PT-2026-44362

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in s ctrl Three control cases AUTOGAIN, EXPOSURE AUTO, ANALOGUE GAIN directly return without calling pm runtime put, causing runtime PM reference count leaks. Change these cases fr...

Backchaining Loss of Control Mitigations from Mission-Specific Benchmarks in National Security

Affordances and permissions are promising and timely safety levers for mitigating Loss of Control LoC threats in high-stakes deployment contexts, such as national security. Deployers in defense and intelligence could rely on several approaches to identify which affordances and permissions should ...

CVE-2026-42555

Valtimo is an open-source business process automation platform. com.ritense.valtimo:document from 12.0.0 to before 12.32.0, com.ritense.valtimo:case from 13.0.0 to before 13.23.0, and com.ritense.valtimo:contract from 13.4.0 to before 13.23.0 evaluate Spring Expression Language SpEL expressions...

Red-Teaming Agent Execution Contexts: Open-World Security Evaluation on OpenClaw

Agentic language-model systems increasingly rely on mutable execution contexts, including files, memory, tools, skills, and auxiliary artifacts, creating security risks beyond explicit user prompts. This paper presents DeepTrap, an automated framework for discovering contextual vulnerabilities in...

EUVD-2026-29484

CWE-1188 Initialization of a Resource with an Insecure Default vulnerability exists that could cause unauthorized disclosure of sensitive information when credentials revert to initial settings in rare circumstances, enabling unauthorized authentication using known credentials...

SkillSafetyBench: Evaluating Agent Safety under Skill-Facing Attack Surfaces

Reusable skills are becoming a common interface for extending large language model agents, packaging procedural guidance with access to files, tools, memory, and execution environments. However, this modularity introduces attack surfaces that are largely missed by existing safety evaluations: eve...

LITMUS: Benchmarking Behavioral Jailbreaks of LLM Agents in Real OS Environments

The rapid proliferation of LLM-based autonomous agents in real operating system environments introduces a new category of safety risk beyond content safety: behavior jailbreak, where an adversary induces an agent to execute dangerous OS-level operations with irreversible consequences. Existing...

justhtml has sanitization bypass in custom policies and programmatic DOM

Summary justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected advanced or custom configurations rather than the default safe path. Affected versions - justhtml , MathML , SVG / , and MathML text integration poin...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012999)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012999 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfsencodefh The function btrfsencodefh does not properl...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011139)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011139 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfsencodefh The function btrfsencodefh does not properl...

Why Most AI Deployments Stall After the Demo

The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don't fail because of bad technology. They stall...

justhtml includes multiple security fixes

Summary justhtml 1.15.0 includes multiple security fixes affecting URL sanitization helpers, HTML serialization, Markdown passthrough, and several custom sanitization-policy edge cases. These issues have different impact levels and do not all affect the default configuration in the same way...

ACIArena: Toward Unified Evaluation for Agent Cascading Injection

Collaboration and information sharing empower Multi-Agent Systems MAS but also introduce a critical security risk known as Agent Cascading Injection ACI. In such attacks, a compromised agent exploits inter-agent trust to propagate malicious instructions, causing cascading failures across the...

Improper Authentication

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Authentication in processOCSPRequest, which is part of the the CLIENTCERT authentication process. In some "edge cases", an attacker can trigger a...

A Systematic Security Evaluation of OpenClaw and Its Variants

Tool-augmented AI agents substantially extend the practical capabilities of large language models, but they also introduce security risks that cannot be identified through model-only evaluation. In this paper, we present a systematic security assessment of six representative OpenClaw-series agent...

EUVD-2026-17478

An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances...

CVE-2026-22569

An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances...

CVE-2026-22569 Incorrect startup configuration in ZCC

An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances...

Towards Leveraging LLMs to Generate Abstract Penetration Test Cases from Software Architecture

Software architecture models capture early design decisions that strongly influence system quality attributes, including security. However, architecture-level security assessment and feedback are often absent in practice, allowing security weaknesses to propagate into later phases of the software...

Wa3r-OffSec-Kit

Waer's Cybersecurity Knowledge Base 50+ documents · 2...