Agents of Chaos

We report an exploratory red-teaming study of autonomous language-model-powered agents deployed in a live laboratory environment with persistent memory, email accounts, Discord access, file systems, and shell execution. Over a two-week period, twenty AI researchers interacted with the agents unde...

CVE-2025-14988 Incorrect Permission Assignment for Critical Resource vulnerability in iba Systems ibaPDA

A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain conditions. This may impact the confidentiality, integrity, or availability of the system...

Who Approved This Agent? Rethinking Access, Accountability, and Risk in the Age of AI Agents

AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the enterprise. Then comes the moment every security team eventually hits: “Wait… who approved this?”...

Arista DANZ Monitoring Fabric 安全漏洞

Arista DANZ Monitoring Fabric is a traffic monitoring, security, and performance analytics platform from Arista USA. A security vulnerability exists in Arista DANZ Monitoring Fabric that stems from improperly configured SSH session multiplexing, which could result in file system operations being...

EUVD-2021-2374

Malware in sbrugna...

CVE-2018-16267

The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before...

CVE-2023-4827 File Manager Pro < 1.8 - Remote Code Execution via CSRF

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...

PT-2023-30751 · WordPress · File Manager Pro

Name of the Vulnerable Software and Affected Versions: File Manager Pro WordPress plugin versions prior to 1.8 Description: The issue arises from the improper checking of the CSRF nonce in the fs connector AJAX action. This allows attackers to perform highly privileged file system actions via CSR...

CVE-2018-16268

The CVE-2018-16268 issue affects Tizen SoundServer/FocusServer system services where improper D-Bus security policy allows an unprivileged process to trigger media actions (e.g., play arbitrary sounds or DTMF tones). Affected: Tizen before 5.0 M1 and Tizen-based firmwares (Galaxy Gear) before bui...

Security Update for Windows 2000 (KB951746)

A security issue has been identified that could allow a remote attacker to misrepresent a system action or behavior unbeknownst to users on Microsoft Windows systems. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart...