EUVD-2021-0324

Malware in sbrugna...

Enhancing Automotive Security with a Hybrid Approach Towards Universal Intrusion Detection System

Security measures are essential in the automotive industry to detect intrusions in-vehicle networks. However, developing a one-size-fits-all Intrusion Detection System IDS is challenging because each vehicle has unique data profiles. This is due to the complex and dynamic nature of the data...

PhishSSL: Self-Supervised Contrastive Learning for Phishing Website Detection

Phishing websites remain a persistent cybersecurity threat by mimicking legitimate sites to steal sensitive user information. Existing machine learning-based detection methods often rely on supervised learning with labeled data, which not only incurs substantial annotation costs but also limits...

How we trained an ML model to detect DLL hijacking

DLL hijacking is a common technique in which attackers replace a library called by a legitimate process with a malicious one. It is used by both creators of mass-impact malware, like stealers and banking Trojans, and by APT and cybercrime groups behind targeted attacks. In recent years, the numbe...

Detecting DLL hijacking with machine learning: real-world cases

Introduction Our colleagues from the AI expertise center recently developed a machine-learning model that detects DLL-hijacking attacks. We then integrated this model into the Kaspersky Unified Monitoring and Analysis Platform SIEM system. In a separate article, our colleagues shared how the mode...

P2P: A Poison-To-Poison Remedy for Reliable Backdoor Defense in LLMs

During fine-tuning, large language models LLMs are increasingly vulnerable to data-poisoning backdoor attacks, which compromise their reliability and trustworthiness. However, existing defense strategies suffer from limited generalization: they only work on specific attack types or task settings...

EUVD-2025-32445

A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. This attack is characterized by high...

CVE-2025-11283

A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

CVE-2025-11282

A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be...

CVE-2025-11283 Frappe LMS Course cross site scripting

A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

CVE-2025-11282

CVE-2025-11282 affects Frappe LMS 2.34.x/2.35.0 due to an incomplete fix for CVE-2025-55006, enabling cross-site scripting via manipulated input. The vulnerability allows remote exploitation and an exploit has been publicized. The issue is linked to an unknown function in the affected component; ...

CVE-2025-11282 Frappe LMS Incomplete Fix CVE-2025-55006 cross site scripting

A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could b...

CVE-2025-11280

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered...

CVE-2025-11280 Frappe LMS Assignment Picture files direct request

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered...

Frappe Learning Management System 安全漏洞

Frappe Learning Management System is an easy-to-use open source learning management system from Frappe Open Source. A security vulnerability exists in Frappe Learning Management System version 2.35.0, which originates from a direct request for the file /files/ in the Assignment Picture Handler...

Frappe Learning Management System 安全漏洞

Frappe Learning Management System is an easy-to-use open source learning management system from Frappe Open Source. A security vulnerability exists in Frappe Learning Management System version 2.35.0, which stems from improper access control of an unknown function in the file /courses/ in the...

PT-2025-40792

Name of the Vulnerable Software and Affected Versions Frappe LMS version 2.35.0 Description A flaw exists in Frappe LMS that allows for improper access controls. The issue is related to an unknown function within the /courses/ file of the Unpublished Course Handler component. The attack can be...

PT-2025-40820

Name of the Vulnerable Software and Affected Versions CodeCanyon/ui-lib Mentor LMS versions up to 1.1.1 Description A flaw exists in the component API of CodeCanyon/ui-lib Mentor LMS. This issue can lead to a permissive cross-domain policy with untrusted domains, allowing for remote attacks. The...

OptiFLIDS: Optimized Federated Learning for Energy-Efficient Intrusion Detection in IoT

In critical IoT environments, such as smart homes and industrial systems, effective Intrusion Detection Systems IDS are essential for ensuring security. However, developing robust IDS solutions remains a significant challenge. Traditional machine learning-based IDS models typically require large...

Pilot Contamination Attacks Detection with Machine Learning for Multi-User Massive MIMO

Massive multiple-input multiple-output MMIMO is essential to modern wireless communication systems, like 5G and 6G, but it is vulnerable to active eavesdropping attacks. One type of such attack is the pilot contamination attack PCA, where a malicious user copies pilot signals from an authentic us...