AEGIS: No Tool Call Left Unchecked -- a Pre-Execution Firewall and Audit Layer for AI Agents

AI agents increasingly act through external tools: they query databases, execute shell commands, read and write files, and send network requests. Yet in most current agent stacks, model-generated tool calls are handed to the execution layer with no framework-agnostic control point in between...

Trojans in Artificial Intelligence (TrojAI) Final Report

The Intelligence Advanced Research Projects Activity IARPA launched the TrojAI program to confront an emerging vulnerability in modern artificial intelligence: the threat of AI Trojans. These AI trojans are malicious, hidden backdoors intentionally embedded within an AI model that can cause a...

Microsoft Security Update Validation Report November 2022

Microsoft’s November 2022 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English-only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...

Add Ergonomic Security to Your CI/CD Pipeline

Wikipedia defines ergonomics as “the application of psychological and physiological principles to the engineering and design of products, processes, and systems. The goal … is to reduce human error, increase productivity, and enhance safety and comfort with a specific focus on the interaction...

Mongoose Web Server 2.11 Directory Traversal

Exploit Title: Mongoose 2.11 Directory Traversal Date: 29 Oct Author: nitr0us Alejandro Hernandez H. Software Link: http://mongoose.googlecode.com/files/mongoose-2.11.exe Version: 2.11 Windows Version Tested on: Windows XP Service Pack 2 Chatsubo inSecurity Dark Labs...

Flash FTP Server - Directory Traversal

TestCode: C:\ftp localhost Connected to server. 220 Flash FTP Server v2.1 ready... User server:none: CoolICE 331 Password required for CoolICE. Password: 230 User CoolICE logged in. ftp get /winnt/system.ini 200 Port command successful. 150 Opening data connection for /winnt/system.ini. 226 File...

Securax-SA-09.serv-u

===================================================================== Securax-SA-09 Security Advisory belgian.networking.security Dutch ===================================================================== Topic: Catsoft serv-U FTP Directory Transversal Vulnerability Announced: 2000-12-03 Updated...

isc-dhcpd.exploit.txt

Somebody at OpenBSD discovered a possible root exploit in the ISC DHCP client. I can confirm that as of 6:23am on June 23rd after several hours of hacking around the sources I had the following dhcpd config running on my own machine's private network for testing: shared-network LOCAL-NET option...