Lucene search
K

1319 matches found

Veracode
Veracode
added 2025/12/13 4:36 a.m.7 views

Permission Bypass

Jenkins Folder-based Authorization Strategy Plugin is vulnerable to Permission Bypass. The vulnerability is due to the plugin not verifying that permissions configured to be granted are enabled, where users formerly granted optional permissions can access functionality they're no longer entitled...

6.8CVSS5.8AI score0.00302EPSS
Exploits0References2Affected Software1
Schneier on Security
Schneier on Security
added 2025/12/11 5:6 p.m.6 views

AIs Exploiting Smart Contracts

I have long maintained that smart contracts are a dumb idea: that a human process is actually a security feature. Here's some interesting research on training AIs to automatically exploit smart contracts: AI models are increasingly good at cyber tasks, as we've written about before. But what is t...

7.2AI score
Exploits0
CISA
CISA
added 2025/12/11 12:0 p.m.31 views

2025 CWE Top 25 Most Dangerous Software Weaknesses

The Cybersecurity and Infrastructure Security Agency CISA, in collaboration with the Homeland Security Systems Engineering and Development Institute HSSEDI, operated by the MITRE Corporation, has released the 2025 Common Weakness Enumeration CWE Top 25 Most Dangerous Software Weaknesseslink is...

7.2AI score
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/12/10 6:30 p.m.9 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1887 more potentially affected by CVE-2025-67635 via org.jenkins-ci.main:cli (>=1.396 <=2.528.2)

org.jenkins-ci.main:cli MAVEN version =1.396, =1.1, =0.0.1, =1.0, =55.v51410e712e0c, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.23 and more Source cves: CVE-2025-67635 Source advisory: OSV:GHSA-9P56-P6MW-W8QC...

7.5CVSS7.3AI score0.00515EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/07 12:0 a.m.27 views

RunawayEvil: Jailbreaking the Image-To-Video Generative Models

Image-to-Video I2V generation synthesizes dynamic visual content from image and text inputs, providing significant creative control. However, the security of such multimodal systems, particularly their vulnerability to jailbreak attacks, remains critically underexplored. To bridge this gap, we...

6.9AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2025/12/01 12:0 a.m.5 views

Elevate Your Cloud Security Strategy

Learn to elevate your cloud security strategy & overcome complexity with Vision One™...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/25 12:0 a.m.54 views

BrowseSafe: Understanding and Preventing Prompt Injection within AI Browser Agents

The integration of artificial intelligence AI agents into web browsers introduces security challenges that go beyond traditional web application threat models. Prior work has identified prompt injection as a new attack vector for web agents, yet the resulting impact within real-world environments...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/17 12:0 a.m.16 views

The Battle of Metasurfaces: Understanding Security in Smart Radio Environments

Metasurfaces, or Reconfigurable Intelligent Surfaces RISs, have emerged as a transformative technology for next-generation wireless systems, enabling digitally controlled manipulation of electromagnetic wave propagation. By turning the traditionally passive radio environment into a smart,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/10 5:21 p.m.3 views

MAL-2025-55431 Malicious code in budi-getas32-sukiwir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d791645d5e9e39699044ef5d9437ef369f2620eea9e0a8c339ac7b3d43d4047 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
hivepro
hivepro
added 2025/11/06 2:6 p.m.5 views

Your Guide to Risk-Based Vulnerability Management

Communicating security needs to leadership can be a challenge when you’re just presenting a long list of technical flaws. The conversation shifts when you can talk about risk in clear business terms. Instead of saying "we have 500 critical vulnerabilities," you can say "we have 15 vulnerabilities...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/04 12:0 a.m.6 views

AutoAdv: Automated Adversarial Prompting for Multi-Turn Jailbreaking of Large Language Models

Large Language Models LLMs remain vulnerable to jailbreaking attacks where adversarial prompts elicit harmful outputs, yet most evaluations focus on single-turn interactions while real-world attacks unfold through adaptive multi-turn conversations. We present AutoAdv, a training-free framework fo...

7.2AI score
Exploits0
Akamai Blog
Akamai Blog
added 2025/10/30 1:0 p.m.5 views

Discover the 3 Stages of Cloud Maturity by Taking Our Quiz

Discover the three stages of the cloud maturity model and learn how cloud adoption, strategy, and security drive digital transformation...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/30 12:0 a.m.7 views

A DRL-Empowered Multi-Level Jamming Approach for Secure Semantic Communication

Semantic communication SemCom aims to transmit only task-relevant information, thereby improving communication efficiency but also exposing semantic information to potential eavesdropping. In this paper, we propose a deep reinforcement learning DRL-empowered multi-level jamming approach to enhanc...

6.4AI score
Exploits0
EUVD
EUVD
added 2025/10/29 9:30 a.m.4 views

EUVD-2025-36617

Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through = 6.4.18...

4.3CVSS6.5AI score0.00177EPSS
Exploits0References2
HackRead
HackRead
added 2025/10/24 8:55 p.m.4 views

AI for the Financial Sector: How Strategy Consulting Helps You Navigate Risk

The financial industry is transforming as artificial intelligence AI is becoming an integral tool for managing operations, improving…...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.8 views

Enhanced MLLM Black-Box Jailbreaking Attacks and Defenses

Multimodal large language models MLLMs comprise of both visual and textual modalities to process vision language tasks. However, MLLMs are vulnerable to security-related issues, such as jailbreak attacks that alter the model's input to induce unauthorized or harmful responses. The incorporation o...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.8 views

Sensing Security in Near-Field ISAC: Exploiting Scatterers for Eavesdropper Deception

In this paper, we explore sensing security in near-field NF integrated sensing and communication ISAC scenarios by exploiting known scatterers in the sensing scene. We propose a location deception LD scheme where scatterers are deliberately illuminated with probing power that is higher than that...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/21 12:0 a.m.17 views

Genesis: Evolving Attack Strategies for LLM Web Agent Red-Teaming

As large language model LLM agents increasingly automate complex web tasks, they boost productivity while simultaneously introducing new security risks. However, relevant studies on web agent attacks remain limited. Existing red-teaming approaches mainly rely on manually crafted attack strategies...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/20 12:0 a.m.12 views

Multimodal Safety Is Asymmetric: Cross-Modal Exploits Unlock Black-Box MLLMs Jailbreaks

Multimodal large language models MLLMs have demonstrated significant utility across diverse real-world applications. But MLLMs remain vulnerable to jailbreaks, where adversarial inputs can collapse their safety constraints and trigger unethical responses. In this work, we investigate jailbreaks i...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/10/16 11:55 a.m.5 views

Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform

Scaling the SOC with AI - Why now? Security Operations Centers SOCs are under unprecedented pressure. According to SACR's AI-SOC Market Landscape 2025 , the average organization now faces around 960 alerts per day , while large enterprises manage more than 3,000 alerts daily from an average of 28...

6.2AI score
Exploits0
Rows per page
Query Builder