CVE-2026-27683 Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact...

CVE-2026-24318 Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

PT-2026-32551

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

This Week in Spring - April 14th, 2026

Hi, Spring fans! ¡Hola from Barcelona, Spain! I'm at the amazing Spring I/O event, hanging out with some of the amazing Spring ecosystem developers! Life is amazing here in the warm sun of springtime. There's a lot to look at this week, so let's dive right into it! Another nice tutorial on how to...

nanobot 安全漏洞

Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.1.5 contained a security vulnerability; this vulnerability stemmed from the WebSocket server not verifying the Origin header, which could lead to cross-site WebSocket hijacking...

Decepticon

⚡ Decepticon — Autonomous Multi-Agent Offensive Security !L...

Zero Day Quest 2026: $2.3 million awarded for vulnerability research

Protecting customers is at the core of Zero Day Quest. During the 2026 live hacking event, Microsoft partnered with the global security research community, representing more than 20 countries and a wide range of professional backgrounds, from high school students to college professors. Together,...

Beyond RAG for Cyber Threat Intelligence: A Systematic Evaluation of Graph-Based and Agentic Retrieval

Cyber threat intelligence CTI analysts must answer complex questions over large collections of narrative security reports. Retrieval-augmented generation RAG systems help language models access external knowledge, but traditional vector retrieval often struggles with queries that require reasonin...

Identity Protection in the AI Era

Enterprises aiming to predict and mitigate human, machine, and AI‑agent risks at scale demand AI‑powered identity‑first security without compromise...

infosec-notebook

infosec-notebook Personal cybersecurity notes and references...

Arbitrary Code Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Code Injection in the executecodedirect function when the AST-based filtering mechanism fails to block dangerous attribute access...

Important: Red Hat Security Advisory: RHOAI 2.16.4 - Red Hat OpenShift AI

Updated images are now available for Red Hat OpenShift AI. Release of RHOAI 2.16.4 provides these changes:...

The Mythos Inflection Point: Dealing With the Upcoming Vulnerability Disclosure Avalanche and Compressed Exploitation Window

Having spent years at Qualys working on vulnerability risk and remediation management, I have watched the disclosure and remediation cycles from every angle. I have seen vulnerability researchers find a critical flaw in OpenSSH and the industry scramble to respond. I have seen organizations...

The Increasing Role of AI in Vulnerability Research

At Wordfence, we run a bug bounty program that pays out mid-six figures per year to researchers in bug bounties for WordPress related vulnerabilities. Funding this research helps us improve security for the WordPress community overall, and helps us secure our customers by rolling out protection f...

[Video] The TTP Ep. 22: The Collapse of the Patch Window

!\Video\ The TTP Ep. 22: The Collapse of the Patch Windowhttps://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/04/YiR2025cover2x1-3.jpg One of the clearest trends in the 2025 Talos Year in Review is just how quickly vulnerabilities are now being turned into...

Claude Mythos: Preparing for a World Where AI Finds and Exploits Vulnerabilities Faster Than Ever

Anthropic's new model can autonomously discover zero-days and develop working exploits. While access is currently limited to responsible actors, now is the time to strengthen response playbooks, reduce exposure, and incorporate AI into security programs...

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI...

Sen. Sanders Talks to Claude About AI and Privacy

Claude is actually pretty good on the issues...

Why AI-Powered Vulnerability Discovery Strengthens Akamai's Security Mission

...

ChatGPT, Is This Real? the Influence of Generative AI on Writing Style in Top-Tier Cybersecurity Papers

With the release of ChatGPT in 2022, generative AI has significantly lowered the cost of polishing and rewriting text. Due to its widespread usage, conference organizers instated specific requirements researchers need to adhere to when using GenAI. When asked to rewrite text, GenAI can introduce...