Lucene search
K

55 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.11 views

CVE-2026-34320

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.5CVSS7.4AI score0.00307EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.20 views

A Lightweight Hybrid MLP-Based Framework for Real-Time Phishing URL Detection Using Structural URL Features

Phishing attacks remain a major cybersecurity threat, exploiting deceptive URLs to steal sensitive user information. Traditional blacklist and rule-based detection approaches are reactive and often fail to identify newly emerging phishing URLs. This paper proposes a lightweight hybrid framework f...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.37 views

Measuring Real-World Prompt Injection Attacks in LLM-Based Resume Screening

LLMs are vulnerable to prompt injection attacks. However, this vulnerability has been primarily demonstrated conceptually in academic studies or through a few anecdotal case studies. Its prevalence and impact in real-world LLM-based applications are largely unexplored. In this work, we present th...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/08 12:0 a.m.11 views

AI-Driven Security Alert Screening and Alert Fatigue Mitigation in Security Operations Centers: A Comprehensive Survey

Security alert screening is the downstream task of filtering, prioritizing, correlating, and contextualizing alerts for analyst attention in Security Operations Centers. This survey reviews artificial-intelligence-driven alert screening and alert-fatigue mitigation from 2015 to 2026. We synthesiz...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/21 9:31 p.m.5 views

EUVD-2026-24422

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.5CVSS5.7AI score0.00307EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 9:16 p.m.10 views

CVE-2026-34320

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.5CVSS0.00307EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 8:35 p.m.4 views

CVE-2026-34320

Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.5CVSS5.7AI score0.00307EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Oracle Financial Services Customer Screening 安全漏洞

Oracle Financial Services Customer Screening is a financial customer screening and risk identification system developed by Oracle Corporation. Version 8.1.2.8.0 of Oracle Financial Services Customer Screening contains a security vulnerability. This vulnerability stems from issues with the User...

7.5CVSS7.3AI score0.00307EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.15 views

PT-2026-34142

Name of the Vulnerable Software and Affected Versions Oracle Financial Services Customer Screening version 8.1.2.8.0 Description An issue in the User Interface component allows an unauthenticated attacker with network access via HTTP to compromise the system. This can lead to unauthorized access ...

7.5CVSS7.3AI score0.00307EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/09 12:0 a.m.4 views

Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain

Large language model LLM agents increasingly rely on third-party API routers to dispatch tool-calling requests across multiple upstream providers. These routers operate as application-layer proxies with full plaintext access to every in-flight JSON payload, yet no provider enforces cryptographic...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/17 12:0 a.m.22 views

VulnAgent-X: A Layered Agentic Framework for Repository-Level Vulnerability Detection

VulnAgent-X is a layered agentic framework integrating lightweight risk screening, bounded context expansion, specialized analysis agents, selective dynamic verification, and evidence fusion into a unified pipeline. Included in this archive is also a whitepaper from the researchers...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/18 12:0 a.m.11 views

Recursive Language Models for Jailbreak Detection: A Procedural Defense for Tool-Augmented Agents

Jailbreak prompts are a practical and evolving threat to large language models LLMs, particularly in agentic systems that execute tools over untrusted content. Many attacks exploit long-context hiding, semantic camouflage, and lightweight obfuscations that can evade single-pass guardrails. We...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/31 12:0 a.m.4 views

Understanding Security Risks of AI Agents' Dependency Updates

Package dependencies are a critical control point in modern software supply chains. Dependency changes can substantially alter a project's security posture. As AI coding agents increasingly modify software via pull requests, it is unclear whether their dependency decisions introduce distinct...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/09 11:49 a.m.6 views

Deepfakes, AI resumes, and the growing threat of fake applicants

Recruiters expect the odd exaggerated resume, but many companies, including us here at Malwarebytes, are now dealing with something far more serious: job applicants who aren't real people at all. From fabricated identities to AI-generated resumes and outsourced impostor interviews, hiring pipelin...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/10/30 11:5 a.m.5 views

The AI-Designed Bioweapon Arms Race

Interesting article about the arms race between AI systems that invent/design new biological pathogens, and AI systems that detect them before they're created: The team started with a basic test: use AI tools to design variants of the toxin ricin, then test them against the software that is used ...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.5 views

Operationalizing CaMeL: Strengthening LLM Defenses for Enterprise Deployment

CaMeL Capabilities for Machine Learning introduces a capability-based sandbox to mitigate prompt injection attacks in large language model LLM agents. While effective, CaMeL assumes a trusted user prompt, omits side-channel concerns, and incurs performance tradeoffs due to its dual-LLM design. Th...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/29 12:0 a.m.4 views

CISA: Dams Sector Personnel Screening Guide

The Dams Sector Personnel Screening Guide 2025 provides information to assist Dams Sector owners and operators in developing and implementing personnel screening protocols appropriate for their facilities. An effective screening protocol for potential employees and contractor support can contribu...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/02/25 2:27 p.m.8 views

Background check provider data breach affects 3 million people who may not have heard of the company

Employment screening company DISA Global Solutions has filed a data breach notification after a cyber incident on their network. DISA says a third party had access to its environment between February 9, 2024, and April 22, 2024. The attacker may have accessed over three million files containing...

7.5AI score
Exploits0
OSV
OSV
added 2024/09/11 12:15 a.m.4 views

CVE-2024-40655

In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

7.8CVSS5.9AI score0.0008EPSS
Exploits0References2
OSV
OSV
added 2024/09/01 12:0 a.m.27 views

ASB-A-300904123

In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

7.8CVSS7.7AI score0.0008EPSS
Exploits0References2
Rows per page
Query Builder