Exploit for CVE-2026-2256

CVE-2026-...

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft has unveiled a new multi-model artificial intelligence AI-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for m ulti-mod el a gentic s canning h...

MATRA: Modeling the Attack Surface of Agentic AI Systems -- OpenClaw Case Study

LLMs are increasingly deployed as autonomous agents with access to tools, databases, and external services, yet practitioners across different sectors lack systematic methods to assess how known threat classes translate into concrete risks within a specific agentic deployment. We present MATRA, a...

Heimdallr: Characterizing and Detecting LLM-Induced Security Risks in GitHub CI Workflows

GitHub Continuous Integration CI workflows increasingly integrate Large Language Models LLMs to automate review, triage, content generation, and repository maintenance. This creates a new attack surface: externally controllable workflow inputs can shape LLM prompts and outputs, which may in turn...

Revisiting JBShield: Breaking and Rebuilding Representation-Level Jailbreak Defenses

Defending large language models LLMs against jailbreak attacks, such as Greedy Coordinate Gradient GCG, remains a challenge, particularly under adaptive threat models where an attacker directly targets the defense mechanism. JBShield, a recent jailbreak defense with a 0% attack success rate in so...

VulStyle: A Multi-Modal Pre-Training for Code Stylometry-Augmented Vulnerability Detection

We present VulStyle, a multi-modal software vulnerability detection model that jointly encodes function-level source code, non-terminal Abstract Syntax Tree AST structure, and code stylometry CStyle features. Prior work in code representation primarily leverages token-level models or full AST...

Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2)

Understanding and defending your GitHub Actions - from threat model to security controls...

Security and Privacy in Virtual and Robotic Assistive Systems: A Comparative Framework

Assistive technologies increasingly support independence, accessibility, and safety for older adults, people with disabilities, and individuals requiring continuous care. Two major categories are virtual assistive systems and robotic assistive systems operating in physical environments. Although...

Backstage has a Possible Symlink Path Traversal in Scaffolder Actions

Impact Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to: 1. Read arbitrary files via the debug:log action by creating a symlink pointin...

CVE-2026-24046 Backstage has a Possible Symlink Path Traversal in Scaffolder Actions

Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files vi...

CVE-2026-24046 Backstage has a Possible Symlink Path Traversal in Scaffolder Actions

Backstage is an open framework for building developer portals. Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with access to create and execute Scaffolder templates could exploit symlinks to read arbitrary files vi...

QES-Backed Virtual FIDO2 Authenticators: Architectural Options for Secure, Synchronizable WebAuthn Credentials

FIDO2 and the WebAuthn standard offer phishing-resistant, public-key based authentication but traditionally rely on device-bound cryptographic keys that are not naturally portable across user devices. Recent passkey deployments address this limitation by enabling multi-device credentials...

Analyzing Code Injection Attacks on LLM-Based Multi-Agent Systems in Software Development

Agentic AI and Multi-Agent Systems are poised to dominate industry and society imminently. Powered by goal-driven autonomy, they represent a powerful form of generative AI, marking a transition from reactive content generation into proactive multitasking capabilities. As an exemplar, we propose a...

SoK: Reviewing Two Decades of Security, Privacy, Accessibility, and Usability Studies on Internet of Things for Older Adults

The Internet of Things IoT has the potential to enhance older adults' independence and quality of life, but it also exposes them to security, privacy, accessibility, and usability SPAU risks. We conducted a systematic review of 44 peer-reviewed studies published between 2004 and 2024 using a...

EUVD-2017-14720

Malware in sbrugna...

EUVD-2025-25782

Malicious code in bioql PyPI...

SoK: Systematic Analysis of Adversarial Threats against Deep Learning Approaches for Autonomous Anomaly Detection Systems in SDN-IoT Networks

Integrating SDN and the IoT enhances network control and flexibility. DL-based AAD systems improve security by enabling real-time threat detection in SDN-IoT networks. However, these systems remain vulnerable to adversarial attacks that manipulate input data or exploit model weaknesses,...

SEV-SNP Physical Memory Aliasing

Summary Researchers have reported a method for privileged attackers with physical access to a motherboard to potentially compromise confidentiality and integrity of AMD Secure Encrypted Virtualization – Secure Nesting Paging SEV-SNP guests. AMD does not plan to release any mitigations in response...

RAG Security and Privacy: Formalizing the Threat Model and Attack Surface

Retrieval-Augmented Generation RAG is an emerging approach in natural language processing that combines large language models LLMs with external document retrieval to produce more accurate and grounded responses. While RAG has shown strong potential in reducing hallucinations and improving factua...

A Survey and Evaluation Framework for Secure DNS Resolution

Since security was not among the original design goals of the Domain Name System herein called Vanilla DNS, many secure DNS schemes have been proposed to enhance the security and privacy of the DNS resolution process. Some proposed schemes aim to replace the existing DNS infrastructure entirely,...