Semantic Multi-Agent Intrusion Detection for IoT:Zero-Day and Adversarial Threats with Risk-Aware Reasoning

The rapid proliferation of Internet of Things IoT devices has enabled unprecedented automation and connectivity, but it has also substantially increased the attack surface, exposing networks to sophisticated cyber threats, including zero-day and adversarial intrusions. Traditional Intrusion...

FuzzPilot: Plateau-Triggered Recipe Validation for Structured Text Fuzzing

FuzzPilot is a controller for AFL++ that moves expensive reasoning out of the mutation hot path. When coverage plateaus, it snapshots the corpus, prepares candidate mutation recipes, evaluates them in short isolated AFL++ micro-campaigns, and promotes only recipes with positive validation reward...

VIPER-MCP: Detecting and Exploiting Taint-Style Vulnerabilities in Model Context Protocol Servers

Model Context Protocol MCP has emerged as a standard interface for connecting LLM agents to external tools. Because MCP servers expose privileged operations such as shell execution, network access, and file-system manipulation to agent-driven invocation, implementation flaws in tool handlers can...

ContraFix: Agentic Vulnerability Repair Via Differential Runtime Evidence and Skill Reuse

Large language model LLM agents are increasingly used for automated vulnerability repair AVR, where repository-level reasoning enables them to inspect context and produce source-code patches. However, recent empirical results show that these agents still struggle with real-world vulnerabilities...

No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills

LLM-powered agents can silently delete documents, leak credentials, or transfer funds on a routine user request, not because the agent was attacked, but because the skill it invoked broke its own declared safety rules. We call these specification violations: benign inputs cause a skill to breach...

EUVD-2024-53527

Malicious code in bioql PyPI...

MAL-2025-25219 Malicious code in lg-mutator-mobile-ads (npm)

The package lg-mutator-mobile-ads was found to contain malicious code...

Malicious code in lg-mutator-mobile-ads (npm)

The package lg-mutator-mobile-ads was found to contain malicious code...

Malicious code in react-mutator (npm)

The package react-mutator was found to contain malicious code...

MAL-2025-31804 Malicious code in react-mutator (npm)

The package react-mutator was found to contain malicious code...

@stryker-mutator/util vulnerable to Prototype Pollution

A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

GHSA-9J5Q-479X-43G2 @stryker-mutator/util vulnerable to Prototype Pollution

A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

@code-dungeon/yardstick (>=0.0.3 <=0.0.17), @kcutils/color (=0.2.0-rc.3) +39 more potentially affected by CVE-2024-57085 via @stryker-mutator/util (>=0.0.1 <=8.7.0)

@stryker-mutator/util NPM version =0.0.1, =0.0.3, =0.2.0-rc.0, =1.1.0, =1.0.0-alpha.3, =1.1.59, =1.0.0, =1.0.0, =5.2.0, =8.7.0 and more Source cves: CVE-2024-57085 Source advisory: OSV:GHSA-9J5Q-479X-43G2...

CVE-2024-57085

A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57085

CVE-2024-57085 affects the JavaScript library @stryker-mutator/util version 8.6.0, specifically the deepMerge function. A prototype pollution flaw in deepMerge can be triggered by a crafted payload, leading to Denial of Service (DoS). Some sources indicate an available PoC/ Exploitation in the wi...

CVE-2024-57085

A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

CVE-2024-57085

A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to cause a Denial of Service DoS via supplying a crafted payload...

Hop-by-hop abuse to malform header mutator

Impact Downstream services relying on the presence of headers set by the header mutator could be exploited. A client can drop the header set by the header mutator by including that header's name in the Connection header. Example minimal config: yaml - id: 'example' upstream: url:...

GHSA-W9MR-28MW-J8HG Hop-by-hop abuse to malform header mutator

Impact Downstream services relying on the presence of headers set by the header mutator could be exploited. A client can drop the header set by the header mutator by including that header's name in the Connection header. Example minimal config: yaml - id: 'example' upstream: url:...

Frida API Fuzzer - This Experimetal Fuzzer Is Meant To Be Used For API In-Memory Fuzzing

This experimental fuzzer is meant to be used for API in-memory fuzzing. The design is highly inspired and based on AFL/AFL++. ATM the mutator is quite simple, just the AFL's havoc and splice stages. I tested only the examples under tests/, this is a WIP project but is known to works at least on...