Trace Gadgets: Minimizing Code Context for Machine Learning-Based Vulnerability Prediction

As the number of web applications and API endpoints exposed to the Internet continues to grow, so does the number of exploitable vulnerabilities. Manually identifying such vulnerabilities is tedious. Meanwhile, static security scanners tend to produce many false positives. While machine...

Artificial Intelligence – What's all the fuss?

Talking about AI: Definitions Artificial Intelligence AI — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing...

Malicious Code Detection in Smart Contracts Via Opcode Vectorization

With the booming development of blockchain technology, smart contracts have been widely used in finance, supply chain, Internet of things and other fields in recent years. However, the security problems of smart contracts become increasingly prominent. Security events caused by smart contracts...

DYNAMITE: Dynamic Defense Selection for Enhancing Machine Learning-Based Intrusion Detection against Adversarial Attacks

The rapid proliferation of the Internet of Things IoT has introduced substantial security vulnerabilities, highlighting the need for robust Intrusion Detection Systems IDS. Machine learning-based intrusion detection systems ML-IDS have significantly improved threat detection capabilities; however...

Quantum Computing Supported Adversarial Attack-Resilient Autonomous Vehicle Perception Module for Traffic Sign Classification

Deep learning DL-based image classification models are essential for autonomous vehicle AV perception modules since incorrect categorization might have severe repercussions. Adversarial attacks are widely studied cyberattacks that can lead DL models to predict inaccurate output, such as incorrect...

Leveraging Functional Encryption and Deep Learning for Privacy-Preserving Traffic Forecasting

Over the past few years, traffic congestion has continuously plagued the nation's transportation system creating several negative impacts including longer travel times, increased pollution rates, and higher collision risks. To overcome these challenges, Intelligent Transportation Systems ITS aim ...

Secure Transfer Learning: Training Clean Models against Backdoor in (Both) Pre-Trained Encoders and Downstream Datasets

Transfer learning from pre-trained encoders has become essential in modern machine learning, enabling efficient model adaptation across diverse tasks. However, this combination of pre-training and downstream adaptation creates an expanded attack surface, exposing models to sophisticated backdoor...

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from Chamilo Open Source. The system supports the creation of instructional content, remote training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.28, which stems from th...

Bypassing Prompt Injection and Jailbreak Detection in LLM Guardrails

Large Language Models LLMs guardrail systems are designed to protect against prompt injection and jailbreak attacks. However, they remain vulnerable to evasion techniques. We demonstrate two approaches for bypassing LLM prompt injection and jailbreak detection systems via traditional character...

From Data Behavior to Code Analysis: a Multimodal Study on Security and Privacy Challenges in Blockchain-Based DApp

The recent proliferation of blockchain-based decentralized applications DApp has catalyzed transformative advancements in distributed systems, with extensive deployments observed across financial, entertainment, media, and cybersecurity domains. These trustless architectures, characterized by the...

Privacy-Preserving CNN Training with Transfer Learning: Two Hidden Layers

Whitepaper called Privacy-Preserving CNN Training With Transfer Learning: Two Hidden Layers...

Local Data Quantity-Aware Weighted Averaging for Federated Learning with Dishonest Clients

Whitepaper called Local Data Quantity-Aware Weighted Averaging For Federated Learning With Dishonest Clients...

The Evolution of Zero Trust Architecture (ZTA) from Concept to Implementation

Zero Trust Architecture ZTA is one of the paradigm changes in cybersecurity, from the traditional perimeter-based model to perimeterless. This article studies the core concepts of ZTA, its beginning, a few use cases and future trends. Emphasising the always verify and least privilege access, some...

How to Enhance Downstream Adversarial Robustness (Almost) without Touching the Pre-Trained Foundation Model?

With the rise of powerful foundation models, a pre-training-fine-tuning paradigm becomes increasingly popular these days: A foundation model is pre-trained using a huge amount of data from various sources, and then the downstream users only need to fine-tune and adapt it to specific downstream...

FLSSM: a Federated Learning Storage Security Model with Homomorphic Encryption

Federated learning based on homomorphic encryption has received widespread attention due to its high security and enhanced protection of user data privacy. However, the characteristics of encrypted computation lead to three challenging problems: "computation-efficiency", "attack-tracing" and...

MULTI-LF: a Unified Continuous Learning Framework for Real-Time DDoS Detection in Multi-Environment Networks

Detecting Distributed Denial of Service DDoS attacks in Multi-Environment M-En networks presents significant challenges due to diverse malicious traffic patterns and the evolving nature of cyber threats. Existing AI-based detection systems struggle to adapt to new attack strategies and lack...

MindSpore 缓冲区错误漏洞

MindSpore is a new open source deep learning training/inference framework open sourced by MindSpore. It can be used in mobile, edge and cloud scenarios. A buffer error vulnerability exists in MindSpore version 2.5.0 that stems from a memory corruption...

The vulnerability of the Layer 2 Address Learning Daemon (L2ALD) in Juniper Networks’ Junos OS Evolved operating systems allows a hacker to induce a service failure.

The vulnerability of the Layer 2 Address Learning Daemon L2ALD in Juniper Networks’ Junos OS Evolved operating systems is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

Moodle Permission Issues Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. A vulnerability exists in Moodle for privilege issues. The vulnerability stems from insufficient permission checking that allo...

PT-2025-37309

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo is a learning management system with an OS Command Injection issue in the /main/cron/lang/check parse lang.php file. Exploitation may allow a remote attacker to execute arbitrary SQL querie...