Runtime Skill Audit: Targeted Runtime Probing for Agent Skill Security

Agent skills let LLM agents reuse instructions, resources, tools, and workflows, but they also create a new place for malicious behavior to hide. A skill may look benign in its documentation or code while becoming harmful only when it is invoked with particular user requests, local assets,...

Membrane: A Self-Evolving Contrastive Safety Memory for LLM Agent Defense

Despite advances in safety alignment, large language models remain vulnerable to continuously evolving jailbreaks. Existing fine-tuned safety classifiers cannot adapt to these evolving attacks, while adaptive memory-based guardrails tend to over-refuse benign queries that resemble stored attacks...

Malicious code in @self-evolving-harness/kivo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ce31b5c287727dabb5479a114843b06b80bbd75db10d74014a00db80b9b321bd The package's LLM pipeline Kivo.ingest → value-gate → OpenAILLMProvider resolves its endpoint via resolveLlmConfig in...

Bringing Security Visibility to Vercel with Wiz

Giving developers and security teams a shared view of application risk as it evolves...

CoopGuard: Stateful Cooperative Agents Safeguarding LLMs against Evolving Multi-Round Attacks

As Large Language Models LLMs are increasingly deployed in complex applications, their vulnerability to adversarial attacks raises urgent safety concerns, especially those evolving over multi-round interactions. Existing defenses are largely reactive and struggle to adapt as adversaries refine...

ACORN-IDS: Adaptive Continual Novelty Detection for Intrusion Detection Systems

Intrusion Detection Systems IDS must maintain reliable detection performance under rapidly evolving benign traffic patterns and the continual emergence of cyberattacks, including zero-day threats with no labeled data available. However, most machine learning-based IDS approaches either assume...

Why API Security Is No Longer an AppSec Problem – And What Security Leaders Must Do Instead

APIs are one of the most important technologies in digital business ecosystems. And yet, the responsibility for their security often falls to AppSec teams – and that’s a problem. This organizational mismatch creates systemic risk: business teams assume APIs are “secured,” while attackers exploit...

Why Asia’s Public Sector Is Rethinking Cyber Resilience

...

SecureCAI: Injection-Resilient LLM Assistants for Cybersecurity Operations

Large Language Models have emerged as transformative tools for Security Operations Centers, enabling automated log analysis, phishing triage, and malware explanation; however, deployment in adversarial cybersecurity environments exposes critical vulnerabilities to prompt injection attacks where...

RunawayEvil: Jailbreaking the Image-To-Video Generative Models

Image-to-Video I2V generation synthesizes dynamic visual content from image and text inputs, providing significant creative control. However, the security of such multimodal systems, particularly their vulnerability to jailbreak attacks, remains critically underexplored. To bridge this gap, we...

New IDC research highlights a major cloud security shift

Cloud security is at a tipping point. While moving to the cloud powers both growth and speed for organizations, it can also bring new risks. According to IDC’s latest research, organizations experienced an average of nine cloud security incidents in 2024, with 89% reporting a year-over-year...

EvoMail: Self-Evolving Cognitive Agents for Adaptive Spam and Phishing Email Defense

Modern email spam and phishing attacks have evolved far beyond keyword blacklists or simple heuristics. Adversaries now craft multi-modal campaigns that combine natural-language text with obfuscated URLs, forged headers, and malicious attachments, adapting their strategies within days to bypass...

Can We End the Cat-And-Mouse Game? Simulating Self-Evolving Phishing Attacks with LLMs and Genetic Algorithms

Anticipating emerging attack methodologies is crucial for proactive cybersecurity. Recent advances in Large Language Models LLMs have enabled the automated generation of phishing messages and accelerated research into potential attack techniques. However, predicting future threats remains...

Today'S Cat Is Tomorrow'S Dog: Accounting for Time-Based Changes in the Labels of ML Vulnerability Detection Approaches

Vulnerability datasets used for ML testing implicitly contain retrospective information. When tested on the field, one can only use the labels available at the time of training and testing e.g. seen and assumed negatives. As vulnerabilities are discovered across calendar time, labels change and...

Building a Security Operations Center for the Cloud: Key Considerations for People, Processes, and Technology

As cloud adoption accelerates, security operations teams must rethink their people, processes, and technology to enable effective Cloud Detection and Response CDR and secure their evolving cloud attack surface...

An LLM-Based Self-Evolving Security Framework for 6G Space-Air-Ground Integrated Networks

Recently emerged 6G space-air-ground integrated networks SAGINs, which integrate satellites, aerial networks, and terrestrial communications, offer ubiquitous coverage for various mobile applications. However, the highly dynamic, open, and heterogeneous nature of SAGINs poses severe security...

CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents

🐫 CAMEL is an open-source community dedicated to finding the scaling laws of agents. We believe that studying these agents on a large scale offers valuable insights into their behaviors, capabilities, and potential risks. To facilitate research in this field, we implement and support various type...

200+ Fake Retail Sites Used in New Wave of Subscription Scams

Bitdefender uncovers a massive surge in sophisticated subscription scams disguised as online shops and evolving mystery boxes. Learn…...

A Deep Dive into the Latest Version of Lumma InfoStealer

Unmasking the Evolving Threat: A Deep Dive into the Latest Version of Lumma InfoStealer with Code Flow Obfuscation By Mohideen Abdul Khader · April 21, 2025 Summary Lumma Stealer, first identified in 2022, remains a significant threat to this day, continuously evolving its tactics, techniques, an...

Inside the Take Command Summit 2025 Agenda: What’s in Store for This Year’s Event?

The cybersecurity landscape is shifting fast—ransomware is evolving, AI is reshaping security operations, and regulations are becoming more complex than ever. Security teams are under pressure to outpace adversaries, manage risk, and defend against sophisticated threats. That’s why Take Command...