Quality-Diversity Evolution for Discovering Diverse Vulnerabilities in LLM Safety

Current approaches to LLM adversarial testing suffer from coverage gaps: manual red-teaming does not scale, LLM-as-attacker methods exhibit mode collapse, and gradient-based approaches produce uninterpretable gibberish. We introduce a quality-diversity evolutionary framework that operates at the...

GHSA-GFP8-MP24-5VXG @hulumi/baseline: CloudTrail selector tampering events were not fully detected

Impact: @hulumi/baseline versions before 1.3.2 could miss some CloudTrail event-selector tampering evidence, reducing coverage for changes to audit logging configuration. Patched in 1.3.2: detection coverage and regression tests were expanded. Remediation: upgrade @hulumi/baseline to 1.3.2 or lat...

ISPB

🛡️ AI-powered Security Scanner Platform A next-generation...

Astra Linux - уязвимость в firefox, thunderbird

On 64-bit platforms, IonMonkey-JIT only writes 32 bits of the 64-bit return value space onto the stack. However, Baseline-JIT reads the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and...

Observability for Post-Quantum TLS Readiness: A Multi-Surface Evidence Framework

Post-quantum migration in Transport Layer Security TLS requires evidence-aware measurements that distinguish session negotiation, endpoint capability, certificate-chain evidence, and the provenance of missing observations. This distinction is essential under TLS 1.3 encryption, resumption, mutual...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copy-success — CVE-2026-31431 Compensating Control A defensiv...

OSV-2026-600 Heap-buffer-overflow in skcms_private::baseline::clut

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504261818 Crash type: Heap-buffer-overflow READ 8 Crash state: skcmsprivate::baseline::clut skcmsprivate::baseline::execstages skcmsprivate::baseline::runprogram...

Terminal Wrench: A Dataset of 331 Reward-Hackable Environments and 3,632 Exploit Trajectories

The authors of this paper release Terminal Wrench, a subset of 331 terminal-agent benchmark environments, copied from the popular open benchmarks that are demonstrably reward-hackable. The data set includes 3,632 hack trajectories and 2,352 legitimate baseline trajectories across three frontier...

DeepGuard Secure Code Generation

Large Language Models LLMs for code generation can replicate insecure patterns from their training data. To mitigate this, a common strategy for security hardening is to fine-tune models using supervision derived from the final transformer layer. However, this design may suffer from a final-layer...

Beyond Function-Level Analysis: Context-Aware Reasoning for Inter-Procedural Vulnerability Detection

Recent progress in ML and LLMs has improved vulnerability detection, and recent datasets have reduced label noise and unrelated code changes. However, most existing approaches still operate at the function level, where models are asked to predict whether a single function is vulnerable without...

I Can't Believe It's Not a Valid Exploit

Recently Large Language Models LLMs have been used in security vulnerability detection tasks including generating proof-of-concept PoC exploits. A PoC exploit is a program used to demonstrate how a vulnerability can be exploited. Several approaches suggest that supporting LLMs with additional...

QES-Backed Virtual FIDO2 Authenticators: Architectural Options for Secure, Synchronizable WebAuthn Credentials

FIDO2 and the WebAuthn standard offer phishing-resistant, public-key based authentication but traditionally rely on device-bound cryptographic keys that are not naturally portable across user devices. Recent passkey deployments address this limitation by enabling multi-device credentials...

📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read / Information Disclosure

This work presents a technical, research‑grade proof of concept demonstrating CVE‑2025‑64893, an out of bounds read vulnerability in Adobe DNG SDK versions prior to 1.7.1.2410. The vulnerability is caused by a logic flaw in the rendering pipeline where a crafted but specification‑compliant DNG fi...

Next level Kotlin support in Spring Boot 4

Following the announcement of the strategic partnership between JetBrains and Spring in May, I would like to share a global update on various Kotlin-related features and documentation enhancements we have made recently, with the goal of making Spring Boot 4 the best framework to develop backend...

A First Look at Common RPKI Publication Practices

The RPKI is crucial for securing the routing system of the Internet. With the RPKI, owners of Internet resources can make cryptographically backed claims, for example about the legitimate origin of their IP space. Thousands of networks use this information to detect malicious or accidental route...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0), androidx.baselineprofile.apptarget:androidx.baselineprofile.apptarget.gradle.plugin (>=1.2.0-alpha12 <=1.2.0-alpha14) +2655 more potentially affected by CVE-2024-29371 via org.bitbucket.b_c:jose4j (>=0.4.1 <=0.9.5)

org.bitbucket.bc:jose4j MAVEN version =0.4.1, =4.4.0.0, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha07, =1.2.0-alpha12, =1.2.0-alpha07, =2.6.0, =2.6.0, =2.6.0, =1.0.0-alpha01, =1.0.0-alpha01,...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0), androidx.baselineprofile.apptarget:androidx.baselineprofile.apptarget.gradle.plugin (>=1.2.0-alpha12 <=1.2.0-alpha14) +2655 more potentially affected by CVE-2024-29371 via org.bitbucket.b_c:jose4j (>=0.4.1 <=0.9.5)

org.bitbucket.bc:jose4j MAVEN version =0.4.1, =4.4.0.0, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha07, =1.2.0-alpha12, =1.2.0-alpha07, =2.6.0, =2.6.0, =2.6.0, =1.0.0-alpha01, =1.0.0-alpha01,...

SeBERTis: A Framework for Producing Classifiers of Security-Related Issue Reports

Monitoring issue tracker submissions is a crucial software maintenance activity. A key goal is the prioritization of high risk, security-related bugs. If such bugs can be recognized early, the risk of propagation to dependent products and endangerment of stakeholder benefits can be mitigated. To...

Cybersecurity Performance Goals 2.0 for Critical Infrastructure

Today, CISA released updated Cross-Sector Cybersecurity Performance Goals CPG 2.0 with measurable actions for critical infrastructure owners and operators to achieve a foundational level of cybersecurity. This update incorporates lessons learned, aligns with the most recent National Institute of...

📄 Django 5.1.13 SQL Injection

Django version 5.1.13 remote SQL injection vulnerability scanning script. ============================================================================================================================================= | Title : Django 5.1.13 SQL Injection Scanner | | Author : indoushka | | Tested o...