PT-2025-32325 · Wanzhou · Woes Intelligent Optimization Energy Saving System

Name of the Vulnerable Software and Affected Versions: Wanzhou WOES Intelligent Optimization Energy Saving System version 1.0 Description: A critical issue exists in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0, specifically within the Historical Data Query Module. The...

CVE-2025-7770 Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID...

Prompt Injection Vulnerability of Consensus Generating Applications in Digital Democracy

Large Language Models LLMs are gaining traction as a method to generate consensus statements and aggregate preferences in digital democracy experiments. Yet, LLMs may introduce critical vulnerabilities in these systems. Here, we explore the impact of prompt-injection attacks targeting consensus...

ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections

A combination of propagation methods, narrative sophistication, and evasion techniques enabled the social engineering tactic known as ClickFix to take off the way it did over the past year, according to new findings from Guardio Labs. "Like a real-world virus variant, this new 'ClickFix ' strain...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - could be susceptible to cross-site scripting due to no validation of URIs.

Summary IBM Engineering Lifecycle Optimization - Publishing could be susceptible to cross-site scripting due to no validation of URIs. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimizati...

CVE-2024-52890

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...

CVE-2024-52890 IBM Engineering Lifecycle Optimization - Publishing cross-site scripting

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...

CVE-2024-52890 IBM Engineering Lifecycle Optimization - Publishing cross-site scripting

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.03 could be susceptible to cross-site scripting due to no validation of URIs...

CVE-2024-52890

CVE-2024-52890 affects IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3. The root cause is unvalidated URIs in the application, leading to cross-site scripting (CWE-84). The vulnerability is rated CVSS v3.1 base score 6.1 (Medium) with attack vector Network, no privile...

IBM Engineering Lifecycle Optimization Publishing 安全漏洞

IBM Engineering Lifecycle Optimization Publishing is an automated document generation solution from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Engineering Lifecycle Optimization Publishing versions 7.0.2 and 7.03 that originates from an unvalidated URI...

Attack the Messages, Not the Agents: a Multi-Round Adaptive Stealthy Tampering Framework for LLM-MAS

Large language model-based multi-agent systems LLM-MAS effectively accomplish complex and dynamic tasks through inter-agent communication, but this reliance introduces substantial safety vulnerabilities. Existing attack methods targeting LLM-MAS either compromise agent internals or rely on direct...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - The jackson-core package is vulnerable to a Denial of Service (DoS) attack

Summary There is a Jackson-Core vulnerability shipped with IBM Engineering Lifecycle Optimization - Publishing. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization - Publishing...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - In Connect2id Nimbus JOSE+JWT, an attacker can cause a denial of service

Summary Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. By sending a specially crafted request using a large JWE p2c header, a remote attacker could exploit this vulnerability to cause ...

PT-2025-31927 · Ibm · Ibm Engineering Lifecycle Optimization - Publishing

Name of the Vulnerable Software and Affected Versions: IBM Engineering Lifecycle Optimization - Publishing versions 7.0.2 and 7.0.3 Description: IBM Engineering Lifecycle Optimization - Publishing is susceptible to cross-site scripting due to a lack of validation of URIs. Recommendations: Ensure...

PT-2025-31724 · WordPress · Shortpixel Adaptive Images

Name of the Vulnerable Software and Affected Versions: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress versions through 3.10.3 Description: The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is susceptible to Stored...

Resource-Efficient Automatic Software Vulnerability Assessment Via Knowledge Distillation and Particle Swarm Optimization

The increasing complexity of software systems has led to a surge in cybersecurity vulnerabilities, necessitating efficient and scalable solutions for vulnerability assessment. However, the deployment of large pre-trained models in real-world scenarios is hindered by their substantial computationa...

Prompt Optimization and Evaluation for LLM Automated Red Teaming

Applications that use Large Language Models LLMs are becoming widespread, making the identification of system vulnerabilities increasingly important. Automated Red Teaming accelerates this effort by using an LLM to generate and execute attacks against target systems. Attack generators are evaluat...

Sparse Regression Codes for Secret Key Agreement: Achieving Strong Secrecy and Near-Optimal Rates for Gaussian Sources

Secret key agreement from correlated physical layer observations is a cornerstone of information-theoretic security. This paper proposes and rigorously analyzes a complete, constructive protocol for secret key agreement from Gaussian sources using Sparse Regression Codes SPARCs. Our protocol...

CVE-2025-38424

In the Linux kernel, the following vulnerability has been resolved: perf: Fix sample vs doexit Baisheng Gao reported an ARM64 crash, which Mark decoded as being a synchronous external abort -- most likely due to trying to access MMIO in bad ways. The crash further shows perf trying to do a user...

Information Security Based on LLM Approaches: a Review

Information security is facing increasingly severe challenges, and traditional protection means are difficult to cope with complex and changing threats. In recent years, as an emerging intelligent technology, large language models LLMs have shown a broad application prospect in the field of...