Devilray: A Systematic Adversarial Model Revealing Blind Spots in Fake Base Station Detection

Fake Base Station FBS detection has been a critical focus of cellular security research for over two decades. However, significant financial and regulatory barriers to accessing commercial FBS C-FBS devices have limited direct visibility into real-world operations, forcing detection systems to be...

GHSA-FFQX-Q65F-36JF vulnerabilities

Vulnerabilities for packages: grafana, commercial-grafana, grafana-fips...

CVE-2026-28377 vulnerabilities

Vulnerabilities for packages: grafana, commercial-grafana, grafana-fips...

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: chainloop-control-plane, step-fips, rke2-cloud-provider-fips, envoy-gateway, telegraf, dapr, zitadel, kube-bench, steampipe, juicefs, hydra-fips, ory-kratos-fips, flyte, grafana-fips, envoy-gateway-fips, opentelemetry-collector-contrib, goose-fips, step-issuer-fips,...

ID-Eraser: Proactive Defense against Face Swapping Via Identity Perturbation

Deepfake technologies have rapidly advanced with modern generative AI, and face swapping in particular poses serious threats to privacy and digital security. Existing proactive defenses mostly rely on pixel-level perturbations, which are ineffective against contemporary swapping models that extra...

Semantics over Syntax: Uncovering Pre-Authentication 5G Baseband Vulnerabilities

Modern 5G user equipment UE processes Radio Resource Control RRC configuration messages during early control-plane exchanges, before authentication and integrity protection are established. Prior work for testing 5G UEs has largely focused on constructing syntactically invalid inputs. In contrast...

Not All Tokens Are Created Equal: Query-Efficient Jailbreak Fuzzing for LLMs

Large Language ModelsLLMs are widely deployed, yet are vulnerable to jailbreak prompts that elicit policy-violating outputs. Although prior studies have uncovered these risks, they typically treat all tokens as equally important during prompt mutation, overlooking the varying contributions of...

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications CMAs like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity and Infrastructure...

CVE-2026-32142 shopware/commercial: `/api/_info/config` route exposes information about licenses

Shopware is an open commerce platform. /api/info/config route exposes information about licenses. This vulnerability is fixed in 7.8.1 and 6.10.15...

Cybersecurity of Teleoperated Quadruped Robots: A Systematic Survey of Vulnerabilities, Threats, and Open Defense Gaps

Teleoperated quadruped robots are increasingly deployed in safety-critical missions -- industrial inspection, military reconnaissance, and emergency response -- yet the security of their communication and control infrastructure remains insufficiently characterized. Quadrupeds present distinct...

PT-2026-7864

An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file...

Tracking the Trackers: Commercial Surveillance Occurring on U.S. Army Networks

Despite current security implementations, Internet activity on DoD networks is susceptible to web trackers and commercial data collection, which have the potential to expose information about service members and unit operations. This report documents the outcomes of a study to characterize web...

CVE-2025-63421

An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file...

TrojanPraise: Jailbreak LLMs Via Benign Fine-Tuning

The demand of customized large language models LLMs has led to commercial LLMs offering black-box fine-tuning APIs, yet this convenience introduces a critical security loophole: attackers could jailbreak the LLMs by fine-tuning them with malicious data. Though this security issue has recently bee...

Sharp NP series 安全漏洞

The Sharp NP series is a series of large format commercial displays from Sharp Japan. A security vulnerability exists in Sharp NP series, which stems from the presence of a stack-based buffer overflow issue that could allow an attacker to execute arbitrary commands and programs...

Zero-Day Zero: The AI Attack That Just Ended the Era of the Forgiving Internet

Why the Exploit Window Has Collapsed and How CISOs Must Pivot to Survive For decades, cybersecurity was a game of time. We banked on the buffer between a vulnerability’s disclosure and its widespread exploitation. We relied on the forgiving internet, where human attackers needed days or weeks to...

​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​

CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications apps.1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app...

StealthCup: Realistic, Multi-Stage, Evasion-Focused CTF for Benchmarking IDS

Intrusion Detection Systems IDS are critical to defending enterprise and industrial control environments, yet evaluating their effectiveness under realistic conditions remains an open challenge. Existing benchmarks rely on synthetic datasets e.g., NSL-KDD, CICIDS2017 or scripted replay frameworks...

VEIL: Jailbreaking Text-To-Video Models Via Visual Exploitation from Implicit Language

Jailbreak attacks can circumvent model safety guardrails and reveal critical blind spots. Prior attacks on text-to-video T2V models typically add adversarial perturbations to obviously unsafe prompts, which are often easy to detect and defend. In contrast, we show that benign-looking prompts...

How Can We Effectively Use LLMs for Phishing Detection?: Evaluating the Effectiveness of Large Language Model-Based Phishing Detection Models

Large language models LLMs have emerged as a promising phishing detection mechanism, addressing the limitations of traditional deep learning-based detectors, including poor generalization to previously unseen websites and a lack of interpretability. However, LLMs' effectiveness for phishing...