79 matches found
Honeyval: A Comprehensive Evaluation Framework for LLM-Powered HTTP Honeypots
Honeypots are decoy systems mimicking real system components designed to defend against cyber attacks. Recently, LLMs increasingly serve as simulation backbones for honeypots. They enable defenders to construct high-interaction honeypots with low system security risks. However, LLM-powered honeyp...
EUVD-2026-32401
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series "mm/damon/core: validate damosquotagoal-nid". nodememcgused,freebp DAMOS quota goals receive the node id. The node id is used for simeminfonode and...
Astra Linux - уязвимость в firefox, thunderbird
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking, violating the WebAuthn goals. This vulnerability affect...
Training a General Purpose Automated Red Teaming Model
Automated methods for red teaming LLMs are an important tool to identify LLM vulnerabilities that may not be covered in static benchmarks, allowing for more thorough probing. They can also adapt to each specific LLM to discover weaknesses unique to it. Most current automated red teaming methods a...
Applying security fundamentals to AI: Practical advice for CISOs
What to know about the era of AI The first thing to know is that AI isn’t magic The best way to think about how to effectively use and secure a modern AI system is to imagine it like a very new, very junior person. It’s very smart and eager to help but can also be extremely unintelligent. Like a...
Predicting 2026
Welcome to this week's edition of the Threat Source newsletter. It's become traditional at this time of year to make predictions about cybersecurity for the coming year. Obviously, no one has a crystal ball to predict the future, and if they did, they would be quietly making a fortune rather than...
Cybersecurity Performance Goals 2.0 for Critical Infrastructure
Today, CISA released updated Cross-Sector Cybersecurity Performance Goals CPG 2.0 with measurable actions for critical infrastructure owners and operators to achieve a foundational level of cybersecurity. This update incorporates lessons learned, aligns with the most recent National Institute of...
Exploring AI in Steganography and Steganalysis: Trends, Clusters, and Sustainable Development Potential
Steganography and steganalysis are strongly related subjects of information security. Over the past decade, many powerful and efficient artificial intelligence AI - driven techniques have been designed and presented during research into steganography as well as steganalysis. This study presents a...
Introducing Spring AI Agents and Spring AI Bench
I'd like to introduce two new projects that are part of the Spring AI Community GitHub organization: Spring AI Agents, and Spring AI Bench. These two projects focus on using agentic coding tools—tools you likely already have in your enterprise. In 2025 AI coding agents have matured to the point...
CVE-2025-60932
Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
CVE-2025-60933
Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
CVE-2025-60933
CVE-2025-60933 affects HR Performance Solutions Performance Pro v3.19.17. The vulnerability is stored XSS in the Future Goals function, allowing an attacker to inject arbitrary web scripts/HTML via crafted payloads into Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, ...
HR Performance Solutions Performance Pro 安全漏洞
HR Performance Solutions Performance Pro is an employee performance management platform from HR Performance USA. A security vulnerability exists in Performance Pro version v3.19.17, which stems from improper handling of the Goal Name, Goal Notes, Action Step Name, Action Step Description, Note...
CVE-2025-60932
Multiple stored cross-site scripting XSS vulnerabilities in the Current Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
EUVD-2025-35169
Multiple stored cross-site scripting XSS vulnerabilities in the Future Goals function of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Goal Name, Goal Notes, Action Step Name, Action Step...
Agentic Misalignment: How LLMs Could Be Insider Threats
We stress-tested 16 leading models from multiple developers in hypothetical corporate environments to identify potentially risky agentic behaviors before they cause real harm. In the scenarios, we allowed models to autonomously send emails and access sensitive information. They were assigned only...
EUVD-2025-15371
Malicious code in bioql PyPI...
Malicious code in test-mlw2-goals-imago (npm)
The package test-mlw2-goals-imago was found to contain malicious code...
MAL-2025-35431 Malicious code in test-mlw2-goals-imago (npm)
The package test-mlw2-goals-imago was found to contain malicious code...
Simulation in Cybersecurity: Understanding Techniques, Applications, and Goals
Modeling and simulation are widely used in cybersecurity research to assess cyber threats, evaluate defense mechanisms, and analyze vulnerabilities. However, the diversity of application areas, the variety of cyberattacks scenarios, and the differing objectives of these simulations makes it...