Lucene search
K

67 matches found

Packet Storm News
Packet Storm News
added 2025/04/29 12:0 a.m.4 views

The Hidden Risks of LLM-Generated Web Application Code: a Security-Centric Evaluation of Code Generation Capabilities in Large Language Models

The rapid advancement of Large Language Models LLMs has enhanced software development processes, minimizing the time and effort required for coding and enhancing developer productivity. However, despite their potential benefits, code generated by LLMs has been shown to generate insecure code in...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/27 12:0 a.m.3 views

Evaluating Organization Security: User Stories of European Union NIS2 Directive

The NIS2 directive requires EU Member States to ensure a consistently high level of cybersecurity by setting risk-management measures for essential and important entities. Evaluations are necessary to assess whether the required security level is met. This involves understanding the needs and goa...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/16 12:0 a.m.4 views

Secure Transfer Learning: Training Clean Models against Backdoor in (Both) Pre-Trained Encoders and Downstream Datasets

Transfer learning from pre-trained encoders has become essential in modern machine learning, enabling efficient model adaptation across diverse tasks. However, this combination of pre-training and downstream adaptation creates an expanded attack surface, exposing models to sophisticated backdoor...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/26 8:7 p.m.13 views

CVE-2021-47649

In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf-pagecount Syzbot has reported GPF in sgallocappendtablefrompages. The problem was in ubuf-pages == ZEROPTR. ubuf-pagecount is calculated from arguments passed from user-space. If user creates udmabuf with...

5.5CVSS6.3AI score0.00232EPSS
Exploits0References4
Circl
Circl
added 2024/10/28 11:42 p.m.7 views

CVE-2024-44240

creationtimestamp| type| source ---|---|--- 2024-10-28 23:42:09+00:00| seen| https://t.me/cvedetector/9203 2024-10-31 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1442/ 2025-01-09 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-016/ 2025-01-09...

6.5CVSS4.1AI score0.00534EPSS
Exploits0References4
OSV
OSV
added 2024/06/06 5:53 p.m.7 views

CVE-2024-4889 Code Injection in berriai/litellm

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the...

7.2CVSS7.4AI score0.00859EPSS
Exploits1References3
OSV
OSV
added 2023/02/24 12:0 p.m.11 views

RUSTSEC-2023-0018 Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)

The removedirall crate is a Rust library that offers additional features over the Rust standard library fs::removedirall function. It was possible to trick a privileged process doing a recursive delete in an attacker controlled directory into deleting privileged files, on all operating systems. F...

7.1AI score
Exploits0References4
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/01/17 5:0 p.m.24 views

Secure your business like you secure your home: 5 steps to protect against cybercrime

Running a business requires a lot of determination and sometimes a leap of faith. Every day brings a new challenge, and many times it can feel like the stress and uncertainty are too much. That’s when you remind yourself why you took the leap—the satisfaction of realizing your own vision—and you...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/06/06 1:25 p.m.19 views

Evaluating the Security of an Enterprise IoT Deployment at Domino's Pizza

Recently, I had a great opportunity to work with Domino's Pizza to evaluate an internally conceived Internet of Things IoT-based business solution they had designed and deployed throughout their US store locations. The goal of this research project was to understand the security implications arou...

7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/01/27 6:0 p.m.22 views

Measure the effectiveness of your Microsoft security with AttackIQ

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. To improve an organization’s cybersecurity readiness, you need to test that your detection and prevention technologies work as intended and that your security program is performing a...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/11/24 7:54 a.m.29 views

Webinar and eBook: The Dark Side of EDR. Are You Prepared?

Endpoint Detection and Response EDR platforms have received incredible attention as the platform for security teams. Whether you're evaluating an EDR for the first time or looking to replace your EDR, as an information security professional, you need to be aware of the gaps prior already to...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2021/05/13 2:25 p.m.47 views

Why MITRE ATT&CK matters—Choosing alert quality over quantity

Round 3 Carbanak/FIN7 results evaluation Last month, the researchers at MITRE Engenuity released the results of their most recent ATT&CK Evaluation, offering businesses an opportunity to make informed choices about their own security needs. This year, by modeling the ATT&CK testing after attack...

7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2020/12/03 5:21 p.m.28 views

Open Source Does Not Equal Secure

Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy people. They do not have the time to examine every piece of source code that is published. S...

0.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2020/01/29 5:53 p.m.49 views

Invoke-APT29: Adversarial Threat Emulation

MITRE recently conducted its second ATT&CK exercise in their ongoing annual series of Endpoint Security Efficacy testing and evaluation. This test focuses on assessing the behavioral capabilities of multiple endpoint security vendors against a simulated adversary, based closely around...

1.3AI score
Exploits0
Kitploit
Kitploit
added 2019/12/05 8:30 p.m.100 views

CORStest - A Simple CORS Misconfiguration Scanner

A simple CORSmisconfiguration scanner Based on theresearch of James Kettle CORStest is a quick & dirty Python 2 tool to find Cross-Origin Resource Sharing CORS misconfigurations. It takes a text file as input which may contain a list of domain names or URLs. Currently, the following potential...

6.4AI score
Exploits0References1
ThreatPost
ThreatPost
added 2019/06/27 8:16 p.m.407 views

Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank

Three publicly-accessible cloud storage buckets from data management company Attunity leaked more than a terabyte of data from its top Fortune 100 customers – including internal business documents, system passwords, sensitive employee information. Israel-based Attunity, which was acquired by Qlik...

6.9AI score
Exploits0References9
Microsoft Secure
Microsoft Secure
added 2019/04/01 7:0 p.m.36 views

Announcing the Microsoft Graph Security Hackathon winners

Bringing together information from multiple disconnected security systems to solve today’s security challenges is complex. We recently asked Microsoft Graph Security Hackathon participants to come up with innovative solutions using the Microsoft Graph Security API, and they did not disappoint. We...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2019/03/08 12:0 a.m.94 views

Drobo NAS Multiple Vulnerabilities in DroboAccess

Drobo NAS are prone to multiple vulnerabilities in DroboAccess. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

9.8CVSS8.2AI score0.29398EPSS
Exploits8References1
Schneier on Security
Schneier on Security
added 2019/02/25 12:23 p.m.75 views

On the Security of Password Managers

There's new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory? Al...

0.5AI score
Exploits0
Kitploit
Kitploit
added 2018/03/31 9:24 p.m.93 views

Magescan - Scan A Magento Site For Information

The idea behind this is to evaluate the quality and security of a Magento site you don't have access to. The scenario when you're interviewing a potential developer or vetting a new client and want to have an idea of what you're getting into. Installation .phar Download the magescan.phar file fro...

7.1AI score
Exploits0References2
Rows per page
Query Builder