172 matches found
(Dis)Proving Spectre Security with Speculation-Passing Style
Constant-time CT verification tools are commonly used for detecting potential side-channel vulnerabilities in cryptographic libraries. Recently, a new class of tools, called speculative constant-time SCT tools, has also been used for detecting potential Spectre vulnerabilities. In many cases, the...
Hitachi Energy MSM
SUMMARY Hitachi Energy is aware of open-source software vulnerabilities that affect MSM product versions listed below. If exploited, these vulnerabilities could result in XSS and DoS attacks, potentially causing confidentiality, integrity and availability impact to MSM. Please refer to the...
CyberSOCEval: Benchmarking LLMs Capabilities for Malware Analysis and Threat Intelligence Reasoning
Today's cyber defenders are overwhelmed by a deluge of security alerts, threat intelligence signals, and shifting business context, creating an urgent need for AI systems to enhance operational security work. While Large Language Models LLMs have the potential to automate and scale Security...
Self-Supervised Learning of Graph Representations for Network Intrusion Detection
Detecting intrusions in network traffic is a challenging task, particularly under limited supervision and constantly evolving attack patterns. While recent works have leveraged graph neural networks for network intrusion detection, they often decouple representation learning from anomaly detectio...
Backdoor Attacks and Defenses in Computer Vision Domain: a Survey
Backdoor trojan attacks embed hidden, controllable behaviors into machine-learning models so that models behave normally on benign inputs but produce attacker-chosen outputs when a trigger is present. This survey reviews the rapidly growing literature on backdoor attacks and defenses in the...
ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +21922 more potentially affected by CVE-2025-58056 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.124.Final)
io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...
E-PhishGen: Unlocking Novel Research in Phishing Email Detection
Every day, our inboxes are flooded with unsolicited emails, ranging between annoying spam to more subtle phishing scams. Unfortunately, despite abundant prior efforts proposing solutions achieving near-perfect accuracy, the reality is that countering malicious emails still remains an unsolved...
ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +17933 more potentially affected by CVE-2025-55163 via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.123.Final)
io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...
Cheating on Quantum Computing Benchmarks
Peter Gutmann and Stephan Neuhaus have a new paper--I think it's new, even though it has a March 2025 date--that makes the argument that we shouldn't trust any of the quantum factorization benchmarks, because everyone has been cooking the books: Similarly, quantum factorisation is performed using...
Benchmarking Fraud Detectors on Private Graph Data
We introduce the novel problem of benchmarking fraud detectors on private graph-structured data. Currently, many types of fraud are managed in part by automated detection algorithms that operate over graphs. We consider the scenario where a data holder wishes to outsource development of fraud...
PRISM: Programmatic Reasoning with Image Sequence Manipulation for LVLM Jailbreaking
The increasing sophistication of large vision-language models LVLMs has been accompanied by advances in safety alignment mechanisms designed to prevent harmful content generation. However, these defenses remain vulnerable to sophisticated adversarial attacks. Existing jailbreak methods typically...
PhreshPhish: a Real-World, High-Quality, Large-Scale Phishing Website Dataset and Benchmark
Phishing remains a pervasive and growing threat, inflicting heavy economic and reputational damage. While machine learning has been effective in real-time detection of phishing attacks, progress is hindered by lack of large, high-quality datasets and benchmarks. In addition to poor-quality due to...
Vulnerability Mitigation System (VMS): LLM Agent and Evaluation Framework for Autonomous Penetration Testing
As the frequency of cyber threats increases, conventional penetration testing is failing to capture the entirety of todays complex environments. To solve this problem, we propose the Vulnerability Mitigation System VMS, a novel agent based on a Large Language Model LLM capable of performing...
ARMOR: Aligning Secure and Safe Large Language Models Via Meticulous Reasoning
Large Language Models LLMs have demonstrated remarkable generative capabilities. However, their susceptibility to misuse has raised significant safety concerns. While post-training safety alignment methods have been widely adopted, LLMs remain vulnerable to malicious instructions that can bypass...
Efficient Private Inference Based on Helper-Assisted Malicious Security Dishonest Majority MPC
Private inference based on Secure Multi-Party Computation MPC addresses data privacy risks in Machine Learning as a Service MLaaS. However, existing MPC-based private inference frameworks focuses on semi-honest or honest majority models, whose threat models are overly idealistic, while malicious...
Agent Safety Alignment Via Reinforcement Learning
The emergence of autonomous Large Language Model LLM agents capable of tool usage has introduced new safety risks that go beyond traditional conversational misuse. These agents, empowered to execute external functions, are vulnerable to both user-initiated threats e.g., adversarial prompts and...
Evaluating the Critical Risks of Amazon'S Nova Premier under the Frontier Model Safety Framework
Nova Premier is Amazon's most capable multimodal foundation model and teacher for model distillation. It processes text, images, and video with a one-million-token context window, enabling analysis of large codebases, 400-page documents, and 90-minute videos in a single prompt. We present the fir...
io.zipkin:benchmarks (=2.22.1) potentially affected by CVE-2025-53602 via io.zipkin:zipkin-server (=2.22.1)
io.zipkin:zipkin-server MAVEN version =2.22.1 is affected by a known vulnerability. The following packages have a transitive dependency on io.zipkin:zipkin-server and may be impacted: - io.zipkin:benchmarks =2.22.1 Source cves: CVE-2025-53602 Source advisory: SNYK:JAVA-IOZIPKIN-10639631...
io.zipkin:benchmarks (=2.22.1) potentially affected by CVE-2025-53602 via io.zipkin:zipkin-server (=2.22.1)
io.zipkin:zipkin-server MAVEN version =2.22.1 is affected by a known vulnerability. The following packages have a transitive dependency on io.zipkin:zipkin-server and may be impacted: - io.zipkin:benchmarks =2.22.1 Source cves: CVE-2025-53602 Source advisory: OSV:GHSA-794X-8X6X-QPFC...
NAP-Tuning: Neural Augmented Prompt Tuning for Adversarially Robust Vision-Language Models
Vision-Language Models VLMs such as CLIP have demonstrated remarkable capabilities in understanding relationships between visual and textual data through joint embedding spaces. Despite their effectiveness, these models remain vulnerable to adversarial attacks, particularly in the image modality,...