Vajra

⚡ Vajra ██╗ ██╗ █████╗ ██╗██████╗ █████╗ ██║...

Firefox Will Give Users an AI Kill Switch for Better Privacy

Not everyone wants AI in their browser. Firefox 148 is introducing easy toggles to disable chatbots and AI tab grouping. Discover how Mozilla is prioritising user choice and privacy in its latest 2026 update...

SoK: DARPA'S AI Cyber Challenge (AIxCC): Competition Design, Architectures, and Lessons Learned

DARPA's AI Cyber Challenge AIxCC, 2023--2025 is the largest competition to date for building fully autonomous cyber reasoning systems CRSs that leverage recent advances in AI -- particularly large language models LLMs -- to discover and remediate vulnerabilities in real-world open-source software...

GHSA-WJP5-868J-WQV7 Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL

Summary A Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling the...

Trojans in Artificial Intelligence (TrojAI) Final Report

The Intelligence Advanced Research Projects Activity IARPA launched the TrojAI program to confront an emerging vulnerability in modern artificial intelligence: the threat of AI Trojans. These AI trojans are malicious, hidden backdoors intentionally embedded within an AI model that can cause a...

Viral AI, Invisible Risks: What OpenClaw Reveals About Agentic Assistants

OpenClaw aka Clawdbot or Moltbot represents a new frontier in agentic AI: powerful, highly autonomous, and surprisingly easy to use. In this research, we examine how its capabilities compare to its predecessors’ and highlight the security risks inherent to the agentic AI paradigm...

CVE-2026-1927

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...

CVE-2026-25757

creationtimestamp| type| source ---|---|--- 2026-02-05 13:46:30+00:00| published-proof-of-concept| https://github.com/spree/spree/security/advisories/GHSA-p6pv-q7rc-g4h9 2026-03-06 20:09:04+00:00| seen|...

CVE-2026-1927

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...

CVE-2026-1927 GreenShift - Animation and Page Builder Blocks <= 12.6 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the greenshiftapppassvalidation function in all versions up to, and including, 12.6. This makes it possible for authenticated attackers, with...

CVE-2026-1927

CVE-2026-1927 affects the Greenshift – animation and page builder blocks plugin for WordPress (versions up to and including 12.5.7). The root cause is a missing capability check in the greenshift_app_pass_validation() function, allowing authenticated attackers with Subscriber-level access and abo...

Exploit for CVE-2026-25253

OpenClaw Security Monitor Proactive security monitoring, thre...

Top AI Tools for Red Teaming in 2026

Red teaming has undergone a radical evolution. Modern organizations can no longer rely solely on human creativity or…...

Identifying Adversary Tactics and Techniques in Malware Binaries with an LLM Agent

Understanding TTPs Tactics, Techniques, and Procedures in malware binaries is essential for security analysis and threat intelligence, yet remains challenging in practice. Real-world malware binaries are typically stripped of symbols, contain large numbers of functions, and distribute malicious...

Tanium Reputation 安全漏洞

Tanium Reputation is a threat intelligence integration engine developed by the American company Tanium. Tanium Reputation has a security vulnerability, which stems from improper access control practices...

CERTFR-2026-CTI-001

creationtimestamp| type| source ---|---|--- 2026-02-04 13:00:41+00:00| seen| https://social.numerique.gouv.fr/users/certfr/statuses/116012485069158031...

Firefox is giving users the AI off switch

Some software providers have decided to lead by example and offer users a choice about the Artificial Intelligence AI features built into their products. The latest example is Mozilla, which now offers users a one-click option to disable generative AI features in the Firefox browser. Audiences ar...

Exposed AWS Credentials Lead to AI-Assisted Cloud Breach in 8 Minutes

Researchers recently tracked a high-speed cloud attack where an intruder gained full admin access in just eight minutes. Discover how AI automation and a simple storage error led to a major security breach...

Rapid7 vs. Hive Pro: A Head-to-Head Comparison

See how Rapid7 and Hive Pro compare in features, setup, pricing, and threat intelligence to help you choose the right threat exposure management platform. Threat intelligence and Business context are the secret sauces that transform vulnerability management from a frantic game of whack-a-mole int...

cosmos-predict2 (>=1.0.6 <=1.0.9), frankenstein-model (>=5.1.6 <=5.3.9) +11 more potentially affected by CVE-2026-24149 via megatron-core (>=0.10.0 <=0.13.1)

megatron-core PYPI version =0.10.0, =1.0.6, =5.1.6, =0.4.0, =1.0.0, =2.0.8, =2.0.8, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.5, =5.0.4 Source cves: CVE-2026-24149 Source advisory: SNYK:PYTHON-MEGATRONCORE-15248398...