Picklescan has a missing detection when calling built-in python profile.Profile.run

Summary Using profile.Profile.run, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to profile.Profile.run function in reduce method Then when the victim after...

CVE-2024-47853

An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...

CVE-2024-47853

An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...

PT-2025-34770 · Mahara +1 · Mahara +1

Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04.8 and 24.04.4 Description: An issue was discovered that may allow attackers to escalate privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI. Recommendations: Update to a newer...

CVE-2024-47853

An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability LTI...

CVE-2024-47853

CVE-2024-47853 affects Mahara versions 23.04.8 and 24.04.4. The issue enables privilege escalation in certain cases during login when using Learning Tools Interoperability (LTI). CVSS 3.1 indicates high impact across confidentiality, integrity, and availability with network attack vector and low ...

DRMD: Deep Reinforcement Learning for Malware Detection under Concept Drift

Malware detection in real-world settings must deal with evolving threats, limited labeling budgets, and uncertain predictions. Traditional classifiers, without additional mechanisms, struggle to maintain performance under concept drift in malware domains, as their supervised learning formulation...

CITADEL: Continual Anomaly Detection for Enhanced Learning in IoT Intrusion Detection

The Internet of Things IoT, with its high degree of interconnectivity and limited computational resources, is particularly vulnerable to a wide range of cyber threats. Intrusion detection systems IDS have been extensively studied to enhance IoT security, and machine learning-based IDS ML-IDS show...

Attackers Strike Back? Not Anymore -- an Ensemble of RL Defenders Awakens for APT Detection

Advanced Persistent Threats APTs represent a growing menace to modern digital infrastructure. Unlike traditional cyberattacks, APTs are stealthy, adaptive, and long-lasting, often bypassing signature-based detection systems. This paper introduces a novel framework for APT detection that unites de...

$AutoGuardX$: a Comprehensive Cybersecurity Framework for Connected Vehicles

The rapid integration of Internet of Things IoT and interconnected systems in modern vehicles not only introduced a new era of convenience, automation, and connected vehicles but also elevated their exposure to sophisticated cyber threats. This is especially evident in US and Canada, where...

A Comprehensive Review of Denial of Wallet Attacks in Serverless Architectures

The Denial of Wallet DoW attack poses a unique and growing threat to serverless architectures that rely on Function-as-a-Service FaaS models, exploiting the cost structure of pay-as-you-go billing to financially burden application owners. Unlike traditional Denial of Service DoS attacks, which ai...

Cyber Security Educational Games for Children: a Systematic Literature Review

Educational games have been widely used to teach children about cyber security. This systematic literature review reveals evidence of positive learning outcomes, after analysing 91 such games reported in 68 papers published between 2010 and 2024. However, critical gaps have also been identified...

WordPress plugin Sertifier Certificate & Badge Maker for WordPress – Tutor LMS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Sertifier...

Picklescan missing detection when calling pytorch function torch.jit.unsupported_tensor_ops.execWrapper

Summary Using torch.jit.unsupportedtensorops.execWrapper function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.jit.unsupportedtensorops.execWrapper function...

Aura-CAPTCHA: a Reinforcement Learning and GAN-Enhanced Multi-Modal CAPTCHA System

Aura-CAPTCHA was developed as a multi-modal CAPTCHA system to address vulnerabilities in traditional methods that are increasingly bypassed by AI technologies, such as Optical Character Recognition OCR and adversarial image processing. The design integrated Generative Adversarial Networks GANs fo...

When Machine Learning Meets Vulnerability Discovery: Challenges and Lessons Learned

In recent years, machine learning has demonstrated impressive results in various fields, including software vulnerability detection. Nonetheless, using machine learning to identify software vulnerabilities presents new challenges, especially regarding the scale of data involved, which was not a...

Linux Distros Unpatched Vulnerability : CVE-2017-14099

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In res/resrtpasterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x...

DDoS Attacks in Cloud Computing: Detection and Prevention

DDoS attacks are one of the most prevalent and harmful cybersecurity threats faced by organizations and individuals today. In recent years, the complexity and frequency of DDoS attacks have increased significantly, making it challenging to detect and mitigate them effectively. The study analyzes...

On the Security and Privacy of Federated Learning: a Survey with Attacks, Defenses, Frameworks, Applications, and Future Directions

Federated Learning FL is an emerging distributed machine learning paradigm enabling multiple clients to train a global model collaboratively without sharing their raw data. While FL enhances data privacy by design, it remains vulnerable to various security and privacy threats. This survey provide...

Addressing Side-Channel Threats in Quantum Key Distribution Via Deep Anomaly Detection

Traditional countermeasures against security side channels in quantum key distribution QKD systems often suffer from poor compatibility with deployed infrastructure, the risk of introducing new vulnerabilities, and limited applicability to specific types of attacks. In this work, we propose an...