10 matches found
CVE-2026-8762
After analysis, the originally reported behaviour was determined not to constitute a security vulnerability. The findings were parser-strictness defects without an exploitable framing-disagreement path in any tested deployment configuration...
ClawHub Security Signals: When VirusTotal, Static Analysis, and SkillSpector Disagree
Agent skills extend AI agents with reusable instructions, tools, scripts, references, and workflows, establishing a security boundary distinct from both model safety and traditional package-malware detection. ClawHub Security Signals is a sanitized dataset of 67,453 latest public OpenClaw skill...
When Scanners Lie: Evaluator Instability in LLM Red-Teaming
Automated LLM vulnerability scanners are increasingly used to assess security risks by measuring different attack type success rates ASR. Yet the validity of these measurements hinges on an often-overlooked component: the evaluator who determines whether an attack has succeeded. In this study, we...
AMDS: Attack-Aware Multi-Stage Defense System for Network Intrusion Detection with Two-Stage Adaptive Weight Learning
Machine learning based network intrusion detection systems are vulnerable to adversarial attacks that degrade classification performance under both gradient-based and distribution shift threat models. Existing defenses typically apply uniform detection strategies, which may not account for...
Anthropic Has a Plan to Keep Its AI From Building a Nuclear Weapon. Will It Work?
Anthropic partnered with the US government to create a filter meant to block Claude from helping someone build a nuke. Experts are divided on whether its a necessary protection—or a protection at all...
Emergent Misalignment As Prompt Sensitivity: a Research Note
Betley et al. 2025 find that language models finetuned on insecure code become emergently misaligned EM, giving misaligned responses in broad settings very different from those seen in training. However, it remains unclear as to why emergent misalignment occurs. We evaluate insecure models across...
CVE-2021-36797
In Victron Energy Venus OS through 2.72, root access is granted by default to anyone with physical access to the device. NOTE: the vendor disagrees with the reporter's opinion about an alleged "security best practices" violation...
Linux Distros Unpatched Vulnerability : CVE-2021-41496
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of Service attacks by carefully...
Cross site scripting
Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...
Google Says It Won't Kill Ad Blockers. Ad Blockers Disagree
Upcoming changes to Chrome has left ad blockers up in arms. But Google insists it won't stifle the extensions...