PT-2026-25993

Summary A user with permission to create or update a TaskRun or PipelineRun can crash the Tekton Pipelines controller by setting .spec.taskRef.resolver or .spec.pipelineRef.resolver to a string of 31 characters or more, causing a denial of service for all reconciliation. Details The controller...

Updated vim packages fix security vulnerability

NFA regex engine NULL pointer dereference affects Vim 9.2.0137. CVE-2026-32249...

Security Considerations for Artificial Intelligence Agents

This article, a lightly adapted version of Perplexity's response to NIST/CAISI Request for Information 2025-0035, details our observations and recommendations concerning the security of frontier AI agents. These insights are informed by Perplexity's experience operating general-purpose agentic...

QuaNTUM: A Modular Quantum Communication Testbed for Scalable Fiber and Satellite Integration

Secure communication is essential for modern society, from financial transactions to critical infrastructure. As classical encryption faces threats from advancing computational power, quantum communication provides a fundamentally secure alternative based on physical laws. We present QuaNTUM...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:GHSA-852M-CVVP-9P4W...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:RUSTSEC-2026-0020...

Evaluating the Reliability of Digital Forensic Evidence Discovered by Large Language Model: A Case Study

The growing reliance on AI-identified digital evidence raises significant concerns about its reliability, particularly as large language models LLMs are increasingly integrated into forensic investigations. This paper proposes a structured framework that automates forensic artifact extraction,...

CVE-2026-27007 OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, normalizeForHash in src/agents/sandbox/config-hash.ts recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw...

OpenClaw replaced a deprecated sandbox hash algorithm

Affected Packages / Versions - npm package: openclaw - Affected versions: = 2026.2.14 - Fixed version pre-set: 2026.2.15 Description The sandbox identifier cache key for Docker/browser sandbox configuration used SHA-1 to hash normalized configuration payloads. SHA-1 is deprecated for cryptographi...

CVE-2025-13079

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens using deterministic data. This makes it...

PT-2026-20968

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, normalizeForHash in src/agents/sandbox/config-hash.ts recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw...

GHSA-G7VP-J25F-H34P EVE Has Partially Predetermined Vault Key

Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...

Copier safe template has arbitrary filesystem write access via directory symlinks when _preserve_symlinks: true

Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently write to arbitrary directories outside the...

Cryptographic Weakness

Elliptic is vulnerable to cryptographic weakness. The vulnerability is due to incorrect byte-length computation and truncation of the RFC 6979 deterministic nonce k when it contains leading zeros, which results in faulty signatures and allows an attacker, under certain conditions, to derive the...

openSUSE 16 Security Update : hawk2 (openSUSE-SU-2026:20025-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20025-1 advisory. - Bump ruby gem rack to 3.1.18 bsc1251939. - Bump ruby gem uri to 1.0.4. - Fix the mtime in manifest.json bsc1230275. - Make builds determinitst...

CVE-2025-68701

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...

EUVD-2026-2027

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...

Use of a Broken or Risky Cryptographic Algorithm

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in SecurityIO.groovy. An attacker...

GHSA-CRXP-CHH4-9GHP Jervis has Deterministic AES IV Derivation from Passphrase

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL866-L874...

SUSE-SU-2026:20091-1 Security update for hawk2

This update for hawk2 fixes the following issues: - Bump ruby gem rack to 3.1.18 bsc1251939. - Bump ruby gem uri to 1.0.4. - Fix the mtime in manifest.json bsc1230275. - Make builds determinitstic bsc1230275. - Bump rails version from 8.0.2 to 8.0.2.1 bsc1248100. - Require openssl explicitly...