887 matches found
Pen-Strategist: A Reasoning Framework for Penetration Testing Strategy Formation and Analysis
Cyber threats are rapidly increasing, expanding their impact from large-scale enterprises to government services and individual users, making robust security systems increasingly essential. However, a significant shortage of skilled cybersecurity professionals exacerbates this challenge. While...
AFL-ICP: Enhancing Industrial Control Protocol Reliability Via Specification-Guided Fuzzing
Industrial Control Protocols ICPs are critical to the reliability and stability of industrial infrastructure, yet their security is fundamentally compromised by a specification-blindness bottleneck. Modern fuzzers, constrained by observation-driven inference, struggle to penetrate deep protocol...
The Infinite Mutation Engine? Measuring Polymorphism in LLM-Generated Offensive Code
Malware authors have traditionally relied on polymorphic techniques to produce variants in the same malware family, complicating signature-based detection. Integrating generative AI into offensive toolchains enables attackers to synthesize structurally diverse payloads with identical behavior,...
CodeQL 2.25.3
Discover vulnerabilities across a codebase with CodeQL, an industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same...
WOOTdroid: Whole-System Online On-Device Tracing for Android
System auditing on Android faces two problems. First, existing syscall tracers lose events under load, silently overwriting entries faster than a user space reader can drain them. Second, security-relevant application behavior is mediated through Binder, Android's kernel IPC mechanism, and is...
From CRUD to Autonomous Agents: Formal Validation and Zero-Trust Security for Semantic Gateways in AI-Native Enterprise Systems
Enterprise software engineering is shifting away from deterministic CRUD/REST architectures toward AI-native systems where large language models act as cognitive orchestrators. This transition introduces a critical security tension: probabilistic LLMs weaken classical mechanisms for validation,...
Malicious code in semantic_search_client (crates.io)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2495e4537e60cafc5bc13f96987b82749fce367078ee036e3e4fb4421b5bdf4c The OpenSSF Package Analysis project identified 'semantic-search-client' @ 99.0.1 crates.io as malicious. It is considered malicious because: -...
MAL-2026-3102 Malicious code in semantic_search_client (crates.io)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2495e4537e60cafc5bc13f96987b82749fce367078ee036e3e4fb4421b5bdf4c The OpenSSF Package Analysis project identified 'semantic-search-client' @ 99.0.1 crates.io as malicious. It is considered malicious because: -...
GoAT-X: A Graph of Auditing Thoughts for Securing Token Transactions in Cross-Chain Contracts
Cross-chain bridges, the critical infrastructure of the multi-chain ecosystem, have become a primary target for attackers, resulting in over $2.8 billion in losses due to subtle implementation flaws. Existing defenses, such as bytecode-level static analysis, are ill-equipped to handle the semanti...
Vulnerability Identification by Harnessing Inter-Connected Multi-Source Information
The utilization of third-party open-source libraries is widespread in modern software development. Due to the dependency relationships, vulnerabilities within open-source libraries pose significant security threats to downstream software. However, the library vulnerabilities are usually implicitl...
AgentVisor: Defending LLM Agents against Prompt Injection Via Semantic Virtualization
Large Language Model LLM agents are increasingly used to automate complex workflows, but integrating untrusted external data with privileged execution exposes them to severe security risks, particularly direct and indirect prompt injection. Existing defenses face significant challenges in balanci...
DETOUR: A Practical Backdoor Attack against Object Detection
Object detection OD is critical to real-world vision systems, yet existing backdoor attacks on detection transformers DETRs for OD tasks rely on patch-wise triggers optimized at fixed locations with minimal perturbations. Such attacks overlook that backdoor triggers in the real world may appear a...
Structured Security Auditing and Robustness Enhancement for Untrusted Agent Skills
Agent Skills package SKILL.md files, scripts, reference documents, and repository context into reusable capability units, turning pre-load auditing from single-prompt filtering into cross-file security review. Existing guardrails often flag risk but recover malicious intent inconsistently under...
Ghost in the Agent: Redefining Information Flow Tracking for LLM Agents
Autonomous Large Language Model LLM agents are increasingly deployed to conduct complex tasks by interacting with external tools, APIs, and memory stores. However, processing untrusted external data exposes these agents to severe security threats, such as indirect prompt injection and unauthorize...
Semantic Denial of Service in LLM-Controlled Robots
Safety-oriented instruction-following is supposed to keep LLM-controlled robots safe. We show it also creates an availability attack surface. By injecting short safety-plausible phrases 1-5 tokens into a robots audio channel, an adversary can trigger the models safety reasoning to halt or disrupt...
Mitigate or Fail: How Risk Management Shapes Cybersecurity Competency
Contemporary cybersecurity governance assumes that professionals apply risk reasoning. Yet major organisational failures persist despite investment in tools, staffing, and credentials. This study investigates the structural source of that paradox. Cybersecurity speaks the language of risk, but it...
EUVD-2025-209538
Cross-Site Scripting XSS vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploit...
CVE-2025-10354
Cross-Site Scripting XSS vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploit...
CVE-2025-10354
Cross-Site Scripting XSS vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploit...
CVE-2025-10354 Reflected Cross-Site Scripting (XSS) in Semantic MediaWiki
Cross-Site Scripting XSS vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploit...