CVE-2026-5535

A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the argument dataSet results in path traversal. The attack is possible to be carried out remotely. The...

NetSecBed: A Container-Native Testbed for Reproducible Cybersecurity Experimentation

Cybersecurity research increasingly depends on reproducible evidence, such as traffic traces, logs, and labeled datasets, yet most public datasets remain static and offer limited support for controlled re-execution and traceability, especially in heterogeneous multi-protocol environments. This...

Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of Materials Graphs

Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials SBOM-based pipelines for security analysis typically treat scanner findings as independent per-CVE Common...

GHSA-6326-W46W-PPJW Kedro: Path Traversal in versioned dataset loading via unsanitized version string

Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...

PT-2026-30018

Impact The get versioned path method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended version...

A Tsetlin Machine-Driven Intrusion Detection System for Next-Generation IoMT Security

The rapid adoption of the Internet of Medical Things IoMT is transforming healthcare by enabling seamless connectivity among medical devices, systems, and services. However, it also introduces serious cybersecurity and patient safety concerns as attackers increasingly exploit new methods and...

Credential Leakage in LLM Agent Skills: A Large-Scale Empirical Study

Third-party skills extend LLM agents with powerful capabilities but often handle sensitive credentials in privileged environments, making leakage risks poorly understood. We present the first large-scale empirical study of this problem, analyzing 17,022 skills sampled from 170,226 on SkillsMP usi...

From Component Manipulation to System Compromise: Understanding and Detecting Malicious MCP Servers

The model context protocol MCP standardizes how LLMs connect to external tools and data sources, enabling faster integration but introducing new attack vectors. Despite the growing adoption of MCP, existing MCP security studies classify attacks by their observable effects, obscuring how attacks...

Automated Generation of Cybersecurity Exercise Scenarios

There is a growing need for cybersecurity professionals with practical knowledge and experience to meet societal needs and comply with new standards and regulations. At the same time, the advances in software technology and artificial intelligence point towards a future where software agents will...

VulnScout-C: A Lightweight Transformer for C Code Vulnerability Detection

Vulnerability detection in C programs is a critical challenge in software security. Although large language models LLMs achieve strong detection performance, their multi-billion-parameter scale makes them impractical for integration into development workflows requiring low latency and continuous...

Context-Aware Phishing Email Detection Using Machine Learning and NLP

Phishing attacks remain among the most prevalent cybersecurity threats, causing significant financial losses for individuals and organizations worldwide. This paper presents a machine learning-based phishing email detection system that analyzes email body content using natural language processing...

Machine Learning Transferability for Malware Detection

Malware continues to be a predominant operational risk for organizations, especially when obfuscation techniques are used to evade detection. Despite the ongoing efforts in the development of Machine Learning ML detection approaches, there is still a lack of feature compatibility in public...

Detecting Protracted Vulnerabilities in Open Source Projects

Timely resolution and disclosure of vulnerabilities are essential for maintaining the security of open-source software. However, many vulnerabilities remain unreported, unpatched, or undisclosed for extended periods, exposing users to prolonged security threats. While various vulnerability...

cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2025-33247 via megatron-core (>=0.10.0 <=0.15.2)

megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2025-33247 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871031...

cosmos-predict2 (>=1.0.6 <=1.0.9), entity-model (>=1.0.0 <=1.0.9) +19 more potentially affected by CVE-2026-24152 via megatron-core (>=0.10.0 <=0.15.2)

megatron-core PYPI version =0.10.0, =1.0.6, =1.0.0, =5.1.6, =1.0.0, =0.1.0rc0, =0.1.0rc1, =0.1.0, =1.0.0, =2.0.8, =1.0.0, =2.0.8, =1.0.0, =1.0.0, =1.0.7 and more Source cves: CVE-2026-24152 Source advisory: SNYK:PYTHON-MEGATRONCORE-15871035...

TLS Certificate and Domain Feature Analysis of Phishing Domains in the Danish .Dk Namespace

Phishing attacks remain a persistent cybersecurity threat, and the widespread adoption of TLS certificates has unintentionally enabled malicious websites to appear trustworthy to users. This study examines whether certificate metadata and domain characteristics can help distinguish phishing domai...

AEGIS: From Clues to Verdicts -- Graph-Guided Deep Vulnerability Reasoning Via Dialectics and Meta-Auditing

Large Language Models LLMs are increasingly adopted for vulnerability detection, yet their reasoning remains fundamentally unsound. We identify a root cause shared by both major mitigation paradigms agent-based debate and retrieval augmentation: reasoning in an ungrounded deliberative space that...

CVE-2026-33147

A flaw was found in GMT Generic Mapping Tools, an open-source collection of command-line tools. This vulnerability, a stack-based buffer overflow, occurs when a specially crafted long string is used as a dataset identifier. An attacker could exploit this to cause the application to crash or...

CVE-2026-33147

GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmtremotedatasetid function within src/gmtremote.c. This issue occurs when a specially...

CVE-2026-33147

GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified in the gmtremotedatasetid function within src/gmtremote.c. This issue occurs when a specially...