1452 matches found
Meta Tapped a Pentagon Supplier to Prototype Face Recognition for Its Glasses
Rank One, whose board includes a former CIA deputy director and a former FBI science chief, supplied face recognition to Meta for internal development of its smart glasses app...
The Human Vulnerabilities and Exploits (HVE) Framework
The cybersecurity community has invested over two decades in building standardized frameworks, the Common Vulnerabilities and Exposures CVE system, the Common Vulnerability Scoring System CVSS, and the Common Weakness Enumeration CWE to identify, classify, and remediate threats to digital...
Governing AI-Assisted Security Operations: A Design Science Framework for Operational Decision Support
Engineering managers increasingly must decide how to introduce generative artificial intelligence AI, retrieval-augmented generation, and coding agents into high-risk operational functions without weakening accountability, privacy, cost discipline, or auditability. The central message of this stu...
Zeek 8.0.7
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
Towards a Cognitive-Support Tool for Threat Hunters
Cybersecurity increasingly relies on threat hunters to proactively identify adversarial activity, yet the cognitive work underlying threat hunting remains underexplored or insufficiently supported by existing tools. Building on prior studies that examined how threat hunters construct and share...
Zeek 8.0.6
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
Deserialization of Untrusted Data
Overview ai-data-science-team is a Build and run an AI-powered data science team. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadpickle function in aidatascienceteam/tools/dataloader.py. An attacker can execute arbitrary code by supplying a...
NSF Unidata NetCDF-C 安全漏洞
NSF Unidata NetCDF-C is a tool for processing NetCDF files from NSF Unidata, USA. A security vulnerability exists in NSF Unidata NetCDF-C that stems from a lack of validation of the length of user-supplied data when parsing dimension names, which could lead to a heap buffer overflow and remote co...
Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports
Introduction In March 2025, we discovered Operation ForumTroll, a series of sophisticated cyberattacks exploiting the CVE-2025-2783 vulnerability in Google Chrome. We previously detailed the malicious implants used in the operation: the LeetAgent backdoor and the complex spyware Dante, developed ...
Evolution of Cybersecurity Subdisciplines: A Science of Science Study
The science of science is an emerging field that studies the practice of science itself. We present the first study of the cybersecurity discipline from a science of science perspective. We examine the evolution of two comparable interdisciplinary communities in cybersecurity: the Symposium on...
CVE-2025-63603
A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...
PT-2025-47331
Name of the Vulnerable Software and Affected Versions MCP Data Science Server version 0.1.6 Description A command injection issue exists in the safe eval function src/mcp server ds/server.py:108 of the software. The function utilizes Python’s exec to run scripts provided by users, but it does not...
CVE-2025-63603
A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...
Sustaining Cyber Awareness: The Long-Term Impact of Continuous Phishing Training and Emotional Triggers
Phishing constitutes more than 90% of successful cyberattacks globally, remaining one of the most persistent threats to organizational security. Despite organizations tripling their cybersecurity budgets between 2015 and 2025, the human factor continues to pose a critical vulnerability. This stud...
Zeek 8.0.3
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
Zeek 8.0.2
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
EUVD-2021-16597
Malware in sbrugna...
EUVD-2019-18376
Malware in sbrugna...
EUVD-2006-2320
Malware in sbrugna...
EUVD-2018-18387
Malware in sbrugna...