[SECURITY] Fedora 44 Update: libmicrohttpd-1.0.5-1.fc44

GNU libmicrohttpd is a small C library that is supposed to make it easy to run an HTTP server as part of another application. Key features that distinguish libmicrohttpd from other projects are: C library: fast and small API is simple, expressive and fully reentrant Implementation is http 1.1...

[SECURITY] Fedora 44 Update: qt6-qtscxml-6.10.3-1.fc44

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

EUVD-2026-25333

OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution approval via config.patch parameter. Remote attackers can exploit this to bypass security controls and execute unauthorized operations without user consent...

Flowise Information Disclosure Vulnerability

Flowise is a FlowiseAI open source tool for easily building LLM applications. Flowise suffers from an information disclosure vulnerability caused by a flaw in the /api/v1/public-chatflows/:id endpoint that can be exploited by an attacker to obtain sensitive information...

EUVD-2025-209567

Yadea T5 Electric Bicycles models manufactured in/after 2024 have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal...

Important: Red Hat Security Advisory: Red Hat Enterprise Linux AI 3.3.1

Red Hat Enterprise Linux AI 3.3.1 is now available. Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models LLMs for enterprise applications...

Important: Red Hat Security Advisory: Red Hat Enterprise Linux AI 3.3.1

Red Hat Enterprise Linux AI 3.3.1 is now available. Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models LLMs for enterprise applications...

A Sociotechnical, Practitioner-Centered Approach to Technology Adoption in Cybersecurity Operations: An LLM Case

Technology for security operations centers SOCs has a storied history of slow adoption due to concerns about trust and reliability. These concerns are amplified with artificial intelligence, particularly large language models LLMs, which exhibit issues such as hallucinations and inconsistent...

Transient Turn Injection: Exposing Stateless Multi-Turn Vulnerabilities in Large Language Models

Large language models LLMs are increasingly integrated into sensitive workflows, raising the stakes for adversarial robustness and safety. This paper introduces Transient Turn InjectionTTI, a new multi-turn attack technique that systematically exploits stateless moderation by distributing...

CVE-2025-70994

Yadea T5 Electric Bicycles models manufactured in/after 2024 have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal...

📄 Keras 3.13.0 Malicious ML Model Server HDF5 Shape Bomb

This script is a Flask-based web server that distributes .keras machine learning model files, but it is designed in a malicious way for security research/testing scenarios. The main idea is a denial of service via memory exhaustion, where generated Keras models contain artificially declared...

Risk Models As Mediating Artifacts: A Postphenomenological Analysis of the CIIM Framework in Cybersecurity Practice

This article applies postphenomenological theory to the field of cybersecurity risk management, arguing that formal risk models function as mediating artifacts that shape how security practitioners or analysts perceive, interpret, and act on threats. Based on Don Ihde's taxonomy on human-technolo...

AutoRISE: Agent-Driven Strategy Evolution for Red-Teaming Large Language Models

Automated red-teaming methods for large language models typically optimize attack prompts within a fixed, human-designed strategy, leaving the attack strategy itself unchanged. We instead optimize the strategy. We propose AutoRISE, a method that searches over executable attack programs rather tha...

EUVD-2026-24752

A flaw was found in InstructLab. The linuxtrain.py script hardcodes trustremotecode=True when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run ilab train/download/generate with a specially crafted malicious model...

Inclusion of Functionality from Untrusted Control Sphere

Overview instructlab is a Core package for interacting with InstructLab Affected versions of this package are vulnerable to Inclusion of Functionality from Untrusted Control Sphere via default trustremotecode=True for loading models from HuggingFacein in linuxtrain.py file. An attacker can execut...

@saltcorn/admin-models (>=1.5.0 <=1.5.0-rc.2), @saltcorn/base-plugin (>=1.5.0 <=1.5.0-rc.2) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.5.0-beta.0 <=1.5.0)

@saltcorn/data NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0-rc.2 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-16318351...

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-alpha.17), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-alpha.17) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-alpha.9)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.17 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-16318351...

CVE-2026-6859

A flaw was found in InstructLab. The linuxtrain.py script hardcodes trustremotecode=True when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run ilab train/download/generate with a specially crafted malicious model...

CVE-2026-6859 Instructlab: instructlab: arbitrary code execution due to hardcoded `trust_remote_code=true`

A flaw was found in InstructLab. The linuxtrain.py script hardcodes trustremotecode=True when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run ilab train/download/generate with a specially crafted malicious model...

CVE-2026-6859

A flaw was found in InstructLab. The linuxtrain.py script hardcodes trustremotecode=True when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run ilab train/download/generate with a specially crafted malicious model...