CVE-2026-30859 WeKnora: Broken Access Control - Cross-Tenant Data Exposure

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

CVE-2026-30859

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, mod...

CVE-2026-30859

WeKnora prior to version 0.2.12 suffers broken access control in the database query tool, allowing any authenticated tenant to read data from other tenants (models, messages, embeddings) including API keys and model configurations due to failure to enforce tenant isolation on critical tables. The...

WeKnora has Broken Access Control - Cross-Tenant Data Exposure

Summary A broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, model configurations, and private messages. The application fails to enforce tenant isolation on critical tables models,...

GHSA-2F4C-VRJQ-RCGV WeKnora has Broken Access Control - Cross-Tenant Data Exposure

Summary A broken access control vulnerability in the database query tool allows any authenticated tenant to read sensitive data belonging to other tenants, including API keys, model configurations, and private messages. The application fails to enforce tenant isolation on critical tables models,...

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence AI-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed...

Before You Hand over the Wheel: Evaluating LLMs for Security Incident Analysis

Security incident analysis SIA poses a major challenge for security operations centers, which must manage overwhelming alert volumes, large and diverse data sources, complex toolchains, and limited analyst expertise. These difficulties intensify because incidents evolve dynamically and require...

Improved Leakage Abuse Attacks in Searchable Symmetric Encryption with EBPF Monitoring

Searchable Symmetric Encryption SSE allows users to search over encrypted data stored on untrusted servers, like cloud providers. While SSE hides the content of queries and documents, it still leaks patterns, such as how often a query is made. These leakages have been shown to enable leakage abus...

PT-2026-23802

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.2.12 Description WeKnora is a framework for deep document understanding and semantic retrieval. A broken access control issue in the database query tool allows any authenticated tenant to read sensitive data belongi...

SecureRAG-RTL: A Retrieval-Augmented, Multi-Agent, Zero-Shot LLM-Driven Framework for Hardware Vulnerability Detection

Large language models LLMs have shown remarkable capabilities in natural language processing tasks, yet their application in hardware security verification remains limited due to scarcity of publicly available hardware description language HDL datasets. This knowledge gap constrains LLM performan...

📄 Honeywell Trend IQ4 Unauthenticated Add Admin

This Metasploit module exploits an insecure default configuration in Honeywell Trend IQ4 controllers. By default, these devices do not enforce authentication, allowing a remote user to enable the User Module and create a new administrative account. Note: This action permanently changes the device...

CVE-2026-26478

A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...

CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts

Log data are essential for intrusion detection and forensic investigations. However, manual log analysis is tedious due to high data volumes, heterogeneous event formats, and unstructured messages. Even though many automated methods for log analysis exist, they usually still rely on domain-specif...

Apple Security Update: iOS 18.7.6

Apple recommends to install security update iOS 18.7.6 on devices iPhone XS, iPhone XS Max, iPhone XR...

CVE-2025-62814

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of fthandle in loadfwutcvector causes a denial of service...

Seeing AI Clearly: Building Visibility Across Modern AI Applications

AI applications span models, agents, and cloud environments in ways traditional security tools weren’t designed to understand. Here’s why visibility breaks — and how a new, implementation-agnostic approach helps teams safely adopt AI...

CVE-2025-62814

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of fthandle in loadfwutcvector causes a denial of service...

CVE-2025-62817

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session-ncphdrbuf in pilotparsingncp causes a denial of service...

Kraken: Higher-Order EM Side-Channel Attacks on DNNs in near and Far Field

The multi-million dollar investment required for modern machine learning ML has made large ML models a prime target for theft. In response, the field of model stealing has emerged. Attacks based on physical side-channel information have shown that DNN model extraction is feasible, even on CUDA...

CVE-2025-62814

The CVE identifies a NULL pointer dereference in the Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400 series, specifically in ft_handle within load_fw_utc_vector(), which can cause a denial of service. Affected components are the Exynos mobile processors listed; the underlying cau...