162 matches found
CVE-2026-53151
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpcinputsoftacks and a potential incorrect access of the buffer in a fragmented UDP packet the packet would probably hav...
High-Precision APT Malware Attribution with Out-Of-Scope Resilience
Early attribution of Advanced Persistent Threat APT activity can help defenders prioritise investigation, select countermeasures, and reduce the impact of an intrusion. Malware provides useful attribution evidence, but automated APT malware attribution remains difficult in practice. Existing...
astral-tokio-tar has a PAX Header Desynchronization issue
Impact Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle...
Hijacking Agent Memory: Stealthy Trojan Attacks through Conversational Interaction
Large language model LLM agents increasingly leverage long term memory to support persistent and autonomous task execution. However, this capability also introduces a new attack surface: memory poisoning, where adversaries can inject malicious information to influence future behavior. Existing...
HammerSim: A System-Level Tool to Model RowHammer
Modern architecture research relies on simulators to evaluate system security, yet analyzing emerging hardware vulnerabilities like RowHammer requires full-system visibility. As RowHammer vulnerabilities worsen with continuous technology scaling, existing simulators lack the system-level models...
RUSTSEC-2026-0145 PAX Header Desynchronization in astral-tokio-tar
Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...
PAX Header Desynchronization in astral-tokio-tar
Versions of astral-tokio-tar prior to 0.6.2 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...
@draadnl/openstad-cms (>=0.12.2 <=0.12.3), apostrophe-personas (>=2.0.0 <=2.2.1) +3 more potentially affected by CVE-2026-45013 via apostrophe (>=0.5.393 <=2.227.12)
apostrophe NPM version =0.5.393, =0.12.2, =2.0.0, =0.5.0, =1.0.0, =1.0.2 Source cves: CVE-2026-45013 Source advisory: OSV:GHSA-GF43-24G3-5HW2...
@draadnl/openstad-cms (>=0.12.2 <=0.12.3), apostrophe-personas (>=2.0.0 <=2.2.1) +3 more potentially affected by CVE-2026-45012 via apostrophe (>=0.5.393 <=2.227.12)
apostrophe NPM version =0.5.393, =0.12.2, =2.0.0, =0.5.0, =1.0.0, =1.0.2 Source cves: CVE-2026-45012 Source advisory: OSV:GHSA-PR28-MF3Q-QPG6...
Bit-Flip Vulnerability of Shared KV-Cache Blocks in LLM Serving Systems
Rowhammer on GPU DRAM has enabled adversarial bit flips in model weights; shared KV-cache blocks in LLM serving systems present an analogous but previously unexamined target. In vLLM's Prefix Caching, these blocks exist as a single physical copy without integrity protection. Using software fault...
@draadnl/openstad-cms (>=0.12.2 <=0.12.3), apostrophe-personas (>=2.0.0 <=2.2.1) +3 more potentially affected by CVE-2026-33888 via apostrophe (>=0.5.393 <=2.227.12)
apostrophe NPM version =0.5.393, =0.12.2, =2.0.0, =0.5.0, =1.0.0, =1.0.2 Source cves: CVE-2026-33888 Source advisory: OSV:GHSA-XHQ9-58FW-859P...
GoodVibe: Security-By-Vibe for LLM-Based Code Generation
Large language models LLMs are increasingly used for code generation in fast, informal development workflows, often referred to as vibe coding, where speed and convenience are prioritized, and security requirements are rarely made explicit. In this setting, models frequently produce functionally...
SysFuSS: System-Level Firmware Fuzzing with Selective Symbolic Execution
Firmware serves as the critical interface between hardware and software in computing systems, making any bugs or vulnerabilities particularly dangerous as they can cause catastrophic system failures. While fuzzing is a promising approach for identifying design flaws and security vulnerabilities,...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003677)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003677 advisory. Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selectiv...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002909)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002909 advisory. The tcpchecksendhead function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which...
GoFundMe Ignores Own Rules by Hosting a Legal-Defense Fund for the ICE Agent Who Killed Renee Good
The fundraiser for the ICE agent in the Renee Good killing has stayed online in seeming breach of GoFundMe’s own terms of service, prompting questions about selective enforcement...
CVE-2013-7333
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices...
Building Browser Agents: Architecture, Security, and Practical Solutions
Browser agents enable autonomous web interaction but face critical reliability and security challenges in production. This paper presents findings from building and operating a production browser agent. The analysis examines where current approaches fail and what prevents safe autonomous operatio...
EUVD-2025-74269
Malicious code in selectivepikefuchsia-11 npm...
EUVD-2025-75682
Malicious code in selectivecanid-apptea npm...