CLSA-2026-1777470383 less: Fix of 2 CVEs

Extend ELS coverage to rhel7els, oraclelinux7els and cloudlinux7els. - CVE-2022-48624 and CVE-2024-32487 were already fixed in 458-10.tuxcare.els1; this release reships those fixes to the additional platforms...

[SECURITY] Fedora 44 Update: libgsasl-1.10.0-15.fc44

The library includes support for the SASL framework and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, and NTLM mechanisms...

Wiz at Google Next: Machine-Speed Defense for Any Cloud, Any Platform, Any AI

Announcing new capabilities at Google Cloud Next that extend and deepen Wiz AI-APP coverage: From the first line of AI-generated code, across AI and agent studios, to the edge of the cloud...

Insights into Security-Related AI-Generated Pull Requests

Recent years have experienced growing contributions of AI coding agents that assist human developers in various software engineering tasks. However, this growing AI-assisted autonomy raises questions about security and trust. In this paper, we analyze more than 33,000 AI-generated pull requests P...

Towards Optimal Agentic Architectures for Offensive Security Tasks

Agentic security systems increasingly audit live targets with tool-using LLMs, but prior systems fix a single coordination topology, leaving unclear when additional agents help and when they only add cost. We treat topology choice as an empirical systems question. We introduce a controlled...

Foxit, LibRaw vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability...

[SECURITY] Fedora 42 Update: perl-Devel-Cover-1.44-7.fc42

This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an...

RealVuln: Benchmarking Rule-Based, General-Purpose LLM, and Security-Specialized Scanners on Real-World Code

How do security scanners perform on real-world code? We present RealVuln, the first open-source benchmark comparing Rule-Based SAST, General-Purpose LLMs, and Security-Specialized scanners on 26 intentionally vulnerable Python repositories educational and Capture-The-Flag applications with 796...

Beyond Single Reports: Evaluating Automated ATT&CK Technique Extraction in Multi-Report Campaign Settings

Large-scale cyberattacks, referred to as campaigns, are documented across multiple CTI reports from diverse sources, with some providing a high-level overview of attack techniques and others providing technical details. Extracting attack techniques from reports is essential for organizations to...

SUSE SLES12 Security Update : google-cloud-sap-agent (SUSE-SU-2026:1195-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1195-1 advisory. This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: - CVE-2026-33186:...

Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 bsc1259816: CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260265. Changelog: Collect WLM metric...

Auditable Agents

LLM agents call tools, query databases, delegate tasks, and trigger external side effects. Once an agent system can act in the world, the question is no longer only whether harmful actions can be prevented--it is whether those actions remain answerable after deployment. We distinguish...

Apple expands “DarkSword” patches to iOS 18.7.7

Apple widened its latest iOS 18 security update to cover far more iPhones and iPads, specifically to stop real‑world DarkSword attacks that can compromise a device from a single website visit. After researchers published their findings about the DarkSword attacks and an exploit kit abusing the...

CLEANSTART-2026-MQ02912 Security fixes for CVE-2017-7529, CVE-2018-16845, CVE-2019-20372, CVE-2019-9511, CVE-2019-9513, CVE-2019-9516, CVE-2021-23017, CVE-2021-46461, CVE-2021-46462, CVE-2021-46463, CVE-2022-25139, CVE-2022-3638, CVE-2022-41741, CVE-2022-41742, CVE-2023-44487, CVE-2024-31079, CVE-2024-32760, CVE-2024-34161, CVE-2024-35200, CVE-2024-7347, CVE-2025-23419 applied in versions: 0, 1.12.1-r0, 1.14.1-r0, 1.16.1-r0, 1.16.1-r6, 1.20.1-r0, 1.20.1-r1, 1.20.2-r2, 1.22.1-r0, 1.24.0-r12, 1.26.2-r0, 1.26.3-r0

Multiple security vulnerabilities affect the nginx package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

UBUNTU-CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

CVE-2026-34155 RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

CVE-2026-34155

RAUC (Embedded Linux update framework) is affected prior to version 1.15.2. An integer overflow when packaging bundles in the plain format with payloads larger than 2 GiB causes a signature to cover only the initial portion of the payload. If a bundle has a legitimate signature, an attacker could...

CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...