cybersec-mcp

🛡️ Cybersecurity Professor MCP Server Prof. Null — Tu pro...

QCL-IDS: Quantum Continual Learning for Intrusion Detection with Fidelity-Anchored Stability and Generative Replay

Continual intrusion detection must absorb newly emerging attack stages while retaining legacy detection capability under strict operational constraints, including bounded compute and qubit budgets and privacy rules that preclude long-term storage of raw telemetry. We propose QCL-IDS, a...

xss-playground

xss-playground A beginner-friendly XSS Playground built...

FedPoisonTTP: A Threat Model and Poisoning Attack for Federated Test-Time Personalization

Test-time personalization in federated learning enables models at clients to adjust online to local domain shifts, enhancing robustness and personalization in deployment. Yet, existing federated learning work largely overlooks the security risks that arise when local adaptation occurs at test tim...

Injection, Attack and Erasure: Revocable Backdoor Attacks Via Machine Unlearning

Backdoor attacks pose a persistent security risk to deep neural networks DNNs due to their stealth and durability. While recent research has explored leveraging model unlearning mechanisms to enhance backdoor concealment, existing attack strategies still leave persistent traces that may be detect...

EUVD-2021-0449

Malware in sbrugna...

EUVD-2022-3283

Malicious code in bioql PyPI...

EUVD-2024-2430

Malicious code in bioql PyPI...

XSS-CTF

XSS-CTF Contains hands-on XSS test cases from beginner...

Towards Provable (In)Secure Model Weight Release Schemes

Recent secure weight release schemes claim to enable open-source model distribution while protecting model ownership and preventing misuse. However, these approaches lack rigorous security foundations and provide only informal security guarantees. Inspired by established works in cryptography, we...

CVE-2021-29553

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

CVE-2021-41221

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...

CVE-2021-37670

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

The Ephemeral Threat: Assessing the Security of Algorithmic Trading Systems Powered by Deep Learning

We study the security of stock price forecasting using Deep Learning DL in computational finance. Despite abundant prior research on the vulnerability of DL to adversarial perturbations, such work has hitherto hardly addressed practical adversarial threat models in the context of DL-powered...

Unspecified Vulnerability in Moodle

Moodle is a free e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from a lack of a checking mechanism that can be exploited by an attacker to delete sections o...

e-learning.ippo.kubg.edu.ua Cross Site Scripting vulnerability OBB-3855046

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-27579 TensorFlow has Floating Point Exception in TFLite in conv kernel

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1...

Attacking Machine Learning Systems

The field of machine learning ML security--and corresponding adversarial ML--is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many...

Inserting a Backdoor into a Machine-Learning System

Interesting research: "ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks, by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract: Early backdoor attacks against machine learning set off an arms race in attack and defence...

CVE-2022-35959 `CHECK` failures in `AvgPool3DGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...