PT-2026-44367

Name of the Vulnerable Software and Affected Versions Apache Artemis versions 2.50.0 through 2.53.0 Apache ActiveMQ Artemis versions 2.0.0 through 2.44.0 Description An issue exists where an application using the STOMP Simple Text Oriented Messaging Protocol protocol can augment the routing-type ...

MemRepair: Hierarchical Memory for Agentic Repository-Level Vulnerability Repair

Modern software ecosystems face a rapidly growing number of disclosed vulnerabilities, increasing the need for automated repair techniques that can operate reliably at repository scale. Although Large Language Model LLM-based agents have recently shown promise for automated vulnerability repair...

imgaug 安全漏洞

imgaug is a image enhancement tool library developed by Alexander Jung, used for data augmentation in machine learning. Imgaug versions 0.4.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the BackgroundAugmenter class using the Python pickle module for...

AI-Driven Security Alert Screening and Alert Fatigue Mitigation in Security Operations Centers: A Comprehensive Survey

Security alert screening is the downstream task of filtering, prioritizing, correlating, and contextualizing alerts for analyst attention in Security Operations Centers. This survey reviews artificial-intelligence-driven alert screening and alert-fatigue mitigation from 2015 to 2026. We synthesiz...

A-THENA: Early Intrusion Detection for IoT with Time-Aware Hybrid Encoding and Network-Specific Augmentation

The proliferation of Internet of Things IoT devices has significantly expanded attack surfaces, making IoT ecosystems particularly susceptible to sophisticated cyber threats. To address this challenge, this work introduces A-THENA, a lightweight early intrusion detection system EIDS that...

PT-2026-30859

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...

GMA-SAWGAN-GP: A Novel Data Generative Framework to Enhance IDS Detection Performance

Intrusion Detection System IDS is often calibrated to known attacks and generalizes poorly to unknown threats. This paper proposes GMA-SAWGAN-GP, a novel generative augmentation framework built on a Self-Attention-enhanced Wasserstein GAN with Gradient Penalty WGAN-GP. The generator employs...

Red-MIRROR: Agentic LLM-Based Autonomous Penetration Testing with Reflective Verification and Knowledge-Augmented Interaction

Web applications remain the dominant attack surface in cybersecurity, where vulnerabilities such as SQL injection, XSS, and business logic flaws continue to cause significant data breaches. While penetration testing is effective for identifying these weaknesses, traditional manual approaches are...

SafeClaw-R: Towards Safe and Secure Multi-Agent Personal Assistants

LLM-based multi-agent systems MASs are transforming personal productivity by autonomously executing complex, cross-platform tasks. Frameworks such as OpenClaw demonstrate the potential of locally deployed agents integrated with personal data and services, but this autonomy introduces significant...

A Novel Solution for Zero-Day Attack Detection in IDS Using Self-Attention and Jensen-Shannon Divergence in WGAN-GP

The increasing sophistication of cyber threats, especially zero-day attacks, poses a significant challenge to cybersecurity. Zero-day attacks exploit unknown vulnerabilities, making them difficult to detect and defend against. Existing approaches patch flaws and deploy an Intrusion Detection Syst...

RedSage: A Cybersecurity Generalist LLM

Cybersecurity operations demand assistant LLMs that support diverse workflows without exposing sensitive data. Existing solutions either rely on proprietary APIs with privacy risks or on open models lacking domain adaptation. To bridge this gap, we curate 11.8B tokens of cybersecurity-focused...

Explainable AI Agents: Capture LLM Tool Call Reasoning with Spring AI

When building AI agents with tool calling capabilities, developers often need insights into why an LLM chose a particular tool—not just which tool it selected. Understanding the model's reasoning process is important for debugging, observability, and building trustworthy AI systems. Spring AI now...

Development Team Augmentation: A Strategic Approach for High-Performance Teams

Scale software teams fast with development team augmentation. Learn when it works best, key models, common mistakes, and how to choose the right partner...

Quantum-Augmented AI/ML for O-RAN: Hierarchical Threat Detection with Synergistic Intelligence and Interpretability (Technical Report)

Open Radio Access Networks O-RAN enhance modularity and telemetry granularity but also widen the cybersecurity attack surface across disaggregated control, user and management planes. We propose a hierarchical defense framework with three coordinated layers-anomaly detection, intrusion...

LLM-Based Vulnerable Code Augmentation: Generate or Refactor?

Vulnerability code-bases often suffer from severe imbalance, limiting the effectiveness of Deep Learning-based vulnerability classifiers. Data Augmentation could help solve this by mitigating the scarcity of under-represented CWEs. In this context, we investigate LLM-based augmentation for...

Beyond Detection: A Comprehensive Benchmark and Study on Representation Learning for Fine-Grained Webshell Family Classification

Malicious WebShells pose a significant and evolving threat by compromising critical digital infrastructures and endangering public services in sectors such as healthcare and finance. While the research community has made significant progress in WebShell detection i.e., distinguishing malicious...

SD-CGAN: Conditional Sinkhorn Divergence GAN for DDoS Anomaly Detection in IoT Networks

The increasing complexity of IoT edge networks presents significant challenges for anomaly detection, particularly in identifying sophisticated Denial-of-Service DoS attacks and zero-day exploits under highly dynamic and imbalanced traffic conditions. This paper proposes SD-CGAN, a Conditional...

From LLMs to Agents: A Comparative Evaluation of LLMs and LLM-Based Agents in Security Patch Detection

The widespread adoption of open-source software OSS has accelerated software innovation but also increased security risks due to the rapid propagation of vulnerabilities and silent patch releases. In recent years, large language models LLMs and LLM-based agents have demonstrated remarkable...

Black-Box Guardrail Reverse-Engineering Attack

Large language models LLMs increasingly employ guardrails to enforce ethical, legal, and application-specific constraints on their outputs. While effective at mitigating harmful responses, these guardrails introduce a new class of vulnerabilities by exposing observable decision patterns. In this...

Cyberattack Detection in Critical Infrastructure and Supply Chains

Cyberattack detection in Critical Infrastructure and Supply Chains has become challenging in Industry 4.0. Intrusion Detection Systems IDS are deployed to counter the cyberattacks. However, an IDS effectively detects attacks based on the known signatures and patterns, Zero-day attacks go...