From Attack Simulation to SIEM Rule: Deterministic Detection-As-Code Synthesis with Probe-Level Traceability

Security teams routinely simulate attacks against their own systems to check whether their monitoring would catch a real intruder. These Breach-and-Attack-Simulation BAS tools surface findings, but the security information and event management SIEM systems that watch production need detection rul...

groovestrike

GrooveStrike Autonomous Penetration Testing Framework...

Exploit for SQL Injection in Progress Moveit_Cloud

CVE-2023-34362 MOVEit Transfer Vulnerability Analysis Proj...

Evolution of Log-Based Detection Rules in Public Repositories

Log-based detection rules remain central to modern security operations, encoding domain expertise that analysts iteratively refine to balance detection coverage against alert volume. Yet while prior work has examined the evolution of network intrusion detection signatures, the longitudinal behavi...

Exploit for CVE-2026-31431

CVE-2026-31431 "Copy Fail" — Defensive Detection Package A pr...

ctf-writeups

ctf-writeups Retos de HTB, TryHackMe y DFIR — documentado...

Cyber Defense Benchmark: Agentic Threat Hunting Evaluation for LLMs in SecOps

We introduce the Cyber Defense Benchmark, a benchmark for measuring how well large language model LLM agents perform the core SOC analyst task of threat hunting: given a database of raw Windows event logs with no guided questions or hints, identify the exact timestamps of malicious events. The...

CTI-REALM: A new benchmark for end-to-end detection rule generation with AI agents

Excerpt: CTI-REALM is Microsoft’s open-source benchmark for evaluating AI agents on real-world detection engineering—turning cyber threat intelligence CTI into validated detections. Instead of measuring “CTI trivia,” CTI-REALM tests end-to-end workflows: reading threat reports, exploring telemetr...

CVE-2005-1639

SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 allows remote attackers to execute arbitrary SQL commands via the 1 username, 2 password, or 3 domain fields...

CVE-2020-12039

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model 35700BAX2 contain hardcoded passwords when physically entered on the keypad provide access to biomedical menus including device settings, view calibration value...

CVE-2025-46256

Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10...

EUVD-2025-175746

Malicious code in user-route-fast-easy-sigma npm...

EUVD-2025-175484

Malicious code in xi-minify-bundle-sigma-query npm...

EUVD-2025-176390

Malicious code in sigma-byte-minify-cache-float npm...

EUVD-2025-176303

Malicious code in socket-sigma-minify-pipe-array npm...

EUVD-2025-176391

Malicious code in sigma-awk-abstract-error-kappa npm...

EUVD-2025-175988

Malicious code in test-sigma-reject-daemon-cold npm...

Malicious code in xi-minify-bundle-sigma-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d0d9afe7d7141055c0838ad1a3d5294b15a110475b4a168a1ba8da29c0f3f468 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-176386

Malicious code in sigma-query-interpret-phi-process npm...

EUVD-2025-176595

Malicious code in root-rain-catch-sigma-float npm...