ESAA-Security: An Event-Sourced, Verifiable Architecture for Agent-Assisted Security Audits of AI-Generated Code

AI-assisted software generation has increased development speed, but it has also amplified a persistent engineering problem: systems that are functionally correct may still be structurally insecure. In practice, prompt-based security review with large language models often suffers from uneven...

OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container

Summary Sandbox browser container launched Chromium with --no-sandbox by default, disabling Chromium's OS-level sandbox protections. Affected Packages / Versions - Package: openclaw npm ecosystem - Latest published npm version at triage time 2026-02-21: 2026.2.19-2 - Affected range: = 2026.2.19-2...

Faraday 5.19.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

Securing Generative AI Agentic Workflows: Risks, Mitigation, and a Proposed Firewall Architecture

Generative Artificial Intelligence GenAI presents significant advancements but also introduces novel security challenges, particularly within agentic workflows where AI agents operate autonomously. These risks escalate in multi-agent systems due to increased interaction complexity. This paper...

Adaptive Plan-Execute Framework for Smart Contract Security Auditing

Large Language Models LLMs have shown great promise in code analysis and auditing; however, they still struggle with hallucinations and limited context-aware reasoning. We introduce SmartAuditFlow, a novel Plan-Execute framework that enhances smart contract security analysis through dynamic audit...

Guardians of the Web: the Evolution and Future of Website Information Security

Website information security has become a critical concern in the digital age. This article explores the evolution of website information security, examining its historical development, current practices, and future directions. The early beginnings from the 1960s to the 1980s laid the groundwork...

Exploit for CVE-2025-29927

CVE-2025-29927 Scanner ===================== This Python script...

MAL-2025-575 Malicious code in ig-lighthouse-security-audits (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 226acd90be6fefc4cd12da9d6b73604ee919205ed49e1e44f5d336b5576c3717 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ig-lighthouse-security-audits (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 226acd90be6fefc4cd12da9d6b73604ee919205ed49e1e44f5d336b5576c3717 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Automating Data Encryption and Security Audits for Continuous Protection

Protecting sensitive data is critical for businesses facing constant cyber threats. Automating encryption, audits, and access control strengthens security and reduces human error...

DockerSpy - DockerSpy Searches For Images On Docker Hub And Extracts Sensitive Information Such As Authentication Secrets, Private Keys, And More

DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more. What is Docker? Docker is an open-source platform that automates the deployment, scaling, and management of applications using containerization technology...

Exploit for SQL Injection in Crmeb

CVE-2024-36837 / CNVD-2024-30128 POC write URL in url.txt and...

RepoReaper - An Automated Tool Crafted To Meticulously Scan And Identify Exposed .Git Repositories Within Specified Domains And Their Subdomains

RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomains. By processing a user-provided text file with domain names, RepoReaper systematically checks each for publicly accessible .git files. This enables rapid...

PentestPad: Platform for Pentest Teams

In the ever-evolving cybersecurity landscape, the game-changers are those who adapt and innovate swiftly. Pen test solutions not only supercharge productivity but also provide a crucial layer of objectivity, ensuring efficiency and exceptional accuracy. The synergy between a skilled penetration...

No rate limiting on creating access token

Description: Access token creation is a critical security component in many applications, especially when it comes to user authentication and authorization. Without proper rate limiting controls, attackers may exploit this process to launch various types of attacks, such as brute force attacks,...

MID-Risk Vulnerabilities in the Axelar Smart Contracts

Lines of code s://github.com/code-423n4/2023-07-axelar/tree/main/contracts/cgp/governance/AxelarServiceGovernance.solL73 Vulnerability details Impact The vulnerabilities that I have identified could have a significant impact on the Axelar network. These vulnerabilities could be exploited by an...

MID-Risk Vulnerabilities in the Axelar Smart Contracts

Lines of code Vulnerability details Impact The vulnerabilities that I have identified could have a significant impact on the Axelar network. These vulnerabilities could be exploited by an attacker to: Gain control of the Axelar network by proposing and voting on malicious proposals. Mint or burn...

11 best practices for securing data in cloud services

In todays digital age, cloud computing has become an essential part of businesses, enabling them to store and access their data from anywhere. However, with convenience comes the risk of data breaches and cyberattacks. Therefore, it is crucial to implement best practices to secure data in cloud...

Thunderstorm - Modular Framework To Exploit UPS Devices

Thunderstorm is a modular framework to exploit UPS devices. For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future. CVE Thunderstorm is currently capable of exploiting the following CVE: CVE-2022-47186 – Unrestricted fi...

Minter privilege escalation vulnerability

Lines of code Vulnerability details Impact The contract owner could potentially abuse their privileges to manipulate the token supply and undermine the integrity of the token economy. Proof of Concept The 'setMinter' function in the contract allows the contract owner to set the minter status for...