Lucene search
K

198 matches found

OSV
OSV
added 2026/06/15 5:19 p.m.12 views

GHSA-VMF3-W455-68VH node-tar applies PAX size override to intermediary GNU long-name/long-link headers, causing tar parser interpretation differential (file smuggling)

Summary tar node-tar applies a PAX extended header's size= record and other PAX overrides to the next header entry of any type, including intermediary metadata headers such as a GNU long-name L or long-link K entry. Per POSIX pax, a PAX extended header x describes the next file entry, not the...

6.9CVSS5.5AI score0.00107EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/10 1:38 p.m.15 views

@hulumi/drift: Drift classifier fails open on adapter errors and over-promotes Mixed verdicts

Affected: @hulumi/drift 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-755 Improper Handling of Exceptional Conditions Summary @hulumi/drift runs four adapters that each ask a different question about whether a resource has drifted Pulumi-state diff, provider-version change, CloudTrail event,...

5.4AI score0.0004EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/10 1:38 p.m.7 views

GHSA-32G3-35G9-WC9G @hulumi/drift: Drift classifier fails open on adapter errors and over-promotes Mixed verdicts

Affected: @hulumi/drift 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-755 Improper Handling of Exceptional Conditions Summary @hulumi/drift runs four adapters that each ask a different question about whether a resource has drifted Pulumi-state diff, provider-version change, CloudTrail event,...

8.4CVSS5.4AI score0.0004EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48478

Affected: @hulumi/drift 1.4.0 — Fixed in: 1.4.0 — Severity: Medium — CWE-755 Improper Handling of Exceptional Conditions Summary @hulumi/drift runs four adapters that each ask a different question about whether a resource has drifted Pulumi-state diff, provider-version change, CloudTrail event,...

8.4CVSS5.4AI score0.0004EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.12 views

Evaluating and Combating the Impact of Concept Drift on the Performance of Machine Learning-Based Phishing Detection Systems

The expansion of the digital domain has resulted in a substantial increase in digital communication, with email emerging as one of the most prominent channels. The proliferation of email communication is apparent in both professional and personal contexts, thereby creating numerous vulnerabilitie...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/05 9:21 a.m.80 views

Drift-Protocol-Exploit-2026

Case Study: Drift Protocol $285M Logic Exploit April 2026 A...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/26 12:0 a.m.14 views

Anonymous YARA Rules Are Not Anonymous

YARA rules are widely shared across threat intelligence communities to enable collective defence against malware. This practice implicitly assumes that removing metadata e.g., author fields sufficiently protects the identity of contributing organisations. To assess the validity of this assumption...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/24 12:0 a.m.35 views

SEED: Semi-Supervised Continual MalwarE Detection for Tackling ConcEpt Drift on a BuDget

Machine learning based malware detectors become obsolete over time due to concept drift in benign and malware applications. Recent methods rely on fully labeled data and use hierarchical contrastive loss HCL with active learning to improve robustness against drift by exploiting semantic structure...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.13 views

Adversarial Vulnerability under Temporal Concept Drift: A Longitudinal Study of Android Malware Detection

We present a longitudinal, drift-aware evaluation of adversarial robustness across more than a decade of Android applications using static and dynamic feature representations extracted from emulator and real-device executions. The dataset is organized into yearly slices and evaluated under three...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/21 8:43 p.m.17 views

@hulumi/drift: Orphan reconciler accepted externally supplied execute plans

Impact: @hulumi/drift versions before 1.3.2 could accept externally supplied execute plans without sufficient provenance checks, allowing unsafe reconciliation input to be treated as trusted. Patched in 1.3.2: execute-plan handling now validates provenance and rejects untrusted plans, with...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/21 8:43 p.m.9 views

GHSA-2FFM-HXRQ-QQMM @hulumi/drift: Orphan reconciler accepted externally supplied execute plans

Impact: @hulumi/drift versions before 1.3.2 could accept externally supplied execute plans without sufficient provenance checks, allowing unsafe reconciliation input to be treated as trusted. Patched in 1.3.2: execute-plan handling now validates provenance and rejects untrusted plans, with...

8.7CVSS5.9AI score
Exploits0References2
Malwarebytes
Malwarebytes
added 2026/05/21 10:1 a.m.15 views

Researchers left AI agents alone in a virtual town and watched it all unravel

Tech leaders have spent the past year telling everyone that AI agents are about to run financial systems, file your tax returns, and quietly buy your groceries. Just leave them alone, the rhetoric goes; they'll handle it. But a New York startup left ten of them alone in a virtual town for two...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/19 8:53 a.m.6 views

BIT-MONGODB-2026-8053 FlatBSON Duplicate Field Index Drift

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

8.8CVSS6.1AI score0.0057EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.20 views

Context-Aware Web Attack Detection in Open-Source SIEM Systems Via MITRE ATT&CK-Enriched Behavioral Profiling

Security Information and Event Management SIEM systems aggregate log data from heterogeneous sources to detect coordinated attacks. Traditional rule-based correlation engines struggle to classify multi-step web application attacks because they examine each event without reference to the behaviour...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/12 11:59 p.m.59 views

CVE-2026-8053 FlatBSON Duplicate Field Index Drift

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

8.8CVSS0.0057EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.11 views

ClawGuard: Out-Of-Band Detection of LLM Agent Workflow Hijacking Via EM Side Channel

Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry such as audit logs, which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard,...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/03 12:0 a.m.9 views

FIRCE: A Framework for Intrusion Response and Conformal Evaluation

Machine learning-based intrusion detection systems deployed in real-world environments frequently suffer from model degradation due to concept drift, where changes in traffic patterns invalidate training assumptions. To address this, we present FIRCE, a Framework for Intrusion Response and...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.8 views

Trident: Improving Malware Detection with LLMs and Behavioral Features

Traditionally, machine learning methods for PE malware detection have relied on static features like byte histograms, string information, and PE header contents. One barrier to incorporating dynamic analysis features has been the semi-structured nature of sandbox behavior reports. We show that,...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/28 12:0 a.m.7 views

MARD: A Multi-Agent Framework for Robust Android Malware Detection

With the rapid evolution of Android applications, traditional machine learning-based detection models suffer from concept drift. Additionally, they are constrained by shallow features, lacking deep semantic understanding and interpretability of decisions. Although Large Language Models LLMs...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/24 12:0 a.m.6 views

Detecting Concept Drift in Evolving Malware Families Using Rule-Based Classifier Representations

This work proposes a structural approach to concept drift detection in malware classification using decision tree rulesets. Classifiers are trained across temporal windows on the EMBER2024 dataset, and drift is quantified by comparing extracted rule representations using feature importance,...

5.3AI score
Exploits0
Rows per page
Query Builder