ZERO-APT: A Closed-Loop Adversarial Framework for LLM-Driven Automated Penetration Testing under Intelligent Defense

LLM-driven automated penetration testing agents are typically evaluated against static targets that neither detect nor respond to attacks, so their behavior under intelligent defense remains untested. The causal consistency of multi-step attack chains likewise hinges on unstable LLM reasoning, an...

XekRung Technical Report

We present XekRung, a frontier large language model for cybersecurity, designed to provide comprehensive security capabilities. To achieve this, we develop diverse data synthesis pipelines tailored to the cybersecurity domain, enabling the scalable construction of high-quality training data and...

MiracleLinux 7 : libcmis-0.5.1-2.el7, libpagemaker-0.0.3-1.el7, mdds-0.12.1-1.el7, libreoffice-5.0.6.2-3.el7 (AXSA:2016-852:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-852:01 advisory. libcmis LibCMIS is a C client library for working with CM content management interfaces. The primary supported interface which gave the library its...

EUVD-2022-6918

Malicious code in bioql PyPI...

Beyond Uniform Criteria: Scenario-Adaptive Multi-Dimensional Jailbreak Evaluation

Precise jailbreak evaluation is vital for LLM red teaming and jailbreak research. Current approaches employ binary classification e.g., string matching, toxic text classifiers, LLM-driven methods, yielding only "yes/no" labels without quantifying harm intensity. Existing multi-dimensional...

Qualys TotalCloud Wins “Best Cloud Security Product” at 2025 SC Awards Europe

We’re proud to announce that Qualys TotalCloud has been named “Best Cloud Security Product” at the 2025 SC Awards Europe —a recognition of our relentless drive to unify, simplify, and modernize cloud security for enterprises across the globe. In today’s complex multi-cloud world, securing...

GSDFuse: Capturing Cognitive Inconsistencies from Multi-Dimensional Weak Signals in Social Media Steganalysis

The ubiquity of social media platforms facilitates malicious linguistic steganography, posing significant security risks. Steganalysis is profoundly hindered by the challenge of identifying subtle cognitive inconsistencies arising from textual fragmentation and complex dialogue structures, and th...

CVE-2022-35992

TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...

CVE-2022-35998

TensorFlow is an open source platform for machine learning. If EmptyTensorList receives an input elementshape with more than one dimension, it gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

GHSA-VM7X-4QHJ-RRCQ TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`

Impact When TensorListScatter and TensorListScatterV2 receive an elementshape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=2, 2, 2, dtype=tf.float16, maxval=None...

GHSA-QHW4-WWR7-GJC5 TensorFlow vulnerable to `CHECK` fail in `EmptyTensorList`

Impact If EmptyTensorList receives an input elementshape with more than one dimension, it gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf tf.rawops.EmptyTensorListelementshape=tf.onesdtype=tf.int32, shape=1, 0,...

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which originates when EmptyTensorList receives an input elementshape with multiple dimensions and it gives an assertion of failure. An...

PT-2022-23096 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue arises when EmptyTensorList receives an input element shape with more...

Apache Kylin Input Validation Error Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface on top of Hadoop/Spark and multi-dimensional analysis OLAP and other functions. Apache kylin has an input validation error vulnerability, which stems from...

Weak Password Vulnerability in Tianrongxin Network Audit System

TA-Net supports multi-dimensional fine-grained network behavior and traffic audit analysis. There is a weak password vulnerability in TA-Net Audit System, which can be exploited by attackers to obtain sensitive information...

Apache Kylin Information Disclosure Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Software Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multi-dimensional analysis OLAP and other functions. Apache Kylin exists an information disclosure vulnerability,...

The Doghouse: Crown Sterling

A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic "snake oil." I dropped it both because it stopped being fun and because almost everyone converged on...

[SECURITY] Fedora 30 Update: numpy-1.16.3-1.fc30

NumPy is a general-purpose array-processing package designed to efficiently manipulate large multi-dimensional arrays of arbitrary records without sacrificing too much speed for small multi-dimensional arrays. NumPy is built on the Numeric code base and adds features introduced by numarray as wel...

SQL Injection Vulnerability in Multiple Evaluation System

Xiamen Phoenix Chuangyi Software Co., Ltd. is mainly committed to the Internet three-dimensional dynamic interactive software platform research, development, application and promotion. There is a SQL injection vulnerability in the Multi-dimensional Evaluation System. The vulnerability allows an...

[SECURITY] Fedora 19 Update: numpy-1.7.2-8.fc19

NumPy is a general-purpose array-processing package designed to efficiently manipulate large multi-dimensional arrays of arbitrary records without sacrificing too much speed for small multi-dimensional arrays. NumPy is built on the Numeric code base and adds features introduced by numarray as wel...