Differentially Private Bilevel Optimization: Efficient Algorithms with Near-Optimal Rates

Whitepaper called Differentially Private Bilevel Optimization: Efficient Algorithms With Near-Optimal Rates...

The Amazon Nova Family of Models: Technical Report and Model Card

We present Amazon Nova, a new generation of state-of-the-art foundation models that deliver frontier intelligence and industry-leading price performance. Amazon Nova Pro is a highly-capable multimodal model with the best combination of accuracy, speed, and cost for a wide range of tasks. Amazon...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ncr Terminal_Handler

💼 Breaking Bank-Grade Software: My Public CVE Disclosures in N...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL bsc1228557. CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serializatio...

Generate-Then-Verify: Reconstructing Data from Limited Published Statistics

Whitepaper called Generate-Then-Verify: Reconstructing Data From Limited Published Statistics...

📄 Laravel Pulse 1.3.1 Arbitrary Code Injection

Laravel Pulse version 1.3.1 suffers from an arbitrary code injection vulnerability. !/usr/bin/env python3 Exploit Title: Laravel Pulse 1.3.1 - Arbitrary Code Injection Author: Mohammed Idrees Banyamer @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: Laravel Pulse...

Mind the Gap: Revealing Security Barriers through Situational Awareness of Small and Medium Business Key Decision-Makers

Key decision-makers in small and medium businesses SMBs often lack the awareness and knowledge to implement cybersecurity measures effectively. To gain a deeper understanding of how SMB executives navigate cybersecurity decision-making, we deployed a mixed-method approach, conducting...

The Complexity of the SupportMinors Modeling for the MinRank Problem

In this note, we provide proven estimates for the complexity of the SupportMinors Modeling, mostly confirming the heuristic complexity estimates contained in the original article...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-5419link is external Google Chromium V8 Out-of-Bounds Read and Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber...

Synchronic Web Digital Identity: Speculations on the Art of the Possible

As search, social media, and artificial intelligence continue to reshape collective knowledge, the preservation of trust on the public infosphere has become a defining challenge of our time. Given the breadth and versatility of adversarial threats, the best--and perhaps only--defense is an equall...

Roundcube Webmail 1.6.7 Cross Site Scripting

Roundcube Webmail versions 1.6.7 and below email capture listener and cross site scripting proof of concept exploit...

PHP Exec, PHP Command Shell, Bind TCP (via Perl)

Execute a PHP payload from a command. Listen for a connection and spawn a command shell via perl persistent Module Options msf use payload/cmd/unix/php/bindperl msf payloadbindperl show actions ...actions... msf payloadbindperl set ACTION msf payloadbindperl show options ...show and set options...

📄 eCharge Hardy Barth cPH2 / cPP2 Charging Stations 2.2.0 Command Injection / Backdoor

eCharge Hardy Barth cPH2 and cPP2 Charging Stations version 2.2.0 suffer from missing authentication, OS command injection, backdoor user accounts, backdoor functionality, and hardcoded key vulnerabilities. SEC Consult Vulnerability Lab Security Advisory...

Scrapers Selectively Respect Robots.Txt Directives: Evidence from a Large-Scale Empirical Study

Online data scraping has taken on new dimensions in recent years, as traditional scrapers have been joined by new AI-specific bots. To counteract unwanted scraping, many sites use tools like the Robots Exclusion Protocol REP, which places a robots.txt file at the site root to dictate scraper...

Bypassing MTE with CVE-2025-0072

Memory Tagging Extension MTE is an advanced memory safety feature that is intended to make memory corruption vulnerabilities almost impossible to exploit. But no mitigation is ever completely airtight--especially in kernel code that manipulates memory at a low level. Last year, I wrote about...

JALMBench: Benchmarking Jailbreak Vulnerabilities in Audio Language Models

Whitepaper called JALMBench: Benchmarking Jailbreak Vulnerabilities In Audio Language Models...

OESA-2025-1514 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fix kmemleak in blkmqinitallocatedqueue There is a kmemleak caused by modprobe nullblk.ko unreferenced object 0xffff8881acb1f000 size 1024: comm...

Valida ISA Spec, Version 1.0: a Zk-Optimized Instruction Set Architecture

The Valida instruction set architecture is designed for implementation in zkVMs to optimize for fast, efficient execution proving. This specification intends to guide implementors of zkVMs and compiler toolchains for Valida. It provides an unambiguous definition of the semantics of Valida program...

Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver

SAP CVE-2025-31324 Check Overview This template is designe...

Economic Security of Multiple Shared Security Protocols

Whitepaper called Economic Security Of Multiple Shared Security Protocols...