AEGIS: White-Box Attack Path Generation Using LLMs and Training Effectiveness Evaluation for Large-Scale Cyber Defence Exercises

Creating attack paths for cyber defence exercises requires substantial expert effort. Existing automation requires vulnerability graphs or exploit sets curated in advance, limiting where it can be applied. We present AEGIS, a system that generates attack paths using LLMs, white-box access, and...

Now You Hear Me: Audio Narrative Attacks against Large Audio-Language Models

Large audio-language models increasingly operate on raw speech inputs, enabling more seamless integration across domains such as voice assistants, education, and clinical triage. This transition, however, introduces a distinct class of vulnerabilities that remain largely uncharacterized. We exami...

No More, No Less: Least-Privilege Language Models

Least privilege is a core security principle: grant each request only the minimum access needed to achieve its goal. Deployed language models almost never follow it, instead being exposed through a single API endpoint that serves all users and requests. This gap exists not because least privilege...

Evaluating Large Language Models for Security Bug Report Prediction

Early detection of security bug reports SBRs is critical for timely vulnerability mitigation. We present an evaluation of prompt-based engineering and fine-tuning approaches for predicting SBRs using Large Language Models LLMs. Our findings reveal a distinct trade-off between the two approaches...

Sifting the Noise: A Comparative Study of LLM Agents in Vulnerability False Positive Filtering

Static Application Security Testing SAST tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives FPs, imposing a substantial manual triage burden on developers. Recent advances in Large Language Model LLM agents offer a promising...

The Semantic Trap: Do Fine-Tuned LLMs Learn Vulnerability Root Cause or Just Functional Pattern?

LLMs demonstrate promising performance in software vulnerability detection after fine-tuning. However, it remains unclear whether these gains reflect a genuine understanding of vulnerability root causes or merely an exploitation of functional patterns. In this paper, we identify a critical failur...

Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries

A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence AI deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries. These...

Op Bizarre Bazaar: New LLMjacking Campaign Targets Unprotected Models

Pillar Security Research has discovered Operation Bizarre Bazaar, a massive cyberattack campaign led by a hacker known as Hecker. Between December 2025 and January 2026, over 35,000 sessions were recorded targeting AI systems to steal compute power and resell access via silver.inc...

ReasoningBomb: A Stealthy Denial-Of-Service Attack by Inducing Pathologically Long Reasoning in Large Reasoning Models

Large reasoning models LRMs extend large language models with explicit multi-step reasoning traces, but this capability introduces a new class of prompt-induced inference-time denial-of-service PI-DoS attacks that exploit the high computational cost of reasoning. We first formalize inference cost...

A Systematic Literature Review on LLM Defenses against Prompt Injection and Jailbreaking: Expanding NIST Taxonomy

The rapid advancement and widespread adoption of generative artificial intelligence GenAI and large language models LLMs has been accompanied by the emergence of new security vulnerabilities and challenges, such as jailbreaking and other prompt injection attacks. These maliciously crafted inputs...

Stealthy Poisoning Attacks Bypass Defenses in Regression Settings

Regression models are widely used in industrial processes, engineering and in natural and physical sciences, yet their robustness to poisoning has received less attention. When it has, studies often assume unrealistic threat models and are thus less useful in practice. In this paper, we propose a...

Hardware-Triggered Backdoors

Machine learning models are routinely deployed on a wide range of computing hardware. Although such hardware is typically expected to produce identical results, differences in its design can lead to small numerical variations during inference. In this work, we show that these variations can be...

NETGEAR’s various products have security vulnerabilities

NETGEAR R6260 is a product of the American company NETGEAR. The NETGEAR R6260 is a router. The NETGEAR R6230 is also a router. Netgear R7000 is another product of NETGEAR. The Netgear R7000 is a wireless router. Several NETGEAR products have security vulnerabilities. These vulnerabilities stem fr...

CVE-2022-40620

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...

Anthropic Agent Skills Support in Spring AI

In this blog, we show how using Spring AI, we can integrate with Anthropic's Native Skills API for Cloud-Based Document Generation and Custom Skills. Spring AI adds support for Anthropic's Agent Skills — modular capabilities that let Claude generate actual files rather than text descriptions. Wit...

User-Centric Phishing Detection: A RAG and LLM-Based Approach

The escalating sophistication of phishing emails necessitates a shift beyond traditional rule-based and conventional machine-learning-based detectors. Although large language models LLMs offer strong natural language understanding, using them as standalone classifiers often yields elevated...

CVE-2026-22773

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker can exploit this vulnerability by sending a specially crafted 1x1 pixel image to a vLLM engine serving multimodal models that use the Idefics3 vision model implementation. This leads to a...

MalURLBench: A Benchmark Evaluating Agents' Vulnerabilities When Processing Web URLs

LLM-based web agents have become increasingly popular for their utility in daily life and work. However, they exhibit critical vulnerabilities when processing malicious URLs: accepting a disguised malicious URL enables subsequent access to unsafe webpages, which can cause severe damage to service...

Cross-site Scripting (XSS)

Overview @saltcorn/admin-models is a models only required by the admin interface for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to Cross-site Scripting XSS and code execution, via the name parameter on the /admin/edit-codepage endpoint and improper...

@saltcorn/cli (>=1.5.0-beta.0 <=1.5.0-beta.18), @saltcorn/mobile-builder (>=1.5.0-beta.0 <=1.5.0-beta.18) +1 more potentially affected by unknown CVE via @saltcorn/admin-models (>=1.5.0-beta.0 <=1.5.0-beta.18)

@saltcorn/admin-models NPM version =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.18 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNADMINMODELS-15126138...