Automatic, Expressive, and Scalable Fuzzing with Stitching

Fuzzing is a powerful technique for finding bugs in software libraries, but scaling it remains difficult. Automated harness generation commits to fixed API sequences at synthesis time, limiting the behaviors each harness can test. Approaches that instead explore new sequences dynamically lack the...

The CTI Echo Chamber: Fragmentation, Overlap, and Vendor Specificity in Twenty Years of Cyber Threat Reporting

Despite the high volume of open-source Cyber Threat Intelligence CTI, our understanding of long-term threat actor-victim dynamics remains fragmented due to the lack of structured datasets and inconsistent reporting standards. In this paper, we present a large-scale automated analysis of open-sour...

TRACE: Timely Retrieval and Alignment for Cybersecurity Knowledge Graph Construction and Expansion

The rapid evolution of cyber threats has highlighted significant gaps in security knowledge integration. Cybersecurity Knowledge Graphs CKGs relying on structured data inherently exhibit hysteresis, as the timely incorporation of rapidly evolving unstructured data remains limited, potentially...

DyMA-Fuzz: Dynamic Direct Memory Access Abstraction for Re-Hosted Monolithic Firmware Fuzzing

The rise of smart devices in critical domains--including automotive, medical, industrial--demands robust firmware testing. Fuzzing firmware in re-hosted environments is a promising method for automated testing at scale, but remains difficult due to the tight coupling of code with a...

[SECURITY] [DLA 4470-1] phpunit security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4470-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 06, 2026 https://wiki.debian.org/LTS -...

Fedora 42 : phpunit8 (2026-8a7678fa99)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8a7678fa99 advisory. Version 8.5.52 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...

Debian dla-4470 : phpunit - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4470 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4470-1 [email protected] https://www.debian.org/lts/security/...

Fedora 42 : phpunit11 (2026-c3b42a28dd)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c3b42a28dd advisory. Version 11.5.50 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...

Fedora 42 : phpunit10 (2026-1d1c8f5df2)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1d1c8f5df2 advisory. Version 10.5.63 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 ---- Version 10.5.62 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution P...

Fedora 42 : phpunit9 (2026-a1cb6b0f95)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a1cb6b0f95 advisory. Version 9.6.34 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 ---- Version 9.6.33 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE...

Fedora 43 : phpunit9 (2026-8d8a292bba)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8d8a292bba advisory. Version 9.6.34 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 ---- Version 9.6.33 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE...

Fedora 43 : phpunit10 (2026-ff411cd463)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ff411cd463 advisory. Version 10.5.63 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 ---- Version 10.5.62 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution P...

Fedora 43 : phpunit8 (2026-dad4e31f49)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dad4e31f49 advisory. Version 8.5.52 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...

Fedora 43 : phpunit11 (2026-8ccfe50c58)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8ccfe50c58 advisory. Version 11.5.50 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...

SysFuSS: System-Level Firmware Fuzzing with Selective Symbolic Execution

Firmware serves as the critical interface between hardware and software in computing systems, making any bugs or vulnerabilities particularly dangerous as they can cause catastrophic system failures. While fuzzing is a promising approach for identifying design flaws and security vulnerabilities,...

SUSE CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

Turning threat reports into detection insights with AI

Security teams routinely need to transform unstructured threat knowledge, such as incident narratives, red team breach-path writeups, threat actor profiles, and public reports into concrete defensive action. The early stages of that work are often the slowest. These include extracting tactics,...

Turning threat reports into detection insights with AI

Security teams routinely need to transform unstructured threat knowledge, such as incident narratives, red team breach-path writeups, threat actor profiles, and public reports into concrete defensive action. The early stages of that work are often the slowest. These include extracting tactics,...

Top 10 Cloud Compliance Tools for Enterprise Security and Audit Readiness in 2026

Key Takeaways Cloud compliance has shifted from periodic audits to a continuous operating requirement as hybrid and multi-cloud environments change faster than traditional controls can keep pace. Modern cloud compliance solutions provide continuous, automated compliance monitoring across AWS,...

CVE-2026-24765

A flaw was found in PHPUnit, a testing framework for PHP. This vulnerability involves unsafe deserialization of code coverage data during PHPT test execution. An attacker with local file write access can exploit this by placing a malicious serialized object into the file system. This can lead to...