455 matches found
Web-security1
Web-sec...
PT-2026-42583
Description When the sandbox is enabled selectively via SourcePolicyInterface and not globally, a sandboxed template that is allowed to call template from string and include can render an arbitrary inner template with no security policy enforcement. Environment::createTemplate compiles the inner...
From Preventive to Reactive: How AI Coding Assistants Transform Developers' Security Awareness
AI coding assistants are now central to professional software development, yet their impact on how developers think about and practice security remains poorly understood. While prior work has documented vulnerability rates in AI-generated code, a more fundamental question persists: how do these...
CVE-2026-0300
A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...
AI-Driven Security Alert Screening and Alert Fatigue Mitigation in Security Operations Centers: A Comprehensive Survey
Security alert screening is the downstream task of filtering, prioritizing, correlating, and contextualizing alerts for analyst attention in Security Operations Centers. This survey reviews artificial-intelligence-driven alert screening and alert-fatigue mitigation from 2015 to 2026. We synthesiz...
Risk Models As Mediating Artifacts: A Postphenomenological Analysis of the CIIM Framework in Cybersecurity Practice
This article applies postphenomenological theory to the field of cybersecurity risk management, arguing that formal risk models function as mediating artifacts that shape how security practitioners or analysts perceive, interpret, and act on threats. Based on Don Ihde's taxonomy on human-technolo...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-33825link is external Microsoft Defender Insufficient Granularity of Access Control Vulnerability This type of vulnerability is a frequent attack vector for...
Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game
I was scrolling through my feed one evening when I came across OpenClaw, an open source personal AI assistant that people were calling everything from "Jarvis" to "a portal to a new reality." The idea is beautiful: an AI that lives on your machine or in the cloud, talks to you over WhatsApp or...
Exploit for OS Command Injection in Gnu Bash
AppAssault Lab — Attacking Common Applications ╔═════...
CVE-2026-33247
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...
UBUNTU-CVE-2026-33216
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are incorrectly classified as a non-authenticating identity statement JWT and exposed via monitoring...
Binary_Exploitation_Material
Binary Exploitation Material Personal collection of binary ex...
ICYMI: Experts on Experts – Season One Roundup
In 2025, we launched Experts on Experts: Commanding Perspectives as a pilot video series designed to spotlight the ideas shaping cybersecurity, directly from the people driving them. Over five episodes, Rapid7 leaders shared short, candid conversations on topics like agentic AI, MDR ROI,...
cve-pocs
CVE Proof of Concepts cve-pocs A collection of Proof of C...
How BAS Improves Vulnerability Management (And Why)
A vulnerability without context is just a data point. A medium-severity flaw might seem like a low priority, but what if you knew it was being actively used in a new ransomware campaign targeting your industry? This is why threat intelligence is so crucial. The answer to how does BAS improve...
cve
Here are some vulnerabilities related to variou...
EUVD-2020-20862
Malware in sbrugna...
EUVD-2020-20864
Malware in sbrugna...
EUVD-2020-20863
Malware in sbrugna...
EUVD-2020-20865
Malware in sbrugna...