CyBOKClaw: Human-In-The-Loop CyBOK Mapping for Cybersecurity Curriculum

This paper presents CyBOKClaw, an interpretable human-in-the-loop retrieval framework for mapping cybersecurity keywords or phrases KWoPs to the Cyber Security Body of Knowledge CyBOK. Rather than treating the task as strict exact classification, the framework is designed as a top-k candidate...

eip-mcp

Exploit Intel Platform MCP Server Package/command: eip-mcp...

Flawfinder 2.0.20

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function...

Vulnerability-Exploit-Correlation-Engine

Vulnerability-Exploit-Correlation-Engine Passive-analysis CLI...

Root-Cause-Driven Automated Vulnerability Repair

Recent LLM-based systems have made automated vulnerability repair increasingly practical, but two challenges remain. First, without strong signals about where a bug originates, repair agents drift toward shallow edits that silence the observed failure while leaving the underlying defect unresolve...

SecCodePRM: A Process Reward Model for Code Security

Large Language Models are rapidly becoming core components of modern software development workflows, yet ensuring code security remains challenging. Existing vulnerability detection pipelines either rely on static analyzers or use LLM/GNN-based detectors trained with coarse program-level...

WiFiPenTester: Advancing Wireless Ethical Hacking with Governed GenAI

Wireless ethical hacking relies heavily on skilled practitioners manually interpreting reconnaissance results and executing complex, time-sensitive sequences of commands to identify vulnerable targets, capture authentication handshakes, and assess password resilience; a process that is inherently...

CAFE-GB: Scalable and Stable Feature Selection for Malware Detection Via Chunk-Wise Aggregated Gradient Boosting

High-dimensional malware datasets often exhibit feature redundancy, instability, and scalability limitations, which hinder the effectiveness and interpretability of machine learning-based malware detection systems. Although feature selection is commonly employed to mitigate these issues, many...

CVE-2026-23873 HUSTOJ is Vulnerable to Stored CSV Injection (Formula Injection) in Contest Rank Export

hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection Formula Injection through the contest rank export functionality contestrank.xls.php and admin/ranklistexport.php. The application fails to sanitize...

ChrimeraWire Trojan Fakes Chrome Activity to Manipulate Search Rankings

ChrimeraWire is a new Windows trojan that automates web browsing through Chrome to simulate user activity and manipulate search engine rankings...

Sift or Get off the PoC: Applying Information Retrieval to Vulnerability Research with SiftRank

Security research is fundamentally a problem of resource constraint and consequent prioritization. There is simply too much attack surface and too little time and energy to spend analyzing it all. The most effective security researchers are often those who are most skilled at intuitively deciding...

MAL-2025-146500 Malicious code in prettier-polaris-avior-chalk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3192b3b22373e63e2493a019959c33075e6492d8e743c885cf39b43bda1abca1 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Are LLMs Reliable Rankers? Rank Manipulation Via Two-Stage Token Optimization

Large language models LLMs are increasingly used as rerankers in information retrieval, yet their ranking behavior can be steered by small, natural-sounding prompts. To expose this vulnerability, we present Rank Anything First RAF, a two-stage token optimization method that crafts concise textual...

EUVD-2012-1094

Malware in sbrugna...

EUVD-2022-35331

Malicious code in bioql PyPI...

PT-2025-40613

Zoho Office Suite holds an A security rating from UpGuard 829/950 as of 2025, with strong postures in encryption, SOC 2 Type II, and ISO 27001 compliance. Known issues include patched vulnerabilities like SQL injections CVE-2025-9428 in Analytics. No major breaches in 2025. It's ranked highly for...

Neon App pays users to record their phone calls, sells data for AI training [updated]

TechCrunch reports about a “bizarre app” inviting you to record and share your audio calls so that it can sell the data to AI companies. And if that’s not weird enough on its own, it’s ranking No. 2 in Apple's US app store at the time of writing. The name of the app is Neon Mobile and it promises...

Conflicting Scores, Confusing Signals: an Empirical Study of Vulnerability Scoring Systems

Accurately assessing software vulnerabilities is essential for effective prioritization and remediation. While various scoring systems exist to support this task, their differing goals, methodologies and outputs often lead to inconsistent prioritization decisions. This work provides the first...

EventHunter: Dynamic Clustering and Ranking of Security Events from Hacker Forum Discussions

Hacker forums provide critical early warning signals for emerging cybersecurity threats, but extracting actionable intelligence from their unstructured and noisy content remains a significant challenge. This paper presents an unsupervised framework that automatically detects, clusters, and...

Empirical Quantification of Spurious Correlations in Malware Detection

End-to-end deep learning exhibits unmatched performance for detecting malware, but such an achievement is reached by exploiting spurious correlations -- features with high relevance at inference time, but known to be useless through domain knowledge. While previous work highlighted that deep...