Data Agents under Attack: Vulnerabilities in LLM-Driven Analytical Systems

Data agents integrate LLM-driven reasoning with relational data access, executable analytical tools, and multi-step workflow orchestration, making them increasingly central to enterprise analytics. This integration introduces new security vulnerabilities across data resources, database execution,...

RealVuln: Benchmarking Rule-Based, General-Purpose LLM, and Security-Specialized Scanners on Real-World Code

How do security scanners perform on real-world code? We present RealVuln, the first open-source benchmark comparing Rule-Based SAST, General-Purpose LLMs, and Security-Specialized scanners on 26 intentionally vulnerable Python repositories educational and Capture-The-Flag applications with 796...

CVE-2026-25644

DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...

EUVD-2023-36925

Malicious code in bioql PyPI...

LenslessMic: Audio Encryption and Authentication Via Lensless Computational Imaging

With society's increasing reliance on digital data sharing, the protection of sensitive information has become critical. Encryption serves as one of the privacy-preserving methods; however, its realization in the audio domain predominantly relies on signal processing or software methods embedded...

Vulnerability Management Chaining: an Integrated Framework for Efficient Cybersecurity Risk Prioritization

Cybersecurity teams face an overwhelming vulnerability crisis: with 25,000+ new CVEs disclosed annually, traditional CVSS-based prioritization requires addressing 60% of all vulnerabilities while correctly identifying only 20% of those actually exploited. We propose Vulnerability Management...

USB: a Comprehensive and Unified Safety Evaluation Benchmark for Multimodal Large Language Models

Despite their remarkable achievements and widespread adoption, Multimodal Large Language Models MLLMs have revealed significant security vulnerabilities, highlighting the urgent need for robust safety evaluation benchmarks. Existing MLLM safety benchmarks, however, fall short in terms of data...

The Last Hour Before Yevgeny Prigozhin's Plane Crash

Russia tightly controls its information space—making it hard to get accurate information out of the country. But open source data provides some clues about the crash...

CVE-2023-32321 CKAN remote code execution and private information access via crafted resource ids

CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also...

AtroCore 代码问题漏洞

AtroCore is an open source data platform, data management and middleware software from AtroCore, Inc. A security vulnerability exists in AtroCore version 1.5.25 that stems from the presence of an unauthenticated file upload vulnerability...

Their Photos Were Posted Online. Then They Were Bombed

An attack on Russian mercenaries shows how militaries are increasingly using open source data—with sometimes deadly consequences...

Adobe Boosts Privacy Protections with Flash Player Update

Adobe released an update to its Flash Player that it says will make it easier for users to manage their online privacy. The company released Flash Player Version 10.3 on Thursday. The update to the common rich media player includes support for a new cross platform application program interface AP...