CVE-2021-37677

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...

ReCopilot: Reverse Engineering Copilot in Binary Analysis

Binary analysis plays a pivotal role in security domains such as malware detection and vulnerability discovery, yet it remains labor-intensive and heavily reliant on expert knowledge. General-purpose large language models LLMs perform well in programming analysis on source code, while...

An Efficient Private GPT Never Autoregressively Decodes

The wide deployment of the generative pre-trained transformer GPT has raised privacy concerns for both clients and servers. While cryptographic primitives can be employed for secure GPT inference to protect the privacy of both parties, they introduce considerable performance overhead.To accelerat...

DynaNoise: Dynamic Probabilistic Noise Injection for Defending against Membership Inference Attacks

Membership Inference Attacks MIAs pose a significant risk to the privacy of training datasets by exploiting subtle differences in model outputs to determine whether a particular data sample was used during training. These attacks can compromise sensitive information, especially in domains such as...

Trend Joins NVIDIA to Secure AI Infrastructure with NVIDIA

Together, we are focused on securing the full AI lifecycle—from development and training to deployment and inference—across cloud, data center, and AI factories...

Automated Profile Inference with Language Model Agents

Impressive progress has been made in automated problem-solving by the collaboration of large language models LLMs based agents. However, these automated capabilities also open avenues for malicious applications. In this paper, we study a new threat that LLMs pose to online pseudonymity, called...

Privacy-Preserving AI for Encrypted Medical Imaging: a Framework for Secure Diagnosis and Learning

The rapid integration of Artificial Intelligence AI into medical diagnostics has raised pressing concerns about patient privacy, especially when sensitive imaging data must be transferred, stored, or processed. In this paper, we propose a novel framework for privacy-preserving diagnostic inferenc...

On Membership Inference Attacks in Knowledge Distillation

Nowadays, Large Language Models LLMs are trained on huge datasets, some including sensitive information. This poses a serious privacy concern because privacy attacks such as Membership Inference Attacks MIAs may detect this sensitive information. While knowledge distillation compresses LLMs into...

Private Transformer Inference in MLaaS: a Survey

Transformer models have revolutionized AI, powering applications like content generation and sentiment analysis. However, their deployment in Machine Learning as a Service MLaaS raises significant privacy concerns, primarily due to the centralized processing of sensitive user data. Private...

Cape: Context-Aware Prompt Perturbation Mechanism with Differential Privacy

Large Language Models LLMs have gained significant popularity due to their remarkable capabilities in text understanding and generation. However, despite their widespread deployment in inference services such as ChatGPT, concerns about the potential leakage of sensitive user data have arisen...

Inference Attacks for X-Vector Speaker Anonymization

We revisit the privacy-utility tradeoff of x-vector speaker anonymization. Existing approaches quantify privacy through training complex speaker verification or identification models that are later used as attacks. Instead, we propose a novel inference attack for de-anonymization. Our attack is...

Modeling Interdependent Cybersecurity Threats Using Bayesian Networks: a Case Study on In-Vehicle Infotainment Systems

Cybersecurity threats are increasingly marked by interdependence, uncertainty, and evolving complexity challenges that traditional assessment methods such as CVSS, STRIDE, and attack trees fail to adequately capture. This paper reviews the application of Bayesian Networks BNs in cybersecurity ris...

x86: Indirect Target Selection

ISSUE DESCRIPTION Researchers at VU Amsterdam have released Training Solo, detailing several speculative attacks which bypass current protections. One issue, which Intel have named Indirect Target Selection, is a bug in the hardware support for prediction-domain isolation. The mitigation for this...

XenServer and Citrix Hypervisor Security Update for CVE-2024-28956

Description of Problem Intel has disclosed a security issue affecting Intel CPUs. This CPU hardware issue may allow privileged code in a guest VM to infer some memory content of another VM that is running on the same CPU core. Although this is not a vulnerability in the XenServer or Citrix...

Comet: Accelerating Private Inference for Large Language Model by Predicting Activation Sparsity

With the growing use of large language models LLMs hosted on cloud platforms to offer inference services, privacy concerns about the potential leakage of sensitive information are escalating. Secure multi-party computation MPC is a promising solution to protect the privacy in LLM inference...

Malicious code in document-inference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0519099776ddb5cbd1778fa5f043a1cad34d94d5116ae895120aba38608e7eb0 Packages that seem to be created by a legit bug bounty hunter. Designed to look like created by different organisations, they contain a couple of data...

MAL-2025-3742 Malicious code in document-inference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0519099776ddb5cbd1778fa5f043a1cad34d94d5116ae895120aba38608e7eb0 Packages that seem to be created by a legit bug bounty hunter. Designed to look like created by different organisations, they contain a couple of data...

Sponge Attacks on Sensing AI: Energy-Latency Vulnerabilities and Defense Via Model Pruning

Recent studies have shown that sponge attacks can significantly increase the energy consumption and inference latency of deep neural networks DNNs. However, prior work has focused primarily on computer vision and natural language processing tasks, overlooking the growing use of lightweight AI...

Umbraco 安全漏洞

Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. A security vulnerability exists in Umbraco versions prior to 10.8.10 and prior to 13.8.1, which stems from a login API response time analysis can determine account presence...

Impact Analysis of Inference Time Attack of Perception Sensors on Autonomous Vehicles

As a safety-critical cyber-physical system, cybersecurity and related safety issues for Autonomous Vehicles AVs have been important research topics for a while. Among all the modules on AVs, perception is one of the most accessible attack surfaces, as drivers and AVs have no control over the...