1951 matches found
Metasploit-Simulation-lab
🛡️ Metasploit Simulation Lab — Ethical Hacking Training !alt...
Hoverfly < 1.10.3 - Arbitrary File Read
Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...
CrowdStrike vs Hive Pro: VM Compared
CrowdStrike vs Hive Pro for Vulnerability Management CrowdStrike vs Hive Pro is not a simple feature checklist. It is a decision about how your security team wants to manage exposure: through an endpoint-centered platform that extends into vulnerability assessment, or through a vendor-neutral...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: vdpasim: Fixed a possible memory leak in vdpasimnetinit and vdpasimblkinit. When a fault is injected while probing a module, if deviceregister fails in vdpasimnetinit or vdpasimblkinit, but the refcount of kobject is not...
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations...
chrome-148-exploit-poc
World Fun Zone - 2026 Security Research Framework Conferen...
kv-cache-side-channel-poc
KV Cache Side-Channel: Cross-Tenant Timing Oracle Proof of co...
A Red Teaming Framework for Evaluating Robustness of AI-Enabled Security Orchestration, Automation, and Response Systems
AI-enabled Security Orchestration, Automation, and Response SOAR systems increasingly employ autonomous agents for cyber defense, yet their resilience to adaptive adversaries is underexplored. We introduce an autonomous red teaming framework that integrates large language models LLMs with...
Security Analysis of a Communication Protocol: MQTT
This paper analyzes the security of the Message Queuing Telemetry Transport MQTT protocol in the context of the Internet of Things IoT. The main objective consists of identifying vulnerabilities and proposing security improvements. Adopting a hybrid methodology, a theoretical review was combined...
Do Coding Agents Understand Least-Privilege Authorization?
As coding agents gain access to shells, repositories, and user files, least-privilege authorization becomes a prerequisite for safe deployment: an agent should receive enough authority to complete the task, without unnecessary authority that exposes sensitive surfaces.To study whether current...
EUVD-2026-28930
phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6...
CVE-2026-43248
A flaw was found in the Linux kernel's vhost subsystem. Specifically, a bug in the vdpasim component allows for an out-of-bounds write when a valid ASID Address Space ID is incorrectly assigned to a vDPA virtio Data Path Acceleration group. This could lead to memory corruption, potentially...
EUVD-2026-27809
In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...
DecodingTrust-Agent Platform (DTap): A Controllable and Interactive Red-Teaming Platform for AI Agents
AI agents are increasingly deployed across diverse domains to automate complex workflows through long-horizon and high-stakes action executions. Due to their high capability and flexibility, such agents raise significant security and safety concerns. A growing number of real-world incidents have...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: fscrypt: fix left shift underflow when inode-iblkbits PAGESHIFT When simulating an nvme device on qemu with both logicalblocksize and physicalblocksize set to 8 KiB, an error trace appears during partition table reading at boot...
Joint Secrecy and Covert Communication (JSACC): An Enhanced Physical Layer Security Approach
In this paper, we propose an enhanced physical layer security approach, named joint secrecy and covert communication JSACC, which aims to improve the performance of physical layer security PLS. The JSACC system can dynamically switch between secrecy mode and covert mode according to the channel...
Benefits of Breach and Attack Simulation in Vulnerability Management
Vulnerability management teams face an overwhelming challenge: tens of thousands of CVEs published annually, limited remediation capacity, and no reliable way to separate genuine threats from background noise. Traditional approaches rely on CVSS scores and scanner output, but these methods lack t...
CVE-2026-7183 aligungr UERANSIM Radio Link Simulation Layer rls_pdu.cpp DecodeRlsMessage uncaught exception
A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rlspdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may be...
CVE-2026-7059
A vulnerability was found in 666ghj MiroFish up to 0.1.2. This affects the function getsimulationposts of the file backend/app/api/simulation.py of the component Query Parameter Handler. Performing a manipulation of the argument Platform results in path traversal. The attack can be initiated...
CVE-2026-7058
A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...