MCP Security 代码问题漏洞

MCP Security is a security tool developed by the Spring AI Community as an open-source project, designed to provide OAuth 2.0 authorization support for the Spring AI’s MCP protocol. Versions of MCP Security prior to 0.1.9 contained code-related vulnerabilities. These vulnerabilities stemmed from...

Top Cybersecurity Frameworks Compared

Top Cybersecurity Frameworks Compared: NIST, CIS, and MITRE ATT&CK Security leaders do not need another framework for the sake of paperwork. They need a practical way to decide which cybersecurity frameworks help the business govern risk, harden defenses, and validate whether controls can withsta...

CVE-2026-44432 urllib3: Decompression-bomb safeguards bypassed in parts of the streaming API

urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion 1 during the second HTTPResponse.readamt=N call when the response was decompressed using the official Brotli library or 2 when...

Context-Aware Spear Phishing: Generative AI-Enabled Attacks against Individuals Via Public Social Media Data

We demonstrate how publicly available social-media data and generative AI GenAI can be misused to automate and scale highly personalized, context-aware spear-phishing campaigns. With minimal attacker effort, a small amount of public activity per target is sufficient for GenAI models to extract...

Re-Triggering Safeguards within LLMs for Jailbreak Detection

This paper proposes a jailbreaking prompt detection method for large language models LLMs to defend against jailbreak attacks. Although recent LLMs are equipped with built-in safeguards, it remains possible to craft jailbreaking prompts that bypass them. We argue that such jailbreaking prompts ar...

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

CVE-2026-35376

A TOCTOU vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The code uses a fresh path lookup (fts_accpath) to resolve targets instead of binding traversal and label application to the directory state encountered during traversal, and the operations are not...

CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

PT-2026-34499

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

OpenAI on Tuesday unveiled GPT-5.4-Cyber , a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. "The progressive use of AI accelerates defenders – those responsible...

In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy

OpenAI says its safeguards “sufficiently reduce cyber risk” for now, while GPT-5.4-Cyber is a new cybersecurity-focused model...

Pachno 1.0.6 Cross-Site Request Forgery

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

PT-2026-28452

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12 Description OpenClaw contains an authorization bypass issue. Feishu reaction events lacking chat type information are incorrectly categorized as direct p2p conversations rather than group chats. This...

Red-MIRROR: Agentic LLM-Based Autonomous Penetration Testing with Reflective Verification and Knowledge-Augmented Interaction

Web applications remain the dominant attack surface in cybersecurity, where vulnerabilities such as SQL injection, XSS, and business logic flaws continue to cause significant data breaches. While penetration testing is effective for identifying these weaknesses, traditional manual approaches are...

Quish Splash QR Code Phishing Campaign Hits 1.6 Million Users

7AI research reveals a massive QR code phishing attack that evaded SPF, DKIM, and DMARC. Find out how 1.6 million emails went undetected...

CVE-2026-23354

A flaw was found in the Linux kernel. This vulnerability affects the handling of speculative execution, a technique used by modern processors to improve performance. A protection mechanism intended to prevent information leakage can be bypassed when its result is temporarily stored in memory,...

CVE-2026-24790

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...

CVE-2026-24790

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...

CVE-2026-24790

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...

PT-2026-21251

The underlying PLC of the device can be remotely influenced, without proper safeguards or authentication...