SkillGuard: A Permission Framework for Agent Skills

Agent skills extend LLM agents with reusable instructions, scripts, tool bindings, and contextual dependencies. However, current skill ecosystems largely rely on trust-based loading and static inspection, leaving a gap between what a skill can inject into an agent's context and what it can cause...

The End of Trust: How Agentic AI Breaks Security Assumptions

For decades, the security of digital interaction has rested on an unacknowledged economic constraint. Attackers faced a tradeoff between the fidelity of a deception and the scale at which it could be deployed. Convincing impersonation required sustained human effort and was confined to a narrow s...

Astra Linux - уязвимость в linux, linux-5.10

A flaw was discovered in the Linux kernel’s implementation of Pressure Stall Information. Although this feature is disabled by default, it could allow an attacker to crash the system or cause other memory-corruption side effects...

PT-2026-37186

Name of the Vulnerable Software and Affected Versions Heimdall versions prior to 0.17.14 Description Heimdall handles URL-encoded slashes %2F in a case-sensitive manner, whereas percent-encoding is defined as case-insensitive. When the allow encoded slashes variable is set to off the default...

CVE-2026-6043 Insecure Default Configuration in P4 Server

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

CVE-2026-6043 Insecure Default Configuration in P4 Server

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

EUVD-2026-25415

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the...

CVE-2026-33260

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

llm-security-lab

LLM Security Lab Laboratoire de sécurité pour application...

CVE-2026-33260

CVE-2026-33260 describes an input-validation flaw in the internal web server that can cause unlimited memory allocation when processing a web request, resulting in denial of service. The issue is documented across multiple feeds (NVD, ENISA EUVD, Debian OSV, CIRCL, etc.), all noting that the inte...

CVE-2026-33257 Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

CVE-2026-33257

The CVE-2026-33257 issue enables an attacker to send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. In the provided documents, no concrete product/vendor/version, root cause details ...

CVE-2026-33257

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

PT-2026-34320

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

Enclawed: A Configurable, Sector-Neutral Hardening Framework for Single-User AI Assistant Gateways

We present enclawed, a hard-fork hardening framework built on top of the OpenClaw single-user personal artificial intelligence AI assistant gateway. enclawed targets deployments that need attestable peer trust, deny-by-default external connectivity, signed-module loading, and a tamper-evident aud...

PT-2026-31861

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name SAN extension of X.509 certificates. A malformed certificate can specify an entry length larger than the...

12 Best Practices for Securing AWS Cloud in 2026

Key Takeaways Securing AWS cloud in 2026 depends on continuous, risk-based governance rather than isolated tools or one-time checks. Most cloud security incidents stem from customer-side issues such as identity misuse, misconfigurations, and exposed workloads. Effective security for AWS cloud...

PT-2026-29528

A non-default configuration in Sage DPW 2025 06 004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW...

CVE-2026-33469

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through /api/config/raw. This exposes sensitive values that are intentionally redacted from /api/config,...

CVE-2026-32720

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the...