Optimal Transport-Guided Adversarial Attacks on Graph Neural Network-Based Bot Detection

The rise of bot accounts on social media poses significant risks to public discourse. To address this threat, modern bot detectors increasingly rely on Graph Neural Networks GNNs. However, the effectiveness of these GNN-based detectors in real-world settings remains poorly understood. In practice...

From Similarity to Vulnerability: Key Collision Attack on LLM Semantic Caching

Semantic caching has emerged as a pivotal technique for scaling LLM applications, widely adopted by major providers including AWS and Microsoft. By utilizing semantic embedding vectors as cache keys, this mechanism effectively minimizes latency and redundant computation for semantically similar...

GOautodial cross-site scripting vulnerability

GOautodial is an open-source next-generation omnichannel contact center suite developed by GOautodial. Version 4.0 of GOautodial contains a cross-site scripting vulnerability. This vulnerability arises because authenticated proxies can inject malicious scripts through message subjects, potentiall...

Unspecified Vulnerability in HCL AION (CNVD-2026-16407)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that can be exploited by attackers to weaken the overall security of the application and increase the risk of common web attacks...

Beyond the Finite Variant Property: Extending Symbolic Diffie-Hellman Group Models (Extended Version)

Diffie-Hellman groups are commonly used in cryptographic protocols. While most state-of-the-art, symbolic protocol verifiers support them to some degree, they do not support all mathematical operations possible in these groups. In particular, they lack support for exponent addition, as these tool...

Stealthy Poisoning Attacks Bypass Defenses in Regression Settings

Regression models are widely used in industrial processes, engineering and in natural and physical sciences, yet their robustness to poisoning has received less attention. When it has, studies often assume unrealistic threat models and are thus less useful in practice. In this paper, we propose a...

HCL AION Information Disclosure Vulnerability (CNVD-2026-16409)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability that can be exploited by an attacker to expose sensitive technical details, leading to information disclosure or assisting in further attacks...

SmarterTools SmarterMail security vulnerability

SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Previous versions of SmarterTools SmarterMail, including version 9518,...

CVE-2025-69517

An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...

Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities

Summary There are multiple vulnerabilities in IBM® WebSphere Liberty ,Version 8.5.5.8 used by IBM Tivoli Application Dependency Discovery Manager TADDM Vulnerability Details CVEID:CVE-2019-9515 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Settings Flood attack...

Oneflow security vulnerabilities

OneFlow is an open-source deep learning framework developed by OneFlow. Version 0.9.0 of OneFlow contains a security vulnerability. This vulnerability stems from a problem with the flow.floordivide component, which allows zero-division attacks, potentially leading to denial-of-service attacks usi...

WordPress Plugin Document Embedder has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

ShinyHunters Target 100+ Firms Using Phone Calls to Bypass SSO Security

ShinyHunters is driving attacks on 100+ organisations, using vishing and fake login pages with allied groups to bypass SSO and steal company data, reports Silent Push...

PT-2026-4917

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7 Description The IP Restriction Middleware in Hono does not properly validate IPv4 addresses, allowing attackers to bypass IP-based access controls. The IPV4 REGEX pattern and convertIPv4ToBinary function in...

Hitachi Energy FOX61x

SUMMARY Hitachi Energy is aware of a vulnerability that affects FOX61x product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to...

Winning Against AI-Based Attacks Requires a Combined Defensive Approach

If there's a constant in cybersecurity, it's that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google's Threat Intelligence Group, recently reported on adversaries using Large Language Models LLMs to both conceal...

Tenda W30E security vulnerabilities

The Tenda W30E is a router produced by the Chinese company Tenda. Versions of the Tenda W30E such as V2 and V16.01.0.195037 have security vulnerabilities. These vulnerabilities stem from the lack of rate limiting or account locking mechanisms in the authentication endpoints, which may lead to...

Beetel 777VR1 Access Control Vulnerability

Beetel 777VR1 is a router produced by the Beetel company. Versions of Beetel 777VR1 prior to 01.00.09/01.00.0955 contain a vulnerability related to access control. This vulnerability stems from improper access control in the UART interface, which could lead to physical device attacks...

CVE-2025-4319

Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue affects Sufirmam: through 23012026. NOTE: The...

Imagination Graphics DDK security vulnerability

Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK, which stems from the reuse of memory allocated by the GPU shader compiler library after it has been released. This vulnerability could...