How Reliable Are AI Attackers against a Fixed Vulnerable Target? A 400-Run Empirical Study of LLM Penetration Testing Consistency

Large language models LLMs can autonomously conduct multi-stage cyber attacks, but the consistency of their offensive behavior under repeated trials remains unstudied. This work presents the first large-scale empirical measurement of LLM attack consistency: 400 autonomous penetration testing runs...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +215 more potentially affected by CVE-2026-37977 via org.keycloak:keycloak-services (>=10.0.0 <=9.0.3)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =0.1, =0.1, =1.0.1, =0.1, =1.0.1, =0.1, =1.2.0, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

🔐 SSH Exploit Tool Educational Use Only 📌 Description Th...

Shor's Harvest Now Decrypt Later

This plugin reports network services that may be vulnerable now to a future attack by adversaries using a cryptographically relevant quantum computer CRQC. Shor's is a theoretical algorithm that leverages the unique ability of quantum computation to do massively parallel calculations developed by...

CyberExplorer: Benchmarking LLM Offensive Security Capabilities in a Real-World Attacking Simulation Environment

Real-world offensive security operations are inherently open-ended: attackers explore unknown attack surfaces, revise hypotheses under uncertainty, and operate without guaranteed success. Existing LLM-based offensive agent evaluations rely on closed-world settings with predefined goals and binary...

CVE-2025-6196 Libgepub: integer overflow in libgepub's epub archive handling

A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected usage includes desktop services like...

Cybercriminals Actively Target VMware vSphere with Cryptominers

Organizations running sophisticated virtual networks with VMware’s vSphere service are actively being targeted by cryptojackers, who have figured out how to inject the XMRig commercial cryptominer into the environment, undetected. Uptycs’ Siddharth Sharma has released research showing threat acto...

Acronis: Found multiple SAP NetWeaver vulnerable services

Summary: Hello Team, I found two redapi.acronis.com and redapi2.acronis.com sap Netweaver vulnerable services. They do not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system,...

vulhub

It is an offensive tool for Vulnerability Research. This repository contains pre-built vulnerable environments based on Docker-Compose. The tool allows users to easily create and manage vulnerable environments for testing and research purposes. The environments are designed to be easy to use and...

India Witnessed Spike in Cyber Attacks Amidst Covid-19 - Here's Why?

The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity. With increased remote working for better business...

Capsulecorp-Pentest - Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test

Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test. 1. Capsulecorp Pentest The Capsulecorp Pentest is a small virtual network managed by vagrant and ansible. It contains five virtual machines, including one Linux attacking system running xubuntu and 4 Windows 2019...

"Can I Take Over XYZ?" - A List Of Services And How To Claim (Sub)Domains With Dangling DNS Records

What is asubdomain takeover? Subdomain takeover vulnerabilities occur when a subdomain subdomain.example.com is pointing to a service e.g. GitHub pages, Heroku, etc. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page ...

vulhub

This is a Docker Compose file for a vulnerability environment. It is a collection of services and their configurations that can be used to test and demonstrate various vulnerabilities. The file is written in YAML format and defines the services, their ports, and their dependencies. The services...

DNS Rebinding Attack: DNS Rebind Toolkit

DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network LAN. It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, “smart” thermostats, and other IoT devices. Wi...

Implementing the CIS 20 Critical Security Controls: Delving into More Sophisticated Techniques

Corden Pharma needed a standardized security program to meet customer requirements. Link3 Technologies wanted to prioritize its network security improvements. Telenet was looking for a road map to implement its ISO-27000 compliance program. These three companies — a German pharmaceutical contract...

Intentionally Vulnerable Machine for Exploit Testing: Metasploitable3

Intentionally Vulnerable Machine for Exploit Testing Metasploitable3 is a free virtual machine that allows you to simulate attacks largely using Metasploit. It has been used by people in the security industry for a variety of reasons: such as training for network exploitation, exploit development...

Web Security Dojo

Web Security Dojo is a preconfigured, stand-alone training environment for Web Application Security. Virtualbox and VMware versions are available for download. Dojo is an open source project intended to be used as a training environment, and shouldn’t be used as a pen-testing platform due to the...

Ladder logic

The devices tested by the Basecamp Project included the D20 PLC by GE, The Modicon Quantum by Schneider Electric, Rockwell and Koyo Electronics. Each device was tested using a number of additional attack vectors. Researchers attempted to upload custom firmware or so-called “ladder logic” for the...

Computer Associates Advantage Ingres 2.6 Denial of Service

Exploit for windows platform in category dos / poc ========================================================== Computer Associates Advantage Ingres 2.6 Denial of Service ========================================================== Exploit Title: Computer Associates Advantage Ingres 2.6 Denial of...

[Full-disclosure] Privilege Scalation for Windows Networks using weak Service restrictions v2.0 exploit

Proof of concept of Sudhakar Govindavajhala and Andrew Appel paper http://www.cs.princeton.edu/sudhakar/papers/winval.pdf Running as an unprivileged user you can test if your services are vulnerable and can be used to install a backdoor. Both source code and binary included Microsoft advisory:...