119 matches found
Joern 4.0.557
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads "stable" as "secure." It usually isn't. The work slows down. The risk...
Toward Secure LLM Agents: Threat Surfaces, Attacks, Defenses, and Evaluation
Large language model LLM agents are rapidly moving from conversational interfaces to software components that plan, invoke tools, maintain memory, and act on external environments. This transition changes the nature of security risk. In agentic settings, failures are no longer limited to unsafe...
Joern 4.0.554
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
Missing Authorization
Overview @openclaw/discord is an OpenClaw Discord channel plugin Affected versions of this package are vulnerable to Missing Authorization through the registerPairCommand and resolvePairingCommandAuthState paths in the device-pair command handler. An attacker can generate pairing setup codes,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fixed KMS with 3D support in the HW version 10. The HW version 10 does not have GB Surfaces, so there is no backing buffer for surface-backed FBs. This could lead to a nullptr dereference, causing the driver to crash...
[SECURITY] Fedora 42 Update: SDL2_image-2.8.12-1.fc42
Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This package contains a simple library for loading images of various formats BMP, PPM, PCX, GIF, JPEG, PNG as SDL surfaces...
Joern 4.0.540
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
offsec-skills
offsec-exploit-research Elite adaptive whitebox exploit resea...
Missing Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the gateway process. An attacker can modify sensitive configuration paths and persist unsafe changes that cross security boundaries by leveraging model-driven...
Joern 4.0.533
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
The Adversarial Discount - AI, Signal Correlation, and the Cybersecurity Arms Race
We study a contest-theoretic model of adversarial investment in which an attacker and a defender allocate resources to AI-augmented capabilities across multiple attack surfaces. The attacker's investment operates through two channels: it amplifies offensive potency unconditionally and erodes...
Joern 4.0.530
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
Architecture Matters for Multi-Agent Security
Multi-agent systems MAS, composed of networks of two or more autonomous AI agents, have become increasingly popular in production deployments, yet introduce security risks that do not arise in single-agent settings. Even if individual agents exhibit robust security, architectural decisions...
Joern 4.0.527
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
Joern 4.0.525
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
The Hidden Security Risks of Shadow AI in Enterprises
As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing controls and...
EUVD-2026-20773
MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a...
Securing Retrieval-Augmented Generation: A Taxonomy of Attacks, Defenses, and Future Directions
Retrieval-augmented generation RAG significantly enhances large language models LLMs but introduces novel security risks through external knowledge access. While existing studies cover various RAG vulnerabilities, they often conflate inherent LLM risks with those specifically introduced by RAG. I...
ACIArena: Toward Unified Evaluation for Agent Cascading Injection
Collaboration and information sharing empower Multi-Agent Systems MAS but also introduce a critical security risk known as Agent Cascading Injection ACI. In such attacks, a compromised agent exploits inter-agent trust to propagate malicious instructions, causing cascading failures across the...