Lucene search
K

171 matches found

Filippo.io
Filippo.io
added 2026/06/23 1:0 p.m.18 views

Vulnerability Reports Are Not Special Anymore

A requirement for staying sane while working in public as an open source maintainer is realizing that every issue, PR, and piece of feedback is a present, not an obligation. You can accept it, ignore it, and use it partially or not at all. Except… For years, as lead of the Go Security team at the...

5.9AI score
Exploits0
OSV
OSV
added 2026/06/11 8:26 p.m.7 views

GHSA-6P54-FW2F-Q7GF DevGuard has improper authorization on public assets

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/11 8:26 p.m.10 views

DevGuard has improper authorization on public assets

Impact On a DevGuard API instance with one or more public assets, any authenticated user — including users from a different organization with no membership or role in the affected org/project — can create, update, reapply, and delete VEX rules on those public assets. The same flaw affects the oth...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.33 views

DNGInspector Structural Analyzer for DNG/TIFF Metadata and IFD Anomaly Detection

This Python script implements a static inspection tool for Digital Negative DNG files by parsing the TIFF-based header and analyzing Image File Directory IFD entries for structural anomalies. The tool validates basic header fields, traverses IFD records, and flags suspicious metadata patterns suc...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.8 views

When Discovery Outpaces Remediation: Modeling AI-Accelerated Vulnerability Discovery in Interconnected Systems

Advanced AI systems for code analysis, binary analysis, fuzzing orchestration, and penetration-test planningmay significantly increase the rate at which latent vulnerabilities are discovered. While improved discovery can benefit defenders, it can also overload remediation pipelines and accelerate...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44246

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowednonwriteusers: $...

7.2CVSS5.5AI score0.00242EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.10 views

NLLog: Lightweight, Explainable SOC Anomaly Detection Via Log-To-Language Rewriting

System-generated logs underpin security monitoring, yet their rigid template-based format hinders both automated analysis and human comprehension. We present NLLog Natural-Language Log, a lightweight pipeline that deterministically rewrites parsed templates into WHO-WHAT-SEVERITY sentences, pools...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/01 12:53 p.m.121 views

snyk-agentic-appsec-poc

Snyk Agentic AppSec POC Proof of concept demonstrating autono...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/28 6:0 p.m.12 views

Less panic patching, more precision

Welcome to this week's edition of the Threat Source newsletter. Recently, Martin closed his introduction with a warning: Ready or not, the time of much patching is coming. I've been chewing on that one for a while because I'm rethinking my own enrichment pipelines along these lines, and the...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/27 6:30 p.m.102 views

watch-tower

OT/ICS Threat Intelligence Lab Local threat intelligence lab...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/25 11:30 a.m.28 views

The Alert Firehose Finally Meets Its Match

Ask a cybersecurity pro about Network Detection and Response NDR and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase fewer false positive...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/23 12:0 a.m.17 views

Demystifying the Mythos or Disrupting Bugonomics? from Zero-Day Asymmetry to Defender Remediation Throughput

Recent demonstrations of large language models producing candidate and confirmed vulnerabilities in production software have renewed the narrative that AI will reshape offensive and defensive security. Headlines emphasize capability; they rarely interrogate costs and incentives. This paper examin...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.17 views

PT-2026-42473

Name of the Vulnerable Software and Affected Versions gdk-pixbuf-loader-libheif versions prior to 1.22.2-1.1 Description An integer underflow leads to an out-of-bounds OOB memory access. This issue was discovered using AI-assisted fuzzing, a technique that uses artificial intelligence to...

7.1CVSS5.8AI score0.00343EPSS
Exploits0References62
GithubExploit
GithubExploit
added 2026/05/20 4:15 a.m.92 views

SOC-Alert-Investigation-Portfolio

SOC Alert Investigation Portfolio This repository contains pr...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/18 12:9 a.m.79 views

sec-recon-agent

sec-recon-agent Type-safe security triage built on Pydantic A...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/17 12:0 a.m.58 views

LITE-SOC: Lightweight Security Operations Center Simulator for Cybersecurity Education

This innovative practice WIP paper describes LITE-SOC, a lightweight web-based Security Operations Center SOC simulator designed for instructor-led cybersecurity education. SOC analysts must triage large volumes of alerts, separate genuine threats from false positives, and communicate decisions...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/12 9:16 p.m.12 views

CVE-2026-44246

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowednonwriteusers: $...

7.2CVSS0.00242EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 8:41 p.m.47 views

CVE-2026-44246 nnU-Net: Agentic workflow injection in `.github/workflows/issue-triage.yml` of `MIC-DKFZ/nnUNet`

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowednonwriteusers: $...

7.2CVSS0.00242EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/12 8:41 p.m.6 views

CVE-2026-44246 nnU-Net: Agentic workflow injection in `.github/workflows/issue-triage.yml` of `MIC-DKFZ/nnUNet`

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowednonwriteusers: $...

7.2CVSS5.8AI score0.00242EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:41 p.m.10 views

CVE-2026-44246

nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowednonwriteusers: $...

7.2CVSS5.8AI score0.00242EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder