CVE-2026-1743

A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be carried out from...

Lexmark多款产品 安全漏洞

The Lexmark CX410 is a product of the American company Lexmark. The Lexmark CX410 is a printer. The Lexmark CX510 is a multifunctional printer. The Lexmark CX82x is a multifunctional printer. Several products from Lexmark have security vulnerabilities; these vulnerabilities stem from the Postscri...

SAMSUNG多款产品 安全漏洞

SAMSUNG Mobile Processor and SAMSUNG Wearable Processor are both products of South Korean company Samsung. The SAMSUNG Mobile Processor is a series of mobile processors. The SAMSUNG Wearable Processor is a series of wearable processors. Several Samsung products have security vulnerabilities. Thes...

CVE-2025-58340

CVE-2025-58340 affects Samsung’s Wi‑Fi driver for the Exynos family (980/850/1080/1280/1330/1380/1480/1580, W920/W930/W1000). The issue is an unbounded memory allocation caused by a large buffer in a /proc/driver/unifi0/send_delts write operation, leading to kernel memory exhaustion. The NVD/Red ...

SAMSUNG多款产品 安全漏洞

SAMSUNG Mobile Processor and SAMSUNG Wearable Processor are both products of South Korean company Samsung. The SAMSUNG Mobile Processor is a series of mobile processors. The SAMSUNG Wearable Processor is a series of wearable processors. Several SAMSUNG products have security vulnerabilities. Thes...

CVE-2025-69430

An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...

SAMSUNG多款产品 安全漏洞

SAMSUNG Mobile Processor and SAMSUNG Wearable Processor are both products of South Korean company Samsung. The SAMSUNG Mobile Processor is a series of mobile processors. The SAMSUNG Wearable Processor is a series of wearable processors. Several SAMSUNG products have security vulnerabilities. Thes...

Lexmark 安全漏洞

Lexmark is a series of printers produced by the American company Lexmark. Several Lexmark products have security vulnerabilities, which stem from relative path traversal in the embedded solution framework, potentially allowing for the execution of arbitrary code. The following products are...

Insertion of Sensitive Information into Log File

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the videourl parameter, which allows remote files to be fetched and processed. An attacker can...

CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

The Trigger in the Haystack: Extracting and Reconstructing LLM Backdoor Triggers

Detecting whether a model has been poisoned is a longstanding problem in AI security. In this work, we present a practical scanner for identifying sleeper agent-style backdoors in causal language models. Our approach relies on two key findings: first, sleeper agents tend to memorize poisoning dat...

PT-2026-5709

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

Co-RedTeam: Orchestrated Security Discovery and Exploitation with LLM Agents

Large language models LLMs have shown promise in assisting cybersecurity tasks, yet existing approaches struggle with automatic vulnerability discovery and exploitation due to limited interaction, weak execution grounding, and a lack of experience reuse. We propose Co-RedTeam, a security-aware...

Amazon SageMaker Python SDK 安全漏洞

Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v3.1.1 and v2.256.0 contained security vulnerabilities. These vulnerabilities stemmed from the disabli...

Toxic_Flow_Analysis_Framework_For_Agentic_AI

Toxic Flow Analysis TFA Framework A Secure-by-Design framew...

Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses. The activity, observed by HarfangLab in January 2026, has been codenamed...

From Detection to Prevention: Explaining Security-Critical Code to Avoid Vulnerabilities

Security vulnerabilities often arise unintentionally during development due to a lack of security expertise and code complexity. Traditional tools, such as static and dynamic analysis, detect vulnerabilities only after they are introduced in code, leading to costly remediation. This work explores...

Jailbreaking LLMs Via Calibration

Safety alignment in Large Language Models LLMs often creates a systematic discrepancy between a model's aligned output and the underlying pre-aligned data distribution. We propose a framework in which the effect of safety alignment on next-token prediction is modeled as a systematic distortion of...

Semantic-Aware Advanced Persistent Threat Detection Using Autoencoders on LLM-Encoded System Logs

Advanced Persistent Threats APTs are among the most challenging cyberattacks to detect. They are carried out by highly skilled attackers who carefully study their targets and operate in a stealthy, long-term manner. Because APTs exhibit "low-and-slow" behavior, traditional statistical methods and...

Okara: Detection and Attribution of TLS Man-In-The-Middle Vulnerabilities in Android Apps with Foundation Models

Transport Layer Security TLS is fundamental to secure online communication, yet vulnerabilities in certificate validation that enable Man-in-the-Middle MitM attacks remain a pervasive threat in Android apps. Existing detection tools are hampered by low-coverage UI interaction, costly...