Alignment Contracts for Agentic Security Systems

Agentic security systems increasingly combine LLM planners with tools that can discover, validate, and report vulnerabilities. This creates an asymmetric control problem: the system should retain strong offensive capability inside an authorized engagement, while the same capabilities must be deni...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the amendment acceptance flow. An attacker can gain unauthorized coauthorship and modify proposal outcomes by submitting amendment accept or reject actions without proper authorization checks. Workaround This...

PT-2026-26393

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.2 Description OpenClaw contains a denial of service issue in webhook handlers for BlueBubbles and Google Chat. These handlers parse request bodies before authentication and signature validation. Unauthenticate...

EUVD-2026-8905

@actual-app/sync-server: Missing authorization in sync endpoints allows cross-user budget file access in multi-user mode...

GHSA-H89V-J3X9-8WQJ OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)

Summary Archive extraction lacked strict resource budgets, allowing high-expansion ZIP/TAR archives to consume excessive CPU/memory/disk during install/update flows. Affected Packages / Versions - openclaw npm: = 2026.2.13 - clawdbot npm: = 2026.1.24-3 Details Affected component:...

OpenClaw affected by denial of service through unguarded archive extraction allowing high expansion/resource abuse (ZIP/TAR)

Summary Archive extraction lacked strict resource budgets, allowing high-expansion ZIP/TAR archives to consume excessive CPU/memory/disk during install/update flows. Affected Packages / Versions - openclaw npm: = 2026.2.13 - clawdbot npm: = 2026.1.24-3 Details Affected component:...

Deep Learning for Contextualized NetFlow-Based Network Intrusion Detection: Methods, Data, Evaluation and Deployment

Network Intrusion Detection Systems NIDS have progressively shifted from signature-based techniques toward machine learning and, more recently, deep learning methods. Meanwhile, the widespread adoption of encryption has reduced payload visibility, weakening inspection pipelines that depend on...

A Critical Analysis of the Medibank Health Data Breach and Differential Privacy Solutions

This paper critically examines the 2022 Medibank health insurance data breach, which exposed sensitive medical records of 9.7 million individuals due to unencrypted storage, centralized access, and the absence of privacy-preserving analytics. To address these vulnerabilities, we propose an...

Optimal Client Sampling in Federated Learning with Client-Level Heterogeneous Differential Privacy

Federated Learning with client-level differential privacy DP provides a promising framework for collaboratively training models while rigorously protecting clients' privacy. However, classic approaches like DP-FedAvg struggle when clients have heterogeneous privacy requirements, as they must...

Can Differentially Private Fine-Tuning LLMs Protect against Privacy Attacks?

Fine-tuning large language models LLMs has become an essential strategy for adapting them to specialized tasks; however, this process introduces significant privacy challenges, as sensitive training data may be inadvertently memorized and exposed. Although differential privacy DP offers strong...

Bipartite Randomized Response Mechanism for Local Differential Privacy

With the increasing importance of data privacy, Local Differential Privacy LDP has recently become a strong measure of privacy for protecting each user's privacy from data analysts without relying on a trusted third party. In many cases, both data providers and data analysts hope to maximize the...

The Efficiency Imperative: How Federal Agencies Can Streamline Cybersecurity Operations

With increasing scrutiny on government spending, federal agencies face mounting pressure to optimize IT budgets while fortifying cybersecurity defenses. However, the unchecked proliferation of security tools has led to inefficiencies, reduced visibility, and increasing total cost of ownership. A...

Year in Review: The biggest trends in ransomware

This week, our Year in Review spotlight is on ransomware --where low-profile tactics led to high-impact consequences. Ransomware operators often prioritized stealth over complexity for initial access. They also focused on slipping past defenses with minimal noise--uninstalling security tools,...

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the 1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. Source: Verizon. Cybersecurity budgets grew again in 2024, with organizations now spending...

BIT-OPENPROJECT-2021-43830

OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...

Known ransomware attacks up 68% in 2023

Today, Malwarebytes released its 2024 State of Malware report, detailing six cyberthreats that resource-constrained IT teams should pay attention to in 2024. Top of the list is "Big Game" ransomware, the most serious cyberthreat to businesses all around the world. Big game attacks extort vast...

PT-2023-31801 · Unknown · Sandbox Accounts For Events

Name of the Vulnerable Software and Affected Versions: Sandbox Accounts for Events versions prior to 1.10.0 Description: The issue allows authenticated users to potentially read data from the events table by sending request payloads to the "events API", collecting information on planned events,...

Confidence in File Upload Security is Alarmingly Low. Why?

Numerous industries—including technology, financial services, energy, healthcare, and government—are rushing to incorporate cloud-based and containerized web applications. The benefits are undeniable; however, this shift presents new security challenges. OPSWAT's 2023 Web Application Security...

Five ways to bolster security as cloud environments and budgets come under attack

Security experts share their insights for securing cloud environments as the pace and scale of threats accelerates...

2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks

In 2022 alone, global cyberattacks increased by 38%, resulting in substantial business loss, including financial and reputational damage. Meanwhile, corporate security budgets have risen significantly because of the growing sophistication of attacks and the number of cybersecurity solutions...