Enhanced Outsourced and Secure Inference for Tall Sparse Decision Trees

A decision tree is an easy-to-understand tool that has been widely used for classification tasks. On the one hand, due to privacy concerns, there has been an urgent need to create privacy-preserving classifiers that conceal the user's input from the classifier. On the other hand, with the rise of...

A Survey on Privacy Risks and Protection in Large Language Models

Although Large Language Models LLMs have become increasingly integral to diverse applications, their capabilities raise significant privacy concerns. This survey offers a comprehensive overview of privacy risks associated with LLMs and examines current solutions to mitigate these challenges. Firs...

Distributed AI Inference: Strategies for Success

...

The DCR Delusion: Measuring the Privacy Risk of Synthetic Data

Synthetic data has become an increasingly popular way to share data without revealing sensitive information. Though Membership Inference Attacks MIAs are widely considered the gold standard for empirically assessing the privacy of a synthetic dataset, practitioners and researchers often rely on...

Can Differentially Private Fine-Tuning LLMs Protect against Privacy Attacks?

Fine-tuning large language models LLMs has become an essential strategy for adapting them to specialized tasks; however, this process introduces significant privacy challenges, as sensitive training data may be inadvertently memorized and exposed. Although differential privacy DP offers strong...

Enhancing Leakage Attacks on Searchable Symmetric Encryption Using LLM-Based Synthetic Data Generation

Searchable Symmetric Encryption SSE enables efficient search capabilities over encrypted data, allowing users to maintain privacy while utilizing cloud storage. However, SSE schemes are vulnerable to leakage attacks that exploit access patterns, search frequency, and volume information. Existing...

SONNI: Secure Oblivious Neural Network Inference

In the standard privacy-preserving Machine learning as-a-service MLaaS model, the client encrypts data using homomorphic encryption and uploads it to a server for computation. The result is then sent back to the client for decryption. It has become more and more common for the computation to be...

A Gradient-Optimized TSK Fuzzy Framework for Explainable Phishing Detection

Phishing attacks represent an increasingly sophisticated and pervasive threat to individuals and organizations, causing significant financial losses, identity theft, and severe damage to institutional reputations. Existing phishing detection methods often struggle to simultaneously achieve high...

DeSIA: Attribute Inference Attacks against Limited Fixed Aggregate Statistics

Empirical inference attacks are a popular approach for evaluating the privacy risk of data release mechanisms in practice. While an active attack literature exists to evaluate machine learning models or synthetic data release, we currently lack comparable methods for fixed aggregate statistics, i...

Revisiting Data Auditing in Large Vision-Language Models

With the surge of large language models LLMs, Large Vision-Language Models VLMs--which integrate vision encoders with LLMs for accurate visual grounding--have shown great potential in tasks like generalist agents and robotic control. However, VLMs are typically trained on massive web-scraped...

Charting the Uncharted: the Landscape of Monero Peer-To-Peer Network

The Monero blockchain enables anonymous transactions through advanced cryptography in its peer-to-peer network, which underpins decentralization, security, and trustless interactions. However, privacy measures obscure peer connections, complicating network analysis. This study proposes a method t...

CVE-2025-24487

An unauthenticated attacker can infer the existence of usernames in the system by querying an API...

CVE-2025-3622

A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization...

CVE-2025-24487

CVE-2025-24487 concerns Growatt Cloud Applications (Cloud portal). Multiple connected sources indicate an unauthenticated attacker can infer the existence of usernames by querying an API, implying an exposed endpoint that reveals user existence without requiring authentication. Publicly cited ref...

CVE-2025-24487 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attacker can infer the existence of usernames in the system by querying an API...

CVE-2025-3622

A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization...

CVE-2025-3622

A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization...

CVE-2025-3622 Xorbits Inference model.py load deserialization

A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization...

CVE-2025-3622

Xorbits Inference up to version 1.4.1 contains a deserialization flaw in the load function of xinference/thirdparty/cosyvoice/cli/model.py. The issue allows manipulation of serialized data to trigger code execution or other unintended behavior. CVSS metrics in the connected data indicate a MEDIUM...

CVE-2025-3622 Xorbits Inference model.py load deserialization

A vulnerability, which was classified as critical, has been found in Xorbits Inference up to 1.4.1. This issue affects the function load of the file xinference/thirdparty/cosyvoice/cli/model.py. The manipulation leads to deserialization...