REx86: A Local Large Language Model for Assisting in X86 Assembly Reverse Engineering

Reverse engineering RE of x86 binaries is indispensable for malware and firmware analysis, but remains slow due to stripped metadata and adversarial obfuscation. Large Language Models LLMs offer potential for improving RE efficiency through automated comprehension and commenting, but cloud-hosted...

Evaluating Large Language Models in Detecting Secrets in Android Apps

Mobile apps often embed authentication secrets, such as API keys, tokens, and client IDs, to integrate with cloud services. However, developers often hardcode these credentials into Android apps, exposing them to extraction through reverse engineering. Once compromised, adversaries can exploit...

The Attribution Story of WhisperGate: An Academic Perspective

This paper explores the challenges of cyberattack attribution, specifically APTs, applying the case study approach for the WhisperGate cyber operation of January 2022 executed by the Russian military intelligence service GRU and targeting Ukrainian government entities. The study provides a detail...

LLM Agents for Automated Web Vulnerability Reproduction: Are We There Yet?

Large language model LLM agents have demonstrated remarkable capabilities in software engineering and cybersecurity tasks, including code generation, vulnerability discovery, and automated testing. One critical but underexplored application is automated web vulnerability reproduction, which...

Active Honeypot Guardrail System: Probing and Confirming Multi-Turn LLM Jailbreaks

Large language models LLMs are increasingly vulnerable to multi-turn jailbreak attacks, where adversaries iteratively elicit harmful behaviors that bypass single-turn safety filters. Existing defenses predominantly rely on passive rejection, which either fails against adaptive attackers or overly...

In-Browser LLM-Guided Fuzzing for Real-Time Prompt Injection Testing in Agentic AI Browsers

Large Language Model LLM based agents integrated into web browsers often called agentic AI browsers offer powerful automation of web tasks. However, they are vulnerable to indirect prompt injection attacks, where malicious instructions hidden in a webpage deceive the agent into unwanted actions...

Bridging Semantics and Structure for Software Vulnerability Detection Using Hybrid Network Models

Software vulnerabilities remain a persistent risk, yet static and dynamic analyses often overlook structural dependencies that shape insecure behaviors. Viewing programs as heterogeneous graphs, we capture control- and data-flow relations as complex interaction networks. Our hybrid framework...

ArtPerception: ASCII Art-Based Jailbreak on LLMs with Recognition Pre-Test

The integration of Large Language Models LLMs into computer applications has introduced transformative capabilities but also significant security challenges. Existing safety alignments, which primarily focus on semantic interpretation, leave LLMs vulnerable to attacks that use non-standard data...

EUVD-2025-32853

vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...

CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth

vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...

PT-2025-41178

🔴 vLLM, Timing Attack on API Key, CVE-2024-53500 Critical https://t.co/adbNFksIgb...

AutoPentester: An LLM Agent-Based Framework for Automated Pentesting

Penetration testing and vulnerability assessment are essential industry practices for safeguarding computer systems. As cyber threats grow in scale and complexity, the demand for pentesting has surged, surpassing the capacity of human professionals to meet it effectively. With advances in AI,...

Towards Reliable and Practical LLM Security Evaluations Via Bayesian Modelling

Before adopting a new large language model LLM architecture, it is critical to understand vulnerabilities accurately. Existing evaluations can be difficult to trust, often drawing conclusions from LLMs that are not meaningfully comparable, relying on heuristic inputs or employing metrics that fai...

Real-VulLLM: An LLM Based Assessment Framework in the Wild

Artificial Intelligence AI and more specifically Large Language Models LLMs have demonstrated exceptional progress in multiple areas including software engineering, however, their capability for vulnerability detection in the wild scenario and its corresponding reasoning remains underexplored...

EUVD-2023-41186

Malicious code in bioql PyPI...

EUVD-2025-24154

Malicious code in bioql PyPI...

EUVD-2025-25446

Malicious code in bioql PyPI...

EUVD-2025-29404

Malicious code in bioql PyPI...

EUVD-2024-2594

Malicious code in bioql PyPI...

POLAR: Automating Cyber Threat Prioritization through LLM-Powered Assessment

Large Language Models LLMs are intensively used to assist security analysts in counteracting the rapid exploitation of cyber threats, wherein LLMs offer cyber threat intelligence CTI to support vulnerability assessment and incident response. While recent work has shown that LLMs can support a wid...