A Validated Prompt Bank for Malicious Code Generation: Separating Executable Weapons from Security Knowledge in 1,554 Consensus-Labeled Prompts

Existing benchmarks of language-model refusal on malicious-coding tasks routinely conflate requests for executable malicious software with requests for harmful security knowledge. This conflation matters because the two request types plausibly trigger distinct refusal pathways in safety-aligned...

BlueCodeAgent: A Blue Teaming Agent Enabled by Automated Red Teaming for CodeGen AI

As large language models LLMs are increasingly used for code generation, concerns over the security risks have grown substantially. Early research has primarily focused on red teaming, which aims to uncover and evaluate vulnerabilities and risks of CodeGen models. However, progress on the blue...

EUVD-2020-0015

Malware in sbrugna...

Remote Code Execution (RCE)

llama-index-core is vulnerable to Remote Code Execution RCE. The vulnerability is due to the JsonPickleSerializer component falling back to Python’s pickle.loads without proper input validation, allowing execution of arbitrary code from untrusted data...

CVE-2022-49199

In the Linux kernel, the following vulnerability has been resolved: RDMA/nldev: Prevent underflow in nldevstatsetcounterdynamicdoit This code checks "index" for an upper bound but it does not check for negatives. Change the type to unsigned to prevent underflows...

CVE-2024-9026

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

Podcast: The State of the Secret Sprawl

Can I tell you a secret? Will you keep it between us? You’ve probably said this or heard this when it comes to friends and family. However, do you also know that secret keeping, or lack thereof is one of the biggest issues that businesses face? The recent The State of Secrets Sprawl from...

CVE-2022-28805

singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...

Carefully add tokens to the list that the protocol uses

Handle tensors Vulnerability details Impact As of right now I believe the only outside tokens the protocol uses are DAI, USDC, USDT and WETH. If other tokens are added, make sure to check that they have no callbacks on transfer. For example, CREAM protocol added the AMP token which has a callback...

Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge

There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety...

PHP security----using Register Globals-bug warning-the black bar safety net

Using Register Globals can PHP the most controversial change from PHP " 4.2.0 version of the beginning of the configuration file, registerglobals the default value from on to off. For this option the dependence is so prevalent that many people simply don't know it exists and thought PHP was so...