project_hydra

Project HYDRA Automated vulnerability discovery & exploitat...

eip-search

Exploit Intel Platform CLI Search Tool Package/command: eip-...

search-cve

Intelligence Engine A lean Python CLI that aggregates CVE i...

PT-2026-39925

Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...

Qualys TotalAI Achieves FedRAMP Moderate (FedRAMP Certified Class C) Authorization

Key Takeaways Federal AI adoption is accelerating faster than governance and approved security tooling. Risk now spans models, infrastructure, and the software supply chain. AI threats often mimic normal usage, which makes it difficult to detect with static methods. Meeting mandated federal...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

check-copyfail check-copyfail.sh is a read-only Bash script...

MCPThreatHive: Automated Threat Intelligence for Model Context Protocol Ecosystems

The rapid proliferation of Model Context Protocol MCP-based agentic systems has introduced a new category of security threats that existing frameworks are inadequately equipped to address. We present MCPThreatHive, an open-source platform that automates the end-to-end lifecycle of MCP threat...

Quantum-Safe Code Auditing: LLM-Assisted Static Analysis and Quantum-Aware Risk Scoring for Post-Quantum Cryptography Migration

The impending arrival of cryptographically relevant quantum computers CRQCs threatens the security foundations of modern software: Shor's algorithm breaks RSA, ECDSA, ECDH, and Diffie-Hellman, while Grover's algorithm reduces the effective security of symmetric and hash-based schemes. Despite NIS...

Sentinel-X

!Licen...

Don’t Just Replace Kenna- Evolve to Vulnerability Exposure Management

Cisco has announced the end-of-sale for Cisco Vulnerability Management formerly Kenna Security, leaving security teams with a critical decision: remain on a legacy path or transform. Yes, it is true that the Kenna Security platform will be supported until June 30th, 2028 but the platform won’t be...

exploit-chain-generator

Exploit Chain Generator Turn Noise into Signal: Correlate...

PoC-Analyzer

PoC Analyzer Proof-of-Concept Malicious Intent Detector !P...

Detecting Malicious Entra OAuth Apps with LLM-Based Permission Risk Scoring

This project presents a unified detection framework that constructs a complete corpus of Microsoft Graph permissions, generates consistent LLM-based risk scores, and integrates them into a real-time detection engine to identify malicious OAuth consent activity...

Navigating the API Security Landscape: Your Definitive API Security Buyer’s Guide for 2025

APIs power today’s digital economy—connecting customers, partners, and internal services at breakneck speed. But with that agility comes risk: in 2024 alone, API vulnerabilities cost organizations a staggering$2.5 billion in remediation, fines, and lost revenue. As APIs proliferate, traditional...

MalCodeAI: Autonomous Vulnerability Detection and Remediation Via Language Agnostic Code Reasoning

The growing complexity of cyber threats and the limitations of traditional vulnerability detection tools necessitate novel approaches for securing software systems. We introduce MalCodeAI, a language-agnostic, multi-stage AI pipeline for autonomous code security analysis and remediation. MalCodeA...

Exposing Hidden Backdoors in NFT Smart Contracts: a Static Security Analysis of Rug Pull Patterns

The explosive growth of Non-Fungible Tokens NFTs has revolutionized digital ownership by enabling the creation, exchange, and monetization of unique assets on blockchain networks. However, this surge in popularity has also given rise to a disturbing trend: the emergence of rug pulls - fraudulent...

Transaction Proximity: a Graph-Based Approach to Blockchain Fraud Prevention

This paper introduces a fraud-deterrent access validation system for public blockchains, leveraging two complementary concepts: "Transaction Proximity", which measures the distance between wallets in the transaction graph, and "Easily Attainable Identities EAIs", wallets with direct transaction...

Frogy2.0 - An Automated External Reconnaissance And Attack Surface Management (ASM) Toolkit

Frogy 2.0 is an automated external reconnaissance and Attack Surface Management ASM toolkit designed to map out an organization's entire internet presence. It identifies assets, IP addresses, web applications, and other metadata across the public internet and then smartly prioritizes them with...

Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign

The Evolving Healthcare Cybersecurity Landscape Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology OT environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security...

Key Takeaways: Mastering Risk Prioritization with Rapid7 Surface Command

Managing risk in today’s sprawling IT environments demands precision and adaptability. Security teams face a constant influx of data from various tools, each offering fragmented insights. Rapid7’s Surface Command takes control of this chaos, consolidating data and delivering actionable insights...