55 matches found
CVE-2026-34320
Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
A Lightweight Hybrid MLP-Based Framework for Real-Time Phishing URL Detection Using Structural URL Features
Phishing attacks remain a major cybersecurity threat, exploiting deceptive URLs to steal sensitive user information. Traditional blacklist and rule-based detection approaches are reactive and often fail to identify newly emerging phishing URLs. This paper proposes a lightweight hybrid framework f...
Measuring Real-World Prompt Injection Attacks in LLM-Based Resume Screening
LLMs are vulnerable to prompt injection attacks. However, this vulnerability has been primarily demonstrated conceptually in academic studies or through a few anecdotal case studies. Its prevalence and impact in real-world LLM-based applications are largely unexplored. In this work, we present th...
AI-Driven Security Alert Screening and Alert Fatigue Mitigation in Security Operations Centers: A Comprehensive Survey
Security alert screening is the downstream task of filtering, prioritizing, correlating, and contextualizing alerts for analyst attention in Security Operations Centers. This survey reviews artificial-intelligence-driven alert screening and alert-fatigue mitigation from 2015 to 2026. We synthesiz...
EUVD-2026-24422
Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2026-34320
Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
CVE-2026-34320
Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
Oracle Financial Services Customer Screening 安全漏洞
Oracle Financial Services Customer Screening is a financial customer screening and risk identification system developed by Oracle Corporation. Version 8.1.2.8.0 of Oracle Financial Services Customer Screening contains a security vulnerability. This vulnerability stems from issues with the User...
PT-2026-34142
Name of the Vulnerable Software and Affected Versions Oracle Financial Services Customer Screening version 8.1.2.8.0 Description An issue in the User Interface component allows an unauthenticated attacker with network access via HTTP to compromise the system. This can lead to unauthorized access ...
Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain
Large language model LLM agents increasingly rely on third-party API routers to dispatch tool-calling requests across multiple upstream providers. These routers operate as application-layer proxies with full plaintext access to every in-flight JSON payload, yet no provider enforces cryptographic...
VulnAgent-X: A Layered Agentic Framework for Repository-Level Vulnerability Detection
VulnAgent-X is a layered agentic framework integrating lightweight risk screening, bounded context expansion, specialized analysis agents, selective dynamic verification, and evidence fusion into a unified pipeline. Included in this archive is also a whitepaper from the researchers...
Recursive Language Models for Jailbreak Detection: A Procedural Defense for Tool-Augmented Agents
Jailbreak prompts are a practical and evolving threat to large language models LLMs, particularly in agentic systems that execute tools over untrusted content. Many attacks exploit long-context hiding, semantic camouflage, and lightweight obfuscations that can evade single-pass guardrails. We...
Understanding Security Risks of AI Agents' Dependency Updates
Package dependencies are a critical control point in modern software supply chains. Dependency changes can substantially alter a project's security posture. As AI coding agents increasingly modify software via pull requests, it is unclear whether their dependency decisions introduce distinct...
Deepfakes, AI resumes, and the growing threat of fake applicants
Recruiters expect the odd exaggerated resume, but many companies, including us here at Malwarebytes, are now dealing with something far more serious: job applicants who aren't real people at all. From fabricated identities to AI-generated resumes and outsourced impostor interviews, hiring pipelin...
The AI-Designed Bioweapon Arms Race
Interesting article about the arms race between AI systems that invent/design new biological pathogens, and AI systems that detect them before they're created: The team started with a basic test: use AI tools to design variants of the toxin ricin, then test them against the software that is used ...
Operationalizing CaMeL: Strengthening LLM Defenses for Enterprise Deployment
CaMeL Capabilities for Machine Learning introduces a capability-based sandbox to mitigate prompt injection attacks in large language model LLM agents. While effective, CaMeL assumes a trusted user prompt, omits side-channel concerns, and incurs performance tradeoffs due to its dual-LLM design. Th...
CISA: Dams Sector Personnel Screening Guide
The Dams Sector Personnel Screening Guide 2025 provides information to assist Dams Sector owners and operators in developing and implementing personnel screening protocols appropriate for their facilities. An effective screening protocol for potential employees and contractor support can contribu...
Background check provider data breach affects 3 million people who may not have heard of the company
Employment screening company DISA Global Solutions has filed a data breach notification after a cyber incident on their network. DISA says a third party had access to its environment between February 9, 2024, and April 22, 2024. The attacker may have accessed over three million files containing...
CVE-2024-40655
In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
ASB-A-300904123
In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...