Fi CSI Biometrics: Attacks, Metrics, and Systemic Weaknesses

Wi-Fi Channel State Information CSI has been repeatedly proposed as a biometric modality, often with reports of high accuracy and operational feasibility. However, the field lacks a consolidated understanding of its security properties, adversarial resilience, and methodological consistency. This...

Mozilla Firefox and Firefox ESR Spoofing Vulnerability (CNVD-2025-28714)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A spoofing vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to conduct spoofing attacks...

Malicious code in lint-loop-playwright-publish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a242525b6943fcf77698c5a6cc5a7f8ac4ce45fb053ebad712afff73b5e0a81 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in iota-bash-bundle-delta-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f5937b4ff7dc4e858440a4d4659b214c5e00b7067034ed3aa76192d44a402eb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-150370

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

How Worrying Are Privacy Attacks against Machine Learning?

In several jurisdictions, the regulatory framework on the release and sharing of personal data is being extended to machine learning ML. The implicit assumption is that disclosing a trained ML model entails a privacy risk for any personal data used in training comparable to directly releasing tho...

Phantom Menace: Exploring and Enhancing the Robustness of VLA Models against Physical Sensor Attacks

Vision-Language-Action VLA models revolutionize robotic systems by enabling end-to-end perception-to-action pipelines that integrate multiple sensory modalities, such as visual signals processed by cameras and auditory signals captured by microphones. This multi-modality integration allows VLA...

Siemens SIMATIC S7-1500 Improper Restriction of XML External Entity Reference (CVE-2016-9318)

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity XXE attacks via a crafte...

Sonarr 安全漏洞

Sonarr is a software from Sonarr that helps find, download and organize TV shows. A security vulnerability exists in Sonarr version 4.0.15.2940 that stems from improperly set default permissions and could lead to a local environment attack...

MAL-2025-183003 Malicious code in itale-dci-rfrttr (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3a0647df2f9cb098e344f97eeda7f412f9a22a5678e0f46cd36c7ff164312da This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in sonic-kots-jaufajab (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a2e915719a8df4400def253efcfc08f058bfd1ac9093b10cf7f589e389001068 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in flights-lutg-odli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4f0d885e2deaea4d84ac5a093806a77d24b206975b1c1e90b36a42f5f3e19895 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in masv-ilimo-civufaa (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d4662fe9d06fcd84b06fa641c844cb59864d1936e8c7e5c93a0f31a80a85c68 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-40204

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

UBUNTU-CVE-2025-40204

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

CVE-2025-40204

Based on the provided Connected documents, CVE-2025-40204 affects the Linux kernel (SCTP) and is fixed by making MAC comparisons constant-time to prevent timing attacks. The SUSE-related Nessus advisories (SUSE-SU-2026:0274-1, SUSE-SU-2026:0284-1, SUSE-SU-2026:0262-1, SUSE-SU-2026:0270-1, etc.) l...

CVE-2025-40204 sctp: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

Malicious code in baso95 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40fa99661cef77900a53cec9544cd3cd99c9a978c60aecc45cec814557169065 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...