PT-2026-36667

CVE-2026-30412 SentinelCloud, AI-Driven Autonomous DevOps Engineer One closed loop. Five agents. Seven scenarios. Zero hallucinated kubectl. Live demo https://t.co/ocEWNzLf9Z...

Jailbreaking the Matrix: Nullspace Steering for Controlled Model Subversion

Large language models remain vulnerable to jailbreak attacks -- inputs designed to bypass safety mechanisms and elicit harmful responses -- despite advances in alignment and instruction tuning. We propose Head-Masked Nullspace Steering HMNS, a circuit-level intervention that i identifies attentio...

The Rise of Managed Risk Operations: How the New Qualys mROC Portal Helps Partners Scale the Risk Operations Center

Key Takeaways The mROC Portal acts as a portfolio-wide command center, giving partners unified visibility into high-risk customer environments, active threats, and critical exposures to drive prioritized, portfolio-wide risk management. Partners can filter risk, drill into any customer, and take...

Meet Agent Val: Closing the Validation Gap in Exposure Management at Machine Speed with Agentic AI

Executive Summary The primary challenge in vulnerability management is proving what is actually exploitable. Many vulnerabilities are not exploited, but still drain resources. Traditional tools often fail to validate real risks. Agent Val, within Qualys Enterprise TruRisk Management, delivers thi...

Agent Grant: From Identity Signals to Measurable Risk Reduction

Executive Summary Identity is now the 1 attack surface. Agent Grant in Qualys ETM Identity uses agentic AI to measure and reduce identity risk across AD, Entra, Okta & other cloud IdPs/IDaaS. It operationalizes identity risk by turning messy Active Directory & identity-risk signals into validated...

A Demonstration of Self-Adaptive Jamming Attack Detection in AI/ML Integrated O-RAN

The open radio access network O-RAN enables modular, intelligent, and programmable 5G network architectures through the adoption of software-defined networking, network function virtualization, and implementation of standardized open interfaces. However, one of the security concerns for O-RAN,...

SoK: Measuring What Matters for Closed-Loop Security Agents

Cybersecurity is a relentless arms race, with AI driven offensive systems evolving faster than traditional defenses can adapt. Research and tooling remain fragmented across isolated defensive functions, creating blind spots that adversaries exploit. Autonomous agents capable of integrating, explo...

CyFence: Securing Cyber-Physical Controllers Via Trusted Execution Environment

In the last decades, Cyber-physical Systems CPSs have experienced a significant technological evolution and increased connectivity, at the cost of greater exposure to cyber-attacks. Since many CPS are used in safety-critical systems, such attacks entail high risks and potential safety harms...

CVE-2024-40125

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint...

SecurePay: Enabling Secure and Fast Payment Processing for Platform Economy

Recent years have witnessed a rapid development of platform economy, as it effectively addresses the trust dilemma between untrusted online buyers and merchants. However, malicious platforms can misuse users' funds and information, causing severe security concerns. Previous research efforts aimed...

CVE-2024-40125

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint...

CVE-2024-40125

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint...

CVE-2024-40125

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint...

CVE-2024-40125

The CVE-2024-40125 entry concerns Closed Loop Technology CLESS Server v4.5.2, where the Media Manager’s file upload endpoint is vulnerable to arbitrary PHP file uploads. The underlying issue enables remote code execution because a crafted PHP file can be uploaded and subsequently executed on the ...

CVE-2024-40125

An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint...

The vulnerability of the operating environment of the information protection software “Blockhost-Net” and “Blockhost-Net K” allows a perpetrator to execute the application through the operating system’s regsvr32 component, bypassing the closed-loop programming environment.

The vulnerability of the operating environments of the information protection software “Blockhost-Net” and “Blockhost-Net K” is related to the use of the regsvr32 function to access system components. Exploiting this vulnerability could allow a perpetrator with administrative privileges to execut...