580 matches found
CVE-2026-55780
creationtimestamp| type| source ---|---|--- 2026-07-10 23:12:40+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdbkcyc4g26 2026-07-10 23:39:59+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdd34wa7o27...
CVE-2022-50973
Summary: CVE-2022-50973 affects Yonyou KSOA 9.0. The issue is an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet. Exploitation requires no authentication and relies on attacker-controlled filepath and filename parameters, with no validation of file t...
CVE-2022-50973
Yonyou KSOA 9.0 contains an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet that allows unauthenticated attackers to upload arbitrary files by submitting a POST request with attacker-controlled filepath and filename parameters without any...
CVE-2026-13881
creationtimestamp| type| source ---|---|--- 2026-07-01 20:39:36+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmescdq4c2u 2026-07-01 20:39:39+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpmesg4dmi2a 2026-07-02 07:22:13+00:00| seen|...
CVE-2026-10539
creationtimestamp| type| source ---|---|--- 2026-07-01 09:00:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116843900249979266 2026-07-01 09:00:30+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mpl5q6s6c62x 2026-07-01 09:13:02+00:00| seen|...
CVE-2026-46817
creationtimestamp| type| source ---|---|--- 2026-06-29 13:46:37+00:00| seen| https://bsky.app/profile/bleepingcomputer.com/post/3mpgmrwrd2525 2026-06-29 14:01:32+00:00| seen| https://bsky.app/profile/sec-news-bot.bsky.social/post/3mpgnmnxscm2c 2026-06-29 14:03:49+00:00| seen|...
`onering` 1.4.1 was removed from crates.io for malicious code
A new version of the onering crate was published with code that attempted to exfiltrate both metadata and code from the project it was included within. One malicious version was published on 2026-06-10, approximately six hours before removal. This crate has no dependencies on crates.io, and there...
88% of people struggle to tell what’s real online
What would you trade for a technology that can do almost anything? For many people, the answer is clear: Everything they thought they could trust. In a few, short years, Artificial Intelligence AI tools have granted people unfettered access to easier writing, faster image generation, quicker...
CVE-2025-58468
creationtimestamp| type| source ---|---|--- 2026-06-10 05:04:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnvwrgpei72u...
Runtime Skill Audit: Targeted Runtime Probing for Agent Skill Security
Agent skills let LLM agents reuse instructions, resources, tools, and workflows, but they also create a new place for malicious behavior to hide. A skill may look benign in its documentation or code while becoming harmful only when it is invoked with particular user requests, local assets,...
Network Log Analysis: Why Collecting Logs is Not Enough
Network Log Analysis helps teams turn raw logs into useful alerts, timelines, audit records, and incident evidence instead of storing data without action...
Layer Order Semantics for Automata-Based Cybersecurity
Layered cybersecurity pipelines transform evidence before they decide on it, and the order of those transformations determines which security facts become visible to which layer. This paper gives layer order a finite-state semantics built from a layer-order automaton, deterministic sequential...
CVE-2021-47982
creationtimestamp| type| source ---|---|--- 2026-06-08 04:41:57+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnqukpsbin2d...
AI Assurance in UK Defence: Challenges in Operationalising JSP 936
This report examines practical challenges in operationalising JSP 936 Part 1 for AI assurance in UK Defence. Using a structured interpretive review of the directive's requirements, the analysis identifies eight thematic challenge areas adequacy of evidence and argument, management of human...
CVE-2026-11299
creationtimestamp| type| source ---|---|--- 2026-06-05 02:37:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnj46sfakj2g 2026-06-05 13:24:43+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen|...
Steering LLM Viewpoints through Fabricated Evidence Injection
As chatbots increasingly influence daily decision-making, their potential to produce misleading responses poses substantial risks to users. This paper investigates a critical cognitive vulnerability in LLMs: their tendency to uncritically trust external context when presented with fabricated...
CVE-2024-52011
creationtimestamp| type| source ---|---|--- 2026-06-03 18:51:02+00:00| seen| https://gist.github.com/alon710/8b99e8a330b30729487263e5e6c526a7 2026-06-03 19:00:57+00:00| seen| https://gist.github.com/alon710/af9fd1f0bf5e15b0603c7992be5645c7 2026-06-09 11:00:07+00:00| published-proof-of-concept|...
TIBlender: Early-Warning Threat Intelligence from Cross-Platform Social Media Evidence
Cyber threat signals are fragmented across multiple social media platforms, yet no existing approach has fully automated their integration into actionable threat intelligence TI reports. We present TIBlender, a multi-agent system that monitors four platforms X, Reddit, Telegram, and Discord and...
`exploration` was removed from crates.io for malicious code
A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...
PT-2026-48942
A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...