Beyond Collection: Measuring the Detection Efficacy of Modern Security Logging Standards

Effective security logging is crucial for the timely and accurate detection of cyber threats; however, the relative effectiveness of various industry-standard logging frameworks remains understudied. This paper addresses this critical gap by presenting the first systematic evaluation of modern...

AgentRFC: Security Design Principles and Conformance Testing for Agent Protocols

AI agent protocols -- including MCP, A2A, ANP, and ACP -- enable autonomous agents to discover capabilities, delegate tasks, and compose services across trust boundaries. Despite massive deployment MCP alone has 97M+ monthly SDK downloads, no systematic security framework for these protocols...

Extending the Formalism and Theoretical Foundations of Cryptography to AI

Recent progress in Large Language Models LMs has enabled the development of autonomous LM-based agents capable of executing complex tasks with minimal supervision. These agents have started to be integrated into systems with significant autonomy and authority. The security community has been...

Real-World Usability of Vulnerability Proof-Of-Concepts: A Comprehensive Study

The Proof-of-Concept PoC for a vulnerability is crucial in validating its existence, mitigating false positives, and illustrating the severity of the security threat it poses. However, research on PoCs significantly lags behind studies focusing on vulnerability data. This discrepancy can be...

EventHunter: Dynamic Clustering and Ranking of Security Events from Hacker Forum Discussions

Hacker forums provide critical early warning signals for emerging cybersecurity threats, but extracting actionable intelligence from their unstructured and noisy content remains a significant challenge. This paper presents an unsupervised framework that automatically detects, clusters, and...

Anonymous Public Announcements

We formalise the notion of an anonymous public announcement in the tradition of public announcement logic. Such announcements can be seen as in-between a public announcement from "the outside" an announcement of $φ$ and a public announcement by one of the agents an announcement of $Kaφ$: we get...

GHSA-C873-WFHP-WX5M SP1 has missing verifier checks and fiat-shamir observations

In SP1’s STARK verifier, the prover provided chipordering is used to fetch the index of the chips that have preprocessed columns. Prior to v4.0.0, the validation that this chipordering correctly provides these indexes was missing. In v4.0.0, this was fixed by adding a check that the indexed chip’...

CVE-2024-45040

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...

CVE-2024-45040 gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...

Not Checking For Stale Price

Lines of code Vulnerability details Impact Oracle data feed is insufficiently validated. There is no check for stale price and round completeness. Price can be stale and can lead to wrong price return value Proof of Concept /// @notice Get the price for the latest available round of a feed ///...

GHSA-HGP8-W8FJ-R4CM ToolJet is vulnerable to Denial of Service (DoS)

ToolJet/ToolJet placed no limit on the file size for user avatars. This could cause a denial of service if too many users upload large files. This is fixed in commit 01cd3f0464747973ec329e9fb1ea12743d3235cc in version 1.27.0. tooljet is no longer listed on npmjs.com but was listed on npmjs.com in...

Insufficient oracle validation

Lines of code Vulnerability details Impact Oracle my return stale price. Proof of Concept Round completeness and the quoted timestamp are not checked to ensure that the reported price is not stale. roundId, startedAt, updatedAt, and answeredInRound are omitted from the return result of...

Microsoft is a 5-time Leader in the Gartner Magic Quadrant for Access Management

We are honored that Gartner recognized Microsoft as a Leader in Gartner® Magic QuadrantTM for Access Management in Microsoft Azure Active Directory Azure AD. In addition, Microsoft has placed the farthest right on the “Completeness of Vision” axis. None of this is possible without you, our...

Microsoft is a 5-time Leader in the Gartner Magic Quadrant for Access Management

We are honored that Gartner recognized Microsoft as a Leader in Gartner® Magic QuadrantTM for Access Management in Microsoft Azure Active Directory Azure AD. In addition, Microsoft has placed the farthest right on the “Completeness of Vision” axis. None of this is possible without you, our...

What I expect from IT Asset Inventory

The main problem of vulnerability management, in my opinion, is that it is not always clear whether we know about ALL network hosts existing in our infrastructure or not. So, not the actual process of scanning and the detection of vulnerabilities, but the lack of knowledge what we should scan...

[SECURITY] Fedora 20 Update: libhtp-0.5.6-2.fc20

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. The goals of the project, in the order of importance, are as follows: 1. Completeness of coverage; 2. Permissive parsing; 3. Awareness of evasion techniques; 4. Performance;...

[SECURITY] Fedora 21 Update: libhtp-0.5.16-1.fc21

LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. The goals of the project, in the order of importance, are as follows: 1. Completeness of coverage; 2. Permissive parsing; 3. Awareness of evasion techniques; 4. Performance;...

Fedora Update for bcfg2 FEDORA-2011-12303

Check for the Version of bcfg2 OpenVAS Vulnerability Test Fedora Update for bcfg2 FEDORA-2011-12303 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...