Agent Name Service (ANS): a Universal Directory for Secure AI Agent Discovery and Interoperability

The proliferation of AI agents requires robust mechanisms for secure discovery. This paper introduces the Agent Name Service ANS, a novel architecture based on DNS addressing the lack of a public agent discovery framework. ANS provides a protocol-agnostic registry infrastructure that leverages...

Security and Privacy Measurement on Chinese Consumer IoT Traffic Based on Device Lifecycle

In recent years, consumer Internet of Things IoT devices have become widely used in daily life. With the popularity of devices, related security and privacy risks arise at the same time as they collect user-related data and transmit it to various service providers. Although China accounts for a...

Offensive Security for AI Systems: Concepts, Practices, and Applications

As artificial intelligence AI systems become increasingly adopted across sectors, the need for robust, proactive security strategies is paramount. Traditional defensive measures often fall short against the unique and evolving threats facing AI-driven technologies, making offensive security an...

PT-2025-22210

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer fault was reported in the xenbus thread callstack. The issue occurs when the req object is freed while the xenbus thread is still using it, causing a kernel NULL pointer...

UBUNTU-CVE-2025-23143

In the Linux kernel, the following vulnerability has been resolved: net: Fix null-ptr-deref by socklockinitclassandname and rmmod. When I ran the repro 0 and waited a few seconds, I observed two LOCKDEP splats: a warning immediately followed by a null-ptr-deref. 1 Reproduction Steps: 1 Mount CIFS...

[Free Webinar] Guide to Securing Your Entire Identity Lifecycle Against AI-Powered Threats

How Many Gaps Are Hiding in Your Identity System? It's not just about logins anymore. Today's attackers don't need to "hack" in—they can trick their way in. Deepfakes, impersonation scams, and AI-powered social engineering are helping them bypass traditional defenses and slip through unnoticed...

Saviynt EOL OVA（Saviynt End of Life OVA） 安全漏洞

Saviynt EOL OVA Saviynt End of Life OVA is a lifecycle component from Saviynt. A security vulnerability exists in Saviynt EOL OVA Saviynt End of Life OVA that stems from improper authorization and could result in unauthorized access to a local database...

Mining Characteristics of Vulnerable Smart Contracts across Lifecycle Stages

Smart contracts are the cornerstone of decentralized applications and financial protocols, which extend the application of digital currency transactions. The applications and financial protocols introduce significant security challenges, resulting in substantial economic losses. Existing solution...

Moderate: Red Hat Security Advisory: OpenJDK 11.0.27 ELS Security Update for Windows Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

Moderate: Red Hat Security Advisory: java-11-openjdk ELS security update

An update for java-11-openjdk with Extended Lifecycle Support is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Red Hat Enterprise Linux 9. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to a denial of service due to Apache CXF (CVE-2025-23184)

Summary There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2, xmlWS-3.0 or xmlWS-4.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin:...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper management of the gang directory lifecycle, which could lead to a leak...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted

Summary Software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerability which can allow remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser

Summary A vulnerability has been identified under which sensitive application information might be leaked to a remote attacker when a detailed technical error message is returned in the browser which is being used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by plaintext password fields which can leak sensitive information

Summary A vulnerability has been identified under which some password fields were used as plaintext causing un-intentional info leakage, which is being used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server Liberty container shipped with containerized IBM Security Guardium Key Lifecycle Manager 5.0 (GKLM) (CVE-2024-10963)

Summary WebSphere Application Server Liberty container is shipped as a component of containerized IBM Security Guardium Key Lifecycle Manager SKLM/GKLM. Information about a security vulnerability affecting WebSphere Application Server Liberty container has been published in a security bulletin...

[SECURITY] Fedora 41 Update: containerd-1.7.27-1.fc41

Containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the network subsystem not properly tracking kernel socket lifecycles, which could lead to reference counting...

The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment, related to the use of memory after it is released, allows a perpetrator to execute arbitrary code.

The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment related to simulation modeling of systems and processes involves the use of memory after it is released. Exploiting this vulnerability could allow an...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using WebSphere Application Server traditional is vulnerable to denial of service

Summary IBM WebSphere Application Server is vulnerable to a denial of service when a JSF application configured with Sun Reference Implementation 1.2 is deployed. Following IBM® Engineering Lifecycle Engineering products is vulnerable to this attack, it has been addressed in this bulletin: IBM...