CVE-2024-52011

creationtimestamp| type| source ---|---|--- 2026-06-03 18:51:02+00:00| seen| https://gist.github.com/alon710/8b99e8a330b30729487263e5e6c526a7 2026-06-03 19:00:57+00:00| seen| https://gist.github.com/alon710/af9fd1f0bf5e15b0603c7992be5645c7...

TIBlender: Early-Warning Threat Intelligence from Cross-Platform Social Media Evidence

Cyber threat signals are fragmented across multiple social media platforms, yet no existing approach has fully automated their integration into actionable threat intelligence TI reports. We present TIBlender, a multi-agent system that monitors four platforms X, Reddit, Telegram, and Discord and...

`exploration` was removed from crates.io for malicious code

A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...

Benchmarking Security Risk Detection and Verification in Open Agentic Skill Ecosystems

Open agent platforms allow community contributors to publish reusable skills that agents can invoke at runtime. This extensibility also creates a supply-chain risk: malicious contributors can hide harmful behavior inside skills that appear benign under superficial inspection. However, existing...

DeepFake Forensics AI: A Multi-Modal Detection and Blockchain-Anchored Evidence Management Platform

The proliferation of AI-generated synthetic media poses a critical threat to the integrity of digital evidence in legal and forensic contexts. Existing deepfake detection systems typically address a single modality and provide no mechanism for tamper-proof evidence preservation. We present DeepFa...

A Wolf in Sheep'S Clothing: Targeted Routing Hijacking in Federated RAG

Federated Retrieval-Augmented Generation FedRAG is attractive for privacy-sensitive applications because raw data remain local. As a result, routing must rely on client-provided semantic profiles, creating a new opportunity for manipulation. We introduce Routing Hijacking, a routing-stage attack ...

Exploit for CVE-2007-2447

🛡️ Metasploitable2 Vulnerability Assessment Author: Jaden Julius...

TTPrint: Evidence-Grounded TTP Extraction Via Diverge-Then-Converge Verification

Extracting MITRE ATT&CK techniques from cyber threat intelligence CTI reports is an open-set, multi-label problem requiring both high recall not missing techniques and high precision not hallucinating unsupported ones. Existing methods--rule-based, supervised, and LLM-based--struggle to achieve...

Demystifying the Mythos or Disrupting Bugonomics? from Zero-Day Asymmetry to Defender Remediation Throughput

Recent demonstrations of large language models producing candidate and confirmed vulnerabilities in production software have renewed the narrative that AI will reshape offensive and defensive security. Headlines emphasize capability; they rarely interrogate costs and incentives. This paper examin...

@hulumi/policies: Stack-wide evidence bypassed Cloudflare and deployment-governance guardrails

Impact: @hulumi/policies versions before 1.3.2 used stack-wide evidence shortcuts in several Cloudflare and deployment-governance validators. Unrelated compliant-looking evidence could suppress violations for different zones, hostnames, origins, or repositories in the same stack. Patched in 1.3.2...

GHSA-59F3-7227-WMH4 @hulumi/policies: Stack-wide evidence bypassed Cloudflare and deployment-governance guardrails

Impact: @hulumi/policies versions before 1.3.2 used stack-wide evidence shortcuts in several Cloudflare and deployment-governance validators. Unrelated compliant-looking evidence could suppress violations for different zones, hostnames, origins, or repositories in the same stack. Patched in 1.3.2...

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corrupti...

CVE-2026-6456

creationtimestamp| type| source ---|---|--- 2026-05-20 03:01:08+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmaw2wrbuy2w 2026-05-20 05:01:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmb4rk65id2h...

CVE-2026-0983

creationtimestamp| type| source ---|---|--- 2026-05-18 12:46:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mm4vth5h7t2p 2026-05-19 11:39:40+00:00| seen| https://bsky.app/profile/cybersecinsight.bsky.social/post/3mm7claemwb2n...

Hallucination As Exploit: Evidence-Carrying Multimodal Agents

Multimodal agents use screenshots, documents, and webpages to choose tool calls. When a false visual claim triggers a click, email, extraction, or transfer, hallucination becomes an authorization failure rather than an answer-quality error. We formalize this failure mode as hallucination-to-actio...

ContraFix: Agentic Vulnerability Repair Via Differential Runtime Evidence and Skill Reuse

Large language model LLM agents are increasingly used for automated vulnerability repair AVR, where repository-level reasoning enables them to inspect context and produce source-code patches. However, recent empirical results show that these agents still struggle with real-world vulnerabilities...

Exploit for CVE-2026-42945

NGINX CVE-2026-42945 Local Checker This repository provides t...

From Backup Restoration to Minimum Viable Factory Recovery: A Systematization of Ransomware Recovery in Manufacturing Systems

Ransomware recovery in critical manufacturing infrastructure is not only a backup-restoration problem. Production capability depends on coupled information-technology, operational-technology, physical-process, quality, logistics, identity, and supplier systems. After ransomware, a plant may rebui...

Windows-pentest-lab

Windows-pentest-lab Penetration testing and vulnerability asse...

Veritas: A Semantically Grounded Agentic Framework for Memory Corruption Vulnerability Detection in Binaries

Detecting memory corruption vulnerabilities in stripped binaries requires recovering object semantics, interprocedural propagation, and feasible triggers from low-level, lossy representations. Recent LLM-based approaches improve code understanding, but reliable detection still requires grounding ...