Common Vulnerabilities And Exposures
PulseAugur coverage of Common Vulnerabilities And Exposures — every cluster mentioning Common Vulnerabilities And Exposures across labs, papers, and developer communities, ranked by signal.
2 天有情绪数据
-
Prompt engineering guide details structured data extraction from advisories
This tutorial details a method for extracting structured data from unstructured text, specifically focusing on cybersecurity advisories. It outlines a process using the OpenAI API, Pydantic for schema definition and val…
-
AI tool MOAK autonomously exploits new security vulnerabilities
MOAK, also known as Mother of All KEVs, is a new AI-powered tool designed to rapidly exploit newly discovered security vulnerabilities. This agentic workflow can autonomously identify and exploit CVEs as soon as they ar…
-
AI security tools may hallucinate vulnerabilities from training data
Large language models used for AI-assisted vulnerability discovery can falsely present information from their training data as novel findings. This occurs because LLMs cannot distinguish between recalling information ab…
-
Mythos AI模型“发现”的漏洞已存在于训练数据中
AI模型Mythos“发现”了一个FreeBSD漏洞,该漏洞实际上已存在于其训练数据中。这种情况引发了对基于海量数据集训练的AI模型的可靠性和安全性的担忧,因为它们可能会无意中复制或未能识别现有的安全缺陷。该事件凸显了确保AI系统不会通过其训练过程传播漏洞或制造新风险的持续挑战。
-
CyberSecQwen-4B: Small, specialized model offers local defense for cybersecurity
A new, specialized language model named CyberSecQwen-4B has been developed for defensive cybersecurity tasks. This model is designed to be small, runnable locally, and handle sensitive data without needing external APIs…
-
Security engineer warns Claude.md needs more than Karpathy's four lines
A security engineer discusses the limitations of Karpathy's four lines of code for improving AI model correctness, highlighting that these lines do not address security vulnerabilities. The author points out that despit…
-
AI agents reconstruct vulnerabilities from Linux and Windows binaries
Researchers have developed agentic pipelines for vulnerability discovery in software binaries. Patch2Vuln focuses on Linux distribution binary patches, successfully identifying security-relevant functions in half of tes…
-
Google's Gemini CLI fix creates new CI/CD pipeline issues
Google has patched a critical vulnerability in its Gemini command-line interface (CLI) tool that could allow for remote code execution. The flaw, which had a CVSS score of 10.0, stemmed from the tool's automatic trust s…
-
FixV2W uses knowledge graph embeddings to improve CVE-CWE mapping accuracy
Researchers have developed FixV2W, a novel method to enhance the accuracy of mappings between Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) entries. This approach utilizes knowledge gr…
-
Anthropic's Mythos security claims face scrutiny over marketing vs. reality
A critical analysis suggests Anthropic's claims about its Claude Mythos Preview's security capabilities are largely unsubstantiated marketing. The author found the system card to be excessively long and lacking in speci…
-
Replit Auto-Protect 自动化依赖项漏洞修复
Replit 推出了 Auto-Protect,一项旨在自动识别并帮助开发者修复项目依赖项中漏洞的新功能。当披露关键 CVE 时,Replit Agent 将检查项目依赖项,准备补丁,并通过电子邮件通知用户,提供直接的应用修复链接。此举旨在简化安全更新流程,让开发者能够以最小的努力来保护其应用程序。
-
AI infrastructure startups launch tools for agents, DevOps, security, and healthcare
Several startups are launching AI-powered tools aimed at improving infrastructure and developer productivity. Trigger.dev offers an open-source platform for building reliable AI agents and workflows, utilizing snapshott…