Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A NULL pointer dereference occurred in amdgpudmconnectoraddcommonmodes. In amdgpudmconnectoraddcommonmodes, amdgpudmcreatecommonmode assigns mode to mode, and mode is directly passed to drmmodeprobedadd...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Added a check on the callback function pointer before its call. In dpucoreirqcallbackhandler, the pointer pointing to the callback function is checked to be NULL. However, the callback function is then called...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: A NULL pointer dereference was fixed in qlcnic83xxaddrings. In qlcnic83xxaddrings, the indirect function ahw-hwops-allocmbxargs is called to allocate memory for cmd.req.arg. A dereference of this variable...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Ring-Buffer: Fixed the possibility of dereferencing an uninitialized pointer. There is a pointer called headpage in the function rbmetavalidateevents. This pointer is not initialized at the beginning of the function. This pointer...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The issue in fdt: fix off-by-one error in unflattendtnodes Commit 78c44d910d3e “drivers/of: Fix depth when unflattening devicetree” forgot to fix the depth check in the loop body of unflattendtnodes. This could lead to an overflo...

ClickFix HTML Static Detector

This script is a lightweight static analysis tool designed to identify HTML pages that exhibit patterns commonly associated with ClickFix-style social engineering campaigns...

Can Open-Source LLM Agents Replace Static Application Security Testing Tools? an Empirical Assessment

This paper explores the value of agentic AI tools for cybersecurity purposes. We evaluate the efficacy of a general-purpose GenAI Large Language Model- GenAI- based agent when powered by three different Ollama-hosted general-purpose open source models. We assess each agent's performance using...

The Hardest Fork

Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few dozen issues out of thousands of things...

janus-security-platform

Agentic Security Platform Payments-domain SAST + autonomous P...

MOLOT System Card: Malicious Operational Logic Observation Transformer

MOLOT Malicious Operational Logic Observation Transformer is a static malicious-code detection system designed for SAST setup where package metadata, maintainer history, and dynamic execution traces may be unavailable or unreliable. The system represents source code as behavior sequences derived...

angr 9.2.221

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

Description-Code Inconsistency in Real-World MCP Servers: Measurement, Detection, and Security Implications

The Model Context Protocol MCP has emerged as a critical standard empowering Large Language Models LLMs to utilize external tools. In this ecosystem, LLMs rely on natural language descriptions provided by MCP servers to select and execute functions. This interaction implicitly assumes that tool...

multi-layered-security-assessment

Advanced Network Attack and Defense: Multi-Layered Assessment...

Don't Trust Us: A Privacy-By-Design Android Malware Detection Pipeline

Android malware detection increasingly relies on collecting and processing sensitive user data, including device identifiers, network artifacts, and runtime traces, while privacy is too often treated as a secondary concern. Existing privacy-aware approaches typically enforce privacy after data...

angr 9.2.220

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

ClawHub Security Signals: When VirusTotal, Static Analysis, and SkillSpector Disagree

Agent skills extend AI agents with reusable instructions, tools, scripts, references, and workflows, establishing a security boundary distinct from both model safety and traditional package-malware detection. ClawHub Security Signals is a sanitized dataset of 67,453 latest public OpenClaw skill...

How to Compare the Security of Code Written by Humans to LLM-Generated Code

Large language models LLMs are rapidly transforming how software is created and maintained. Comparing LLM-generated code against human-written standards is essential to determine whether these new tools uphold or erode the security baselines established by professional developers. Yet, we lack a...

EUVD-2026-32334

In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix refcount leak in pcsaddgpiofunc ofparsephandlewithargs returns a devicenode pointer with refcount incremented in gpiospec.np. The loop iterates through all phandles but never releases the reference, causing a...

UBUNTU-CVE-2026-45947

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpuacpienumeratexcc In amdgpuacpienumeratexcc, if amdgpuacpidevinit returns -ENOMEM, the function returns directly without releasing the allocated xccinfo, resulting in a memory leak. Fix this by...

angr 9.2.219

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...