CVE-2025-61982 An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. The versions below were either tested or verified to be […]

AI is rapidly becoming embedded in day-to-day enterprise workflows, inside browsers, collaboration suites, and developer tooling. As a result, AI service domains increasingly blend into normal corporate traffic, often allowed by default and rarely treated as sensitive egress. Threat actors are already capitalizing on this shift. Across the malware ecosystem, […]

# Building a Secure Electron Auto-Updater 16 Feb 2026 – Posted by Michael Pastor ## Introduction In cooperation with the Polytechnic University of Valencia and Doyensec, I spent over six months during my internship in a research that combines theoretical foundations in code signing and secure update designs with a […]

# Scary Agent Skills: Hidden Unicode Instructions in Skills …And How To Catch Them There is a lot of talk about Skills recently, both in terms of capabilities and security concerns. However, so far I haven’t seen anyone bring up hidden prompt injection. So, I figured to demo a Skills […]

# Security Researchers Find Vulnerabilities in Mental Health Apps; One With Millions of Users May Leak Therapy Notes Your AI therapist’s notes may be worth more than your credit card number on the dark web. Security analysis reveals a potential new frontier for cyber espionage. Oversecured, a mobile application security […]

# Time-to-Exploit is Negative 🔗 By now, you may have Anthropic’s zero-days blogpost where an “out-of-the-box” Claude Opus 4.6 workflow was used to find 500 vulnerabilities in open-source projects. While I think this is a logical application of LLMs (see may keynote at the recent Association for the Advancement of […]

# CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall February 05, 2026 | TrendAI Research Team _In this excerpt of a TrendAI Research Services vulnerability report, Jonathan Lein and Simon Humbert of the TrendAI Research team detail a recently patched command injection vulnerability in the Arista NG Firewall. This […]

Director of Research **Published:** 05 February 2026 at 15:28 UTC **Updated:** 05 February 2026 at 15:30 UTC Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year. This […]

# OpenAI Explains URL-Based Data Exfiltration Mitigations in New Paper Last week I saw this paper from OpenAI called “Preventing URL-Based Data Exfiltration in Language-Model Agents”, which goes into detail on new mitigations they’ve added. **This is a great read.** I like this transparency. ### Initial Disclosure in 2023 Nearly […]

## TL;DR In December 2025, Cisco published https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 addressing CVE-2025-20393, a critical vulnerability (CVSS 10.0) affecting Cisco Secure Email Gateway and Secure Email and Web Manager. The advisory was notably sparse on technical details, describing only “Improper Input Validation” (CWE-20). We decided to dig deeper. Through reverse engineering and code […]