Unveiling Privacy Risks in Multi-Modal Large Language Models: Task-Specific Vulnerabilities and Mitigation Challenges

Privacy risks in text-only Large Language Models LLMs are well studied, particularly their tendency to memorize and leak sensitive information. However, Multi-modal Large Language Models MLLMs, which process both text and images, introduce unique privacy challenges that remain underexplored...

Credential Disclosure in (EU) Digital Identity Wallets: Privacy Risks and Practical Mitigations

The European Union will introduce the EUDI Wallet by late 2026, which allows users to hold digital credentials i.e., representations of physical official identity documents on their devices. This will allow users to securely and privately disclose identity attributes to websites. Although such a...

Prioritization of Risks from Artificial Intelligence: A Delphi Study of 272 International Experts

Artificial intelligence poses many risks, ranging from familiar present-day harms to unprecedented and potentially catastrophic ones. Effective risk management requires prioritization: we must understand which risks are most severe, who is most vulnerable, and who is most responsible for addressi...

Description-Code Inconsistency in Real-World MCP Servers: Measurement, Detection, and Security Implications

The Model Context Protocol MCP has emerged as a critical standard empowering Large Language Models LLMs to utilize external tools. In this ecosystem, LLMs rely on natural language descriptions provided by MCP servers to select and execute functions. This interaction implicitly assumes that tool...

Wardriving assessment across Mexico: Preparing for the 2026 World Cup

Introduction Mexico is one of the host countries for the 2026 FIFA World Cup, with matches to be played in three major cities: Mexico City, Monterrey, and Guadalajara. These locations are expected to see a large influx of international visitors, increasing the potential security risks. Many of...

bastion-waf-simulator

BASTION — Web Application Firewall Simulator A real-time We...

Important: golang

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

Security, Privacy, and Ethical Risks in OpenClaw

This paper systematically investigates the security, privacy, and ethical risks, as well as the traceability challenges of OpenClaw, a locally executable AI agent system for natural language interaction and real-world task completion. While OpenClaw shows strong potential for personal assistance,...

Security of LLM-Generated Code: A Comparative Analysis

The majority of software developers use or are planning to use Artificial Intelligence AI tools in their development processes. Their top reasons include improving productivity and faster learning. In fact, Large Language Model LLM-generated code is currently in production, including in major tec...

Securing the gaming culture of cultures

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

Astra Linux - уязвимость в openjdk-11

Vulnerability in Oracle Java SE component: Hotspot. The supported versions affected include Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, and 23. This vulnerability can be exploited by an unauthenticated attacker with network access via multiple protocols, allowing them to compromi...

Astra Linux - уязвимость в edk2

The example of an encrypted private key in EDK2, present in the IpSecDxe.efi, may pose potential security risks...

CVE-2026-8974 Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11,...

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-34197 ActiveMQ Classic Security Detection Tool This...

From Cryptographic Blind Spots to Post-Quantum Agility: Introducing Wiz for PQC Readiness

Eliminate cryptographic blind spots and neutralize legacy debt with an integrated cryptographic asset inventory. Identify risks across code, cloud, and runtime, using the Wiz Security Graph to prioritize migration and protect against "Harvest Now, Decrypt Later" attacks...

AI Voice Cloning: The Technology Behind It, Who’s Building It, and Where It’s Headed

Explore AI voice cloning technology, leading companies, real-world uses, ethical risks, and future trends shaping synthetic voices...

From AI-Generated Content to Agentic Action: Security and Safety Threats in Generative AI

Generative AI systems are increasingly used not only to produce content but also to retrieve data, invoke tools, and execute actions. This work examines the security and safety implications of that shift across content-level, model-level, and agentic threats. We analyze how attacker access...

CVE-2025-62316

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2025-62316 from the linked sources; no affected products, vectors, or remediation are stated.

CVE-2025-62316 HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured

HCL AION is affected by a vulnerability where certain security-related HTTP response headers are not properly configured. Absence of these headers may reduce the effectiveness of browser-based security controls and could expose the application to limited security risks under specific conditions...

How AI Hallucinations Are Creating Real Security Risks

AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable...