685 matches found
PT-2025-45025
Name of the Vulnerable Software and Affected Versions Salesforce Mulesoft Anypoint Code Builder versions prior to 1.11.6 Description An issue exists in Salesforce Mulesoft Anypoint Code Builder related to improper neutralization of input used for LLM prompting, which can lead to code injection. T...
Important: Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)
Red Hat Enterprise Linux AI 1.5 NVIDIA is now available. Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models LLMs for enterprise applications...
Important: Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)
Red Hat Enterprise Linux AI 1.5 NVIDIA is now available. Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models LLMs for enterprise applications...
Important: Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (AMD)
Red Hat Enterprise Linux AI 1.5 AMD is now available. Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models LLMs for enterprise applications...
Important: Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (Intel Gaudi)
Red Hat Enterprise Linux AI 1.5 Intel Gaudi is now available. Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models LLMs for enterprise applications...
Detecting Vulnerabilities from Issue Reports for Internet-Of-Things
Timely identification of issue reports reflecting software vulnerabilities is crucial, particularly for Internet-of-Things IoT where analysis is slower than non-IoT systems. While Machine Learning ML and Large Language Models LLMs detect vulnerability-indicating issues in non-IoT systems, their I...
AthenaBench: A Dynamic Benchmark for Evaluating LLMs in Cyber Threat Intelligence
Large Language Models LLMs have demonstrated strong capabilities in natural language reasoning, yet their application to Cyber Threat Intelligence CTI remains limited. CTI analysis involves distilling large volumes of unstructured reports into actionable knowledge, a process where LLMs could...
Exploiting Latent Space Discontinuities for Building Universal LLM Jailbreaks and Data Extraction Attacks
The rapid proliferation of Large Language Models LLMs has raised significant concerns about their security against adversarial attacks. In this work, we propose a novel approach to crafting universal jailbreaks and data extraction attacks by exploiting latent space discontinuities, an architectur...
LLM-Based Multi-Class Attack Analysis and Mitigation Framework in IoT/IIoT Networks
The Internet of Things has expanded rapidly, transforming communication and operations across industries but also increasing the attack surface and security breaches. Artificial Intelligence plays a key role in securing IoT, enabling attack detection, attack behavior analysis, and mitigation...
Unvalidated Trust: Cross-Stage Vulnerabilities in Large Language Model Architectures
As Large Language Models LLMs are increasingly integrated into automated, multi-stage pipelines, risk patterns that arise from unvalidated trust between processing stages become a practical concern. This paper presents a mechanism-centered taxonomy of 41 recurring risk patterns in commercial LLMs...
Evaluation of Vision-LLMs in Surveillance Video
The widespread use of cameras in our society has created an overwhelming amount of video data, far exceeding the capacity for human monitoring. This presents a critical challenge for public safety and security, as the timely detection of anomalous or criminal events is crucial for effective...
HarmNet: A Framework for Adaptive Multi-Turn Jailbreak Attacks on Large Language Models
Large Language Models LLMs remain vulnerable to multi-turn jailbreak attacks. We introduce HarmNet, a modular framework comprising ThoughtNet, a hierarchical semantic network; a feedback-driven Simulator for iterative query refinement; and a Network Traverser for real-time adaptive attack...
Prompting the Priorities: A First Look at Evaluating LLMs for Vulnerability Triage and Prioritization
Security analysts face increasing pressure to triage large and complex vulnerability backlogs. Large Language Models LLMs offer a potential aid by automating parts of the interpretation process. We evaluate four models ChatGPT, Claude, Gemini, and DeepSeek across twelve prompting techniques to...
CLASP: Cost-Optimized LLM-Based Agentic System for Phishing Detection
Phishing websites remain a significant cybersecurity threat, necessitating accurate and cost-effective detection mechanisms. In this paper, we present CLASP, a novel system that effectively identifies phishing websites by leveraging multiple intelligent agents, built using large language models...
Can Transformer Memory Be Corrupted? Investigating Cache-Side Vulnerabilities in Large Language Models
Even when prompts and parameters are secured, transformer language models remain vulnerable because their key-value KV cache during inference constitutes an overlooked attack surface. This paper introduces Malicious Token Injection MTI, a modular framework that systematically perturbs cached key...
Structuring Security: A Survey of Cybersecurity Ontologies, Semantic Log Processing, and LLMs Application
This survey investigates how ontologies, semantic log processing, and Large Language Models LLMs enhance cybersecurity. Ontologies structure domain knowledge, enabling interoperability, data integration, and advanced threat analysis. Security logs, though critical, are often unstructured and...
SoK: Taxonomy and Evaluation of Prompt Security in Large Language Models
Large Language Models LLMs have rapidly become integral to real-world applications, powering services across diverse sectors. However, their widespread deployment has exposed critical security risks, particularly through jailbreak prompts that can bypass model alignment and induce harmful outputs...
When Intelligence Fails: An Empirical Study on Why LLMs Struggle with Password Cracking
The remarkable capabilities of Large Language Models LLMs in natural language understanding and generation have sparked interest in their potential for cybersecurity applications, including password guessing. In this study, we conduct an empirical investigation into the efficacy of pre-trained LL...
MalCVE: Malware Detection and CVE Association Using Large Language Models
Malicious software attacks are having an increasingly significant economic impact. Commercial malware detection software can be costly, and tools that attribute malware to the specific software vulnerabilities it exploits are largely lacking. Understanding the connection between malware and the...
Bringing the Power of Agentic AI for Identity Risk, Adaptive Threat Prioritization, and Exposure Exploitability Validation
Qualys Enterprise TruRisk Management ETM extends the power of risk operations with agentic AI — Introducing ETM Identity, TruLens for industry-based threat prioritization, and TruConfirm exposure exploitability validation to accelerate your remediation. Every year at our yearly conference, now...