Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF006

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF006 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-47081 DESCRIPTION: Requests is a HTTP library. Due to a URL parsing issue, Request...

Measuring the Carbon Footprint of Cryptographic Privacy-Enhancing Technologies

Privacy-enhancing technologies PETs have attracted significant attention in response to privacy regulations, driving the development of applications that prioritize user data protection. At the same time, the information and communication technology ICT sector faces growing pressure to reduce its...

Multilingual Source Tracing of Speech Deepfakes: a First Benchmark

Recent progress in generative AI has made it increasingly easy to create natural-sounding deepfake speech from just a few seconds of audio. While these tools support helpful applications, they also raise serious concerns by making it possible to generate convincing fake speech in many languages...

SelectiveShield: Lightweight Hybrid Defense against Gradient Leakage in Federated Learning

Federated Learning FL enables collaborative model training on decentralized data but remains vulnerable to gradient leakage attacks that can reconstruct sensitive user information. Existing defense mechanisms, such as differential privacy DP and homomorphic encryption HE, often introduce a...

Per-Element Secure Aggregation against Data Reconstruction Attacks in Federated Learning

Federated learning FL enables collaborative model training without sharing raw data, but individual model updates may still leak sensitive information. Secure aggregation SecAgg mitigates this risk by allowing the server to access only the sum of client updates, thereby concealing individual...

SenseCrypt: Sensitivity-Guided Selective Homomorphic Encryption for Joint Federated Learning in Cross-Device Scenarios

Homomorphic Encryption HE prevails in securing Federated Learning FL, but suffers from high overhead and adaptation cost. Selective HE methods, which partially encrypt model parameters by a global mask, are expected to protect privacy with reduced overhead and easy adaptation. However, in...

Intrusion Detection in Heterogeneous Networks with Domain-Adaptive Multi-Modal Learning

Network Intrusion Detection Systems NIDS play a crucial role in safeguarding network infrastructure against cyberattacks. As the prevalence and sophistication of these attacks increase, machine learning and deep neural network approaches have emerged as effective tools for enhancing NIDS...

Selection-Based Vulnerabilities: Clean-Label Backdoor Attacks in Active Learning

Active learningAL, which serves as the representative label-efficient learning paradigm, has been widely applied in resource-constrained scenarios. The achievement of AL is attributed to acquisition functions, which are designed for identifying the most important data to label. Despite this...

When Good Sounds Go Adversarial: Jailbreaking Audio-Language Models with Benign Inputs

As large language models become increasingly integrated into daily life, audio has emerged as a key interface for human-AI interaction. However, this convenience also introduces new vulnerabilities, making audio a potential attack surface for adversaries. Our research introduces WhisperInject, a...

Attractive Metadata Attack: Inducing LLM Agents to Invoke Malicious Tools

Large language model LLM agents have demonstrated remarkable capabilities in complex reasoning and decision-making by leveraging external tools. However, this tool-centric paradigm introduces a previously underexplored attack surface: adversaries can manipulate tool metadata -- such as names,...

Coward: toward Practical Proactive Federated Backdoor Defense Via Collision-Based Watermark

Backdoor detection is currently the mainstream defense against backdoor attacks in federated learning FL, where malicious clients upload poisoned updates that compromise the global model and undermine the reliability of FL deployments. Existing backdoor detection techniques fall into two...

Secure MmWave Beamforming with Proactive-ISAC Defense against Beam-Stealing Attacks

Millimeter-wave mmWave communication systems face increasing susceptibility to advanced beam-stealing attacks, posing a significant physical layer security threat. This paper introduces a novel framework employing an advanced Deep Reinforcement Learning DRL agent for proactive and adaptive defens...

DINA: a Dual Defense Framework against Internal Noise and External Attacks in Natural Language Processing

As large language models LLMs and generative AI become increasingly integrated into customer service and moderation applications, adversarial threats emerge from both external manipulations and internal label corruption. In this work, we identify and systematically address these dual adversarial...

The vulnerability of the wsConvertPpt component in the Chamilo LMS e-learning and content management system allows a hacker to execute arbitrary commands.

The vulnerability of the wsConvertPpt component in the Chamilo LMS e-learning and content management system is related to the lack of measures taken to clean data at the administrative level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

Leveraging Machine Learning for Botnet Attack Detection in Edge-Computing Assisted IoT Networks

The increase of IoT devices, driven by advancements in hardware technologies, has led to widespread deployment in large-scale networks that process massive amounts of data daily. However, the reliance on Edge Computing to manage these devices has introduced significant security vulnerabilities, a...

CVE-2025-53399

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets except when the relay is configured for strict source and learning disabled. Version 13.4.1...

DEBIAN-CVE-2025-53399

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets except when the relay is configured for strict source and learning disabled. Version 13.4.1...

CVE-2025-53399

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets except when the relay is configured for strict source and learning disabled. Version 13.4.1...

rtpengine 访问控制错误漏洞

rtpengine is a media proxy software from Sipwise Open Source. An access control error vulnerability exists in rtpengine versions prior to 13.4.1.1, which stems from a source validation error in the endpoint learning logic that could lead to the injection or interception of RTP/SRTP media streams...

CVE-2025-53399

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets except when the relay is configured for strict source and learning disabled. Version 13.4.1...