Lucene search
K

14 matches found

Wallarm Lab
Wallarm Lab
added 2026/05/12 4:54 p.m.10 views

Extending Security to MCP Servers: Closing a Critical Gap

The Model Context Protocol MCP is a de facto standard for providing structured access to privileged systems for AI agents and external integrations. It acts as a USB-C port for AI, enabling faster innovation by allowing organizations to expose tools, resources, and workflows without the...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/07 10:31 p.m.16 views

Cross-site Scripting (XSS)

Overview netbox-data-flows is a NetBox plugin to document data flows between systems and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ObjectAlias.name field rendered in DataFlow tables. An attacker can execute arbitrary JavaScript in the brows...

8.7CVSS5.8AI score
Exploits0References2
Wallarm Lab
Wallarm Lab
added 2026/04/24 7:15 a.m.12 views

The Governance Gap: How the EU AI Act Makes API Security a Compliance Imperative

Your legal team just handed you a 400-page document and said "figure out compliance." The EU AI Act is live, your organization falls under its scope, which is broader than many expect. Even non‑EU companies must comply if their AI systems are used, deployed, or produce effects within the European...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/10 12:0 a.m.6 views

TraceLens: Question-Driven Debugging for Taint Flow Understanding

Taint analysis is a security analysis technique used to track the flow of potentially dangerous data through an application and its dependent libraries. Investigating why certain unexpected flows appear and why expected flows are missing is an important sensemaking process during end-user taint...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.12 views

MalFlows: Context-Aware Fusion of Heterogeneous Flow Semantics for Android Malware Detection

Static analysis, a fundamental technique in Android app examination, enables the extraction of control flows, data flows, and inter-component communications ICCs, all of which are essential for malware detection. However, existing methods struggle to leverage the semantic complementarity across...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/22 12:0 a.m.6 views

VIVID: a Novel Approach to Remediation Prioritization in Static Application Security Testing (SAST)

Static Application Security Testing SAST enables organizations to detect vulnerabilities in code early; however, major SAST platforms do not include visual aids and present little insight on correlations between tainted data chains. We propose VIVID - Vulnerability Information Via Data flow - a...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/06/05 1:0 p.m.23 views

Securing AI Development in the Cloud: Navigating the Risks and Opportunities

AI-TRiSM - Trust, Risk and Security Management in the Age of AI Co-authored by Lara Sunday and Pojan Shahrivar As artificial intelligence AI and machine learning ML technologies continue to advance and proliferate, organizations across industries are investing heavily in these transformative...

7.4AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2023/09/23 1:15 p.m.29 views

2023 OWASP Top-10 Series: API9:2023 Improper Inventory Management

Welcome to the 10th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API9:2023 Improper Inventory Management. In this series we are taking an in-depth look at each category – the details, the impac...

6.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/08/03 12:51 p.m.19 views

The Three Key Competencies that Optimize Data Security Orchestration

One of the principal benefits of a modern data-centric security fabric is being able to automatically apply security controls to the data itself and drive policy-compliant data handling behavior by privileged users. But we all know that detecting a security incident is just the first part of the...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/09/29 5:59 p.m.37 views

Facebook Releases New Tool That Finds Security and Privacy Bugs in Android Apps

Facebook on Wednesday announced it's open-sourcing Mariana Trench, an Android-focused static analysis platform the company uses to detect and prevent security and privacy bugs in applications created for the mobile operating system at scale. "Mariana Trench is designed to be able to scan large...

0.8AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2018/04/27 6:4 p.m.26 views

RSA 2018 recap: GDPR, Increasing Visibility and Transparency of Cloud Security

RSA 2018 is in the books! The event welcomed 42,000 attendees to San Francisco, including cybersecurity professionals, vendors, media, and analysts. The themes of visibility and transparency repeatedly came up in discussions and presentations as organizations grapple with ever-increasing data flo...

2.1AI score
Exploits0
n0where
n0where
added 2016/09/01 4:38 a.m.531 views

Secure Socket Funneling: SSF

Secure Socket Funneling SSF is a network tool and toolkit. It provides simple and efficient ways to forward data from multiple sockets TCP or UDP through a single secure TLS link to a remote computer. Multiplex Various Network Data Flows SSF is cross platform Windows, Linux, OSX and shipped as...

0.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2013/11/27 2:8 p.m.11 views

European Commission Urges U.S to Reform Surveillance Methods

The European Commission is urging the United States government to make some changes to the way it handles surveillance to help restore the trust in the relationship between the EU and the U.S. The commission is asking for the U.S. to promote privacy rights internationally, adopt the EU’s data...

0.5AI score
Exploits0References4
Check Point Advisories
Check Point Advisories
added 2009/07/21 12:0 a.m.1 views

HTTP Server Parameter Pollution

HTTP Parameter Pollution HPP is a hacking technique. HPP attacks allow the attacker to override or add HTTP GET/POST parameters by injecting query string delimiters. This is an input validation vulnerability. Input validation flaws are caused by unsanitized data flows between the front-end and th...

6.8AI score
Exploits0
Rows per page
Query Builder