CritBench: A Framework for Evaluating Cybersecurity Capabilities of Large Language Models in IEC 61850 Digital Substation Environments

The advancement of Large Language Models LLMs has raised concerns regarding their dual-use potential in cybersecurity. Existing evaluation frameworks overwhelmingly focus on Information Technology IT environments, failing to capture the constraints, and specialized protocols of Operational...

Windows Service for User (S4U) Scheduled Task Persistence Logon Trigger

This Metasploit module creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires...

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260205.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could lead to unauthorized...

OpenViking 安全漏洞

OpenViking is an open-source artificial intelligence agent-based context database developed by Volcengine. Versions of OpenViking prior to 0.3.3 contained security vulnerabilities. These vulnerabilities stemmed from lack of authorization, which could allow unauthorized attackers to enumerate or...

Windows Service for User (S4U) Scheduled Task Persistence Logon Trigger

This Metasploit module creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires...

CVE-2026-5585

A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/taskmanager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit ha...

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Threat actors likely associated with the Democratic People's Republic of Korea DPRK have been observed using GitHub as command-and-control C2 infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows...

CVE-2026-5625

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting

A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gptresearcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may ...

GPT Researcher 代码注入漏洞

GPT Researcher is an AI-based deep research agent tool developed by Assaf Elovic as a personal development tool. Versions of GPT Researcher 3.4.3 and earlier have a code injection vulnerability, which stems from improper handling of the task parameter in the gptresearcher/skills/researcher.py fil...

PT-2026-30762

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

EUVD-2026-19115

A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/taskmanager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit ha...

CVE-2026-5585

A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/taskmanager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit ha...

CVE-2026-5585 Tencent AI-Infra-Guard Task Detail Endpoint task_manager.go information disclosure

A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/taskmanager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit ha...

CVE-2026-5585 Tencent AI-Infra-Guard Task Detail Endpoint task_manager.go information disclosure

A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/taskmanager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit ha...

CVE-2026-5585

Summary of CVE-2026-5585 : Tencent AI-Infra-Guard 4.0 contains a vulnerability in the Task Detail Endpoint, specifically an unknown function within the file common/websocket/task_manager.go. Manipulation of this element results in information disclosure. The attack may be initiated remotely and, ...

CVE-2026-5585

A vulnerability was found in Tencent AI-Infra-Guard 4.0. The affected element is an unknown function of the file common/websocket/taskmanager.go of the component Task Detail Endpoint. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit ha...

AI-Infra-Guard 访问控制错误漏洞

AI-Infra-Guard is an open-source AI security risk detection and red-team testing platform developed by Tencent. Version 4.0 of AI-Infra-Guard contains a access control vulnerability, which stems from incorrect handling of the file common/websocket/taskmanager.go, potentially leading to informatio...

PT-2026-30464

🚨 LIVE HIJACK ALERT — CVE-2026-77777. CVSS 8.9. attacker feeds poisoned task output to CrewAI agent memory. future tasks execute attacker instructions as if they were original goals. investigating. 🧵...