3708 matches found
Before the Breach, There Was a Test Environment
Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...
Root-Cause-Driven Automated Vulnerability Repair
Recent LLM-based systems have made automated vulnerability repair increasingly practical, but two challenges remain. First, without strong signals about where a bug originates, repair agents drift toward shallow edits that silence the observed failure while leaving the underlying defect unresolve...
Generating Proof-Of-Vulnerability Tests to Help Enhance the Security of Complex Software
Developers create modern software applications Apps on top of third-party libraries Libs. When library vulnerabilities are reachable through application code, the applications can be vulnerable to software supply chain attacks. Prior work shows that developers often require concrete and executabl...
Evaluating Retrieval-Augmented Generation for Explainable Malware Analysis
Large Language Models LLMs are increasingly being used as security engineering tools to summarize and explain malware behavior to analysts. A common assumption is that Retrieval-Augmented Generation RAG improves explanation quality by injecting external security knowledge. In this work, we...
PT-2026-36424
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAIC TRANS DEACTIVATE FROM DEV transaction to the host over the QAIC CONTROL MHI channel. QAIC handles this by calling decode...
[SECURITY] Fedora 44 Update: mupdf-1.27.1-10.fc44
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
authorized-pentest
authorized-pentest A runbook-style Claude Code skill for runn...
Text Steganography with Dynamic Codebook and Multimodal Large Language Model
With the popularity of the large language models LLMs, text steganography has achieved remarkable performance. However, existing methods still have some issues: 1 For the white-box paradigm, this steganography behavior is prone to exposure due to sharing the off-the-shelf language model between...
CVE-2026-34296
Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
Threat Intel Scraping Without Burning Your Cover or Your Stack
Threat Intel Scraping sounds simple until it isn’t, here’s how cybersecurity teams avoid blocks, bad data, and unnecessary risk...
Insights into Security-Related AI-Generated Pull Requests
Recent years have experienced growing contributions of AI coding agents that assist human developers in various software engineering tasks. However, this growing AI-assisted autonomy raises questions about security and trust. In this paper, we analyze more than 33,000 AI-generated pull requests P...
Oracle Agile Product Lifecycle Management for Process 安全漏洞
Oracle Agile Product Lifecycle Management for Process is a product lifecycle management system designed for the process industry by Oracle Corporation. Version 6.2.4 of Oracle Agile Product Lifecycle Management for Process contains a security vulnerability. This vulnerability stems from issues wi...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013103)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013103 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix object lifecycle issue in updateqosrequest The cpufreqcpuput call in...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011346)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011346 advisory. In the Linux kernel, the following vulnerability has been resolved: block: don't allow the same type rqqos add more than once In our test of iocost, we encountered...
Why Most AI Deployments Stall After the Demo
The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don't fail because of bad technology. They stall...
Towards Optimal Agentic Architectures for Offensive Security Tasks
Agentic security systems increasingly audit live targets with tool-using LLMs, but prior systems fix a single coordination topology, leaving unclear when additional agents help and when they only add cost. We treat topology choice as an empirical systems question. We introduce a controlled...
2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 (KB5084069)
2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 for x64 KB5084069...
2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 (KB5084070)
2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 KB5084070...
April 14, 2026-KB5084067 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2
April 14, 2026-KB5084067 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 Revised April 22, 2026: Revised on April 22nd, 2026 to add the known issue section. Release Date: April 14, 2026 Version: .NET Framework 3.5, 4.8 and 4.8.1 Summary This article describes t...
LLM-Guided Prompt Evolution for Password Guessing
Passwords still remain a dominant authentication method, yet their security is routinely subverted by predictable user choices and large-scale credential leaks. Automated password guessing is a key tool for stress-testing password policies and modeling attacker behavior. This paper applies...