`onering` 1.4.1 was removed from crates.io for malicious code

A new version of the onering crate was published with code that attempted to exfiltrate both metadata and code from the project it was included within. One malicious version was published on 2026-06-10, approximately six hours before removal. This crate has no dependencies on crates.io, and there...

88% of people struggle to tell what’s real online

What would you trade for a technology that can do almost anything? For many people, the answer is clear: Everything they thought they could trust. In a few, short years, Artificial Intelligence AI tools have granted people unfettered access to easier writing, faster image generation, quicker...

CVE-2025-58468

creationtimestamp| type| source ---|---|--- 2026-06-10 05:04:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnvwrgpei72u...

Runtime Skill Audit: Targeted Runtime Probing for Agent Skill Security

Agent skills let LLM agents reuse instructions, resources, tools, and workflows, but they also create a new place for malicious behavior to hide. A skill may look benign in its documentation or code while becoming harmful only when it is invoked with particular user requests, local assets,...

Network Log Analysis: Why Collecting Logs is Not Enough

Network Log Analysis helps teams turn raw logs into useful alerts, timelines, audit records, and incident evidence instead of storing data without action...

Layer Order Semantics for Automata-Based Cybersecurity

Layered cybersecurity pipelines transform evidence before they decide on it, and the order of those transformations determines which security facts become visible to which layer. This paper gives layer order a finite-state semantics built from a layer-order automaton, deterministic sequential...

CVE-2021-47982

creationtimestamp| type| source ---|---|--- 2026-06-08 04:41:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnqukpsbin2d...

AI Assurance in UK Defence: Challenges in Operationalising JSP 936

This report examines practical challenges in operationalising JSP 936 Part 1 for AI assurance in UK Defence. Using a structured interpretive review of the directive's requirements, the analysis identifies eight thematic challenge areas adequacy of evidence and argument, management of human...

CVE-2026-11299

creationtimestamp| type| source ---|---|--- 2026-06-05 02:37:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnj46sfakj2g 2026-06-05 13:24:43+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen|...

Steering LLM Viewpoints through Fabricated Evidence Injection

As chatbots increasingly influence daily decision-making, their potential to produce misleading responses poses substantial risks to users. This paper investigates a critical cognitive vulnerability in LLMs: their tendency to uncritically trust external context when presented with fabricated...

CVE-2024-52011

creationtimestamp| type| source ---|---|--- 2026-06-03 18:51:02+00:00| seen| https://gist.github.com/alon710/8b99e8a330b30729487263e5e6c526a7 2026-06-03 19:00:57+00:00| seen| https://gist.github.com/alon710/af9fd1f0bf5e15b0603c7992be5645c7 2026-06-09 11:00:07+00:00| published-proof-of-concept|...

TIBlender: Early-Warning Threat Intelligence from Cross-Platform Social Media Evidence

Cyber threat signals are fragmented across multiple social media platforms, yet no existing approach has fully automated their integration into actionable threat intelligence TI reports. We present TIBlender, a multi-agent system that monitors four platforms X, Reddit, Telegram, and Discord and...

`exploration` was removed from crates.io for malicious code

A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...

PT-2026-48942

A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...

Benchmarking Security Risk Detection and Verification in Open Agentic Skill Ecosystems

Open agent platforms allow community contributors to publish reusable skills that agents can invoke at runtime. This extensibility also creates a supply-chain risk: malicious contributors can hide harmful behavior inside skills that appear benign under superficial inspection. However, existing...

DeepFake Forensics AI: A Multi-Modal Detection and Blockchain-Anchored Evidence Management Platform

The proliferation of AI-generated synthetic media poses a critical threat to the integrity of digital evidence in legal and forensic contexts. Existing deepfake detection systems typically address a single modality and provide no mechanism for tamper-proof evidence preservation. We present DeepFa...

A Wolf in Sheep'S Clothing: Targeted Routing Hijacking in Federated RAG

Federated Retrieval-Augmented Generation FedRAG is attractive for privacy-sensitive applications because raw data remain local. As a result, routing must rely on client-provided semantic profiles, creating a new opportunity for manipulation. We introduce Routing Hijacking, a routing-stage attack ...

Exploit for CVE-2007-2447

🛡️ Metasploitable2 Vulnerability Assessment Author: Jaden Julius...

TTPrint: Evidence-Grounded TTP Extraction Via Diverge-Then-Converge Verification

Extracting MITRE ATT&CK techniques from cyber threat intelligence CTI reports is an open-set, multi-label problem requiring both high recall not missing techniques and high precision not hallucinating unsupported ones. Existing methods--rule-based, supervised, and LLM-based--struggle to achieve...

Demystifying the Mythos or Disrupting Bugonomics? from Zero-Day Asymmetry to Defender Remediation Throughput

Recent demonstrations of large language models producing candidate and confirmed vulnerabilities in production software have renewed the narrative that AI will reshape offensive and defensive security. Headlines emphasize capability; they rarely interrogate costs and incentives. This paper examin...