79241 matches found
ROS-20260524-73-0058
Vulnerability in golang-x-crypto related to the use of insufficiently randomized values. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...
Exploit for Server-Side Request Forgery in Apache Axis
Axis1.4 CVE-2019-0227 Remote Command Execution Vulnerability E...
ExploitBench: A Capability Ladder Benchmark for LLM Cybersecurity Agents
Exploitation is not a binary event. It is a ladder of acquiring progressive capabilities, from executing a single buggy line of code to taking full control of the target. However, existing LLM security benchmarks treat a crash as exploitation success. That single binary outcome collapses the hard...
MAL-2026-3666 Malicious code in 01-0redi7qgbz0uv (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ceb633970757ab5d5ee0b64512c18d46be8402ac2169769101655a697ee5d6d the analysis found that this package has a garbage randomized name '01-0redi7qgbz0uv', empty description, placeholder test script, and an index.js th...
CVE-2026-41584
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity a "zero"...
Towards Certified Malware Detection: Provable Guarantees against Evasion Attacks
Machine learning-based static malware detectors remain vulnerable to adversarial evasion techniques, such as metamorphic engine mutations. To address this vulnerability, we propose a certifiably robust malware detection framework based on randomized smoothing through feature ablation and targeted...
PowMix botnet targets Czech workforce
Cisco Talos discovered an ongoing malicious campaign, operating since at least December 2025, affecting a broader workforce in the Czech Republic with a previously undocumented botnet we call "PowMix." PowMix employs randomized command-and-control C2 beaconing intervals, rather than persistent...
CVE-2026-32053 OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization
OpenClaw versions prior to 2026.2.23 contain a vulnerability in Twilio webhook event deduplication where normalized event IDs are randomized per parse, allowing replay events to bypass manager dedupe checks. Attackers can replay Twilio webhook events to trigger duplicate or stale call-state...
CVE-2026-32053
CVE-2026-32053 affects OpenClaw versions prior to 2026.2.23. The root cause is a flaw in Twilio webhook event deduplication, where normalized event IDs are randomized per parse, allowing replayed webhook events to bypass dedupe checks. This can cause duplicate or stale call-state transitions, lea...
GHSA-VQX8-9XXW-F2M7 OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse
Impact Twilio webhook replay events could bypass voice-call manager dedupe because normalized event IDs were randomized per parse. A replayed event could be treated as new and trigger duplicate or stale call-state transitions. Affected Packages / Versions - Package: openclaw npm - Vulnerable...
RandSet: Randomized Corpus Reduction for Fuzzing Seed Scheduling
Seed explosion is a fundamental problem in fuzzing seed scheduling, where a fuzzer maintains a huge corpus and fails to choose promising seeds. Existing works focus on seed prioritization but still suffer from seed explosion since corpus size remains huge. We tackle this from a new perspective:...
RPP: A Certified Poisoned-Sample Detection Framework for Backdoor Attacks under Dataset Imbalance
Deep neural networks are highly susceptible to backdoor attacks, yet most defense methods to date rely on balanced data, overlooking the pervasive class imbalance in real-world scenarios that can amplify backdoor threats. This paper presents the first in-depth investigation of how the dataset...
SemCovert: Secure and Covert Video Transmission Via Deep Semantic-Level Hiding
Video semantic communication, praised for its transmission efficiency, still faces critical challenges related to privacy leakage. Traditional security techniques like steganography and encryption are challenging to apply since they are not inherently robust against semantic-level transformations...
WordPress plugin WebP Express 信息泄露漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...
Randomized Controlled Trials for Phishing Triage Agent
Security operations centers SOCs face a persistent challenge: efficiently triaging a high volume of user-reported phishing emails while maintaining robust protection against threats. This paper presents the first randomized controlled trial RCT evaluating the impact of a domain-specific AI agent ...
Fedora 43 : bind9-next (2025-b68f7f541d)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b68f7f541d advisory. Update to 9.21.14 rhbz2394406 Security Fixes: - DNSSEC validation fails if matching but invalid DNSKEY is found. CVE-2025-8677 - Address various...
Malicious code in isostasy-loopback-docusaurus-inflation (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 797720d1b8288c7e2626da0beb9bf3b04fce2db05038749d1edb8dae27d74f6f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in zeta-beta-secure-secure-load (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d93a5c435de2671bef333672da04229cac813381b0a6af0485bceb971f387c84 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in nextjs-shelljs-centaurus-singularity (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c55363b3a5905f100f53657d0b726caa73dfb097b64c18ebd0409751dc343854 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in table-old-sun-await-decode (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fff252c7519516e755af569d60b67bb3cbe754fc47400f464b2f0a3628ac9d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...