GPML: Graph Processing for Machine Learning

The dramatic increase of complex, multi-step, and rapidly evolving attacks in dynamic networks involves advanced cyber-threat detectors. The GPML Graph Processing for Machine Learning library addresses this need by transforming raw network traffic traces into graph representations, enabling...

LibVulnWatch: a Deep Assessment Agent System and Leaderboard for Uncovering Hidden Vulnerabilities in Open-Source AI Libraries

Open-source AI libraries are foundational to modern AI systems but pose significant, underexamined risks across security, licensing, maintenance, supply chain integrity, and regulatory compliance. We present LibVulnWatch, a graph-based agentic assessment framework that performs deep,...

tracing: Fix use-after-free in print_graph_function_flags during tracer switching

...

Dynamic Graph-Based Fingerprinting of In-Browser Cryptomining

The decentralized and unregulated nature of cryptocurrencies, combined with their monetary value, has made them a vehicle for various illicit activities. One such activity is cryptojacking, an attack that uses stolen computing resources to mine cryptocurrencies without consent for profit...

Adaptive Wizard for Removing Cross-Tier Misconfigurations in Active Directory

Security vulnerabilities in Windows Active Directory AD systems are typically modeled using an attack graph and hardening AD systems involves an iterative workflow: security teams propose an edge to remove, and IT operations teams manually review these fixes before implementing the removal. As...

Addressing Noise and Stochasticity in Fraud Detection for Service Networks

Fraud detection is crucial in social service networks to maintain user trust and improve service network security. Existing spectral graph-based methods address this challenge by leveraging different graph filters to capture signals with different frequencies in service networks. However, most...

AI-Driven IRM: Transforming Insider Risk Management with Adaptive Scoring and LLM-Based Threat Detection

Insider threats pose a significant challenge to organizational security, often evading traditional rule-based detection systems due to their subtlety and contextual nature. This paper presents an AI-powered Insider Risk Management IRM system that integrates behavioral analytics, dynamic risk...

Graph Privacy: a Heterogeneous Federated GNN for Trans-Border Financial Data Circulation

The sharing of external data has become a strong demand of financial institutions, but the privacy issue has led to the difficulty of interconnecting different platforms and the low degree of data openness. To effectively solve the privacy problem of financial data in trans-border flow and sharin...

Zimbra 安全漏洞

Zimbra is an open source email collaboration platform from Zimbra, Inc. A security vulnerability exists in Zimbra versions 9.0 through 10.1, which stems from a lack of CSRF token validation on GraphQL endpoints, which could lead to unauthorized operations...

Dual Explanations Via Subgraph Matching for Malware Detection

Interpretable malware detection is crucial for understanding harmful behaviors and building trust in automated security systems. Traditional explainable methods for Graph Neural Networks GNNs often highlight important regions within a graph but fail to associate them with known benign or maliciou...

New Capacity Bounds for PIR on Graph and Multigraph-Based Replicated Storage

In this paper, we study the problem of private information retrieval PIR in both graph-based and multigraph-based replication systems, where each file is stored on exactly two servers, and any pair of servers shares at most $r$ files. We derive upper bounds on the PIR capacity for such systems an...

Quantifying the Noise of Structural Perturbations on Graph Adversarial Attacks

Graph neural networks have been widely utilized to solve graph-related tasks because of their strong learning power in utilizing the local information of neighbors. However, recent studies on graph adversarial attacks have proven that current graph neural networks are not robust against malicious...

Mitigating the Structural Bias in Graph Adversarial Defenses

In recent years, graph neural networks GNNs have shown great potential in addressing various graph structure-related downstream tasks. However, recent studies have found that current GNNs are susceptible to malicious adversarial attacks. Given the inevitable presence of adversarial attacks in the...

Federated One-Shot Learning with Data Privacy and Objective-Hiding

Privacy in federated learning is crucial, encompassing two key aspects: safeguarding the privacy of clients' data and maintaining the privacy of the federator's objective from the clients. While the first aspect has been extensively studied, the second has received much less attention. We present...

FCGHunter: Towards Evaluating Robustness of Graph-Based Android Malware Detection

Graph-based detection methods leveraging Function Call Graphs FCGs have shown promise for Android malware detection AMD due to their semantic insights. However, the deployment of malware detectors in dynamic and hostile environments raises significant concerns about their robustness. While recent...

Graph of Attacks: Improved Black-Box and Interpretable Jailbreaks for LLMs

The challenge of ensuring Large Language Models LLMs align with societal standards is of increasing interest, as these models are still prone to adversarial jailbreaks that bypass their safety mechanisms. Identifying these vulnerabilities is crucial for enhancing the robustness of LLMs against su...

PICO: Secure Transformers Via Robust Prompt Isolation and Cybersecurity Oversight

We propose a robust transformer architecture designed to prevent prompt injection attacks and ensure secure, reliable response generation. Our PICO Prompt Isolation and Cybersecurity Oversight framework structurally separates trusted system instructions from untrusted user inputs through dual...

Cluster-Aware Attacks on Graph Watermarks

Data from domains such as social networks, healthcare, finance, and cybersecurity can be represented as graph-structured information. Given the sensitive nature of this data and their frequent distribution among collaborators, ensuring secure and attributable sharing is essential. Graph...

Fishing for Phishers: Learning-Based Phishing Detection in Ethereum Transactions

Phishing detection on Ethereum has increasingly leveraged advanced machine learning techniques to identify fraudulent transactions. However, limited attention has been given to understanding the effectiveness of feature selection strategies and the role of graph-based models in enhancing detectio...

PT-2025-17701 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.10 Mattermost versions 10.4.x through 10.4.2 Mattermost versions 10.5.x through 10.5.0 Description: The issue arises from the failure to validate the uniqueness and quantity of task actions within the...