CVE-2025-65675

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures...

CVE-2025-65676

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...

PT-2025-48176

Name of the Vulnerable Software and Affected Versions Classroomio LMS version 0.1.13 Description An authenticated attacker can execute arbitrary code through crafted SVG cover images. The issue is a stored Cross Site Scripting XSS condition. Recommendations Update to a newer version that contains...

CVE-2025-65675

Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures...

CVE-2025-65675

The CVE-2025-65675 entry concerns Classroomio LMS 0.1.13, with a stored XSS vulnerability triggered by crafted SVG profile/cover images. The Red Hat, EUVD, NVD, and OSV records confirm the issue is an authenticated XSS that can execute arbitrary code via SVG uploads. The root cause is unsanitized...

From One Attack Domain to Another: Contrastive Transfer Learning with Siamese Networks for APT Detection

Advanced Persistent Threats APT pose a major cybersecurity challenge due to their stealth, persistence, and adaptability. Traditional machine learning detectors struggle with class imbalance, high dimensional features, and scarce real world traces. They often lack transferability-performing well ...

A Research and Development Portfolio of GNN Centric Malware Detection, Explainability, and Dataset Curation

Graph Neural Networks GNNs have become an effective tool for malware detection by capturing program execution through graph-structured representations. However, important challenges remain regarding scalability, interpretability, and the availability of reliable datasets. This paper brings togeth...

FedPoisonTTP: A Threat Model and Poisoning Attack for Federated Test-Time Personalization

Test-time personalization in federated learning enables models at clients to adjust online to local domain shifts, enhancing robustness and personalization in deployment. Yet, existing federated learning work largely overlooks the security risks that arise when local adaptation occurs at test tim...

A Novel and Practical Universal Adversarial Perturbations against Deep Reinforcement Learning Based Intrusion Detection Systems

Intrusion Detection Systems IDS play a vital role in defending modern cyber physical systems against increasingly sophisticated cyber threats. Deep Reinforcement Learning-based IDS, have shown promise due to their adaptive and generalization capabilities. However, recent studies reveal their...

Federated Anomaly Detection and Mitigation for EV Charging Forecasting under Cyberattacks

Electric Vehicle EV charging infrastructure faces escalating cybersecurity threats that can severely compromise operational efficiency and grid stability. Existing forecasting techniques are limited by the lack of combined robust anomaly mitigation solutions and data privacy preservation...

Think Fast: Real-Time IoT Intrusion Reasoning Using IDS and LLMs at the Edge Gateway

As the number of connected IoT devices continues to grow, securing these systems against cyber threats remains a major challenge, especially in environments with limited computational and energy resources. This paper presents an edge-centric Intrusion Detection System IDS framework that integrate...

PYSEC-2025-138

MLX is an array framework for machine learning on Apple silicon. Prior to version 0.29.4, there is a heap buffer overflow in mlx::core::load when parsing malicious NumPy .npy files. Attacker-controlled file causes 13-byte out-of-bounds read, leading to crash or information disclosure. This issue...

CVE-2025-62609

MLX (on Apple silicon) prior to version 0.29.4 is affected by a wild pointer dereference in mlx::core::load_gguf() when loading malicious GGUF files, dereferencing an untrusted pointer from gguflib without validation and causing a crash. The issue stems from loading external GGUF data and manifes...

MLX 安全漏洞

MLX is a machine learning framework open-sourced by ml-explore. A security vulnerability exists in MLX versions prior to 0.29.4 that stems from a heap buffer overflow when parsing a malicious NumPy file, which could lead to a crash or information disclosure...

AutoGraphAD: A Novel Approach Using Variational Graph Autoencoders for Anomalous Network Flow Detection

Network Intrusion Detection Systems NIDS are essential tools for detecting network attacks and intrusions. While extensive research has explored the use of supervised Machine Learning for attack detection and characterisation, these methods require accurately labelled datasets, which are very...

Systematically Deconstructing APVD Steganography and Its Payload with a Unified Deep Learning Paradigm

In the era of digital communication, steganography allows covert embedding of data within media files. Adaptive Pixel Value Differencing APVD is a steganographic method valued for its high embedding capacity and invisibility, posing challenges for traditional steganalysis. This paper proposes a...

Trustworthy GenAI over 6G: Integrated Applications and Security Frameworks

The integration of generative artificial intelligence GenAI into 6G networks promises substantial performance gains while simultaneously exposing novel security vulnerabilities rooted in multimodal data processing and autonomous reasoning. This article presents a unified perspective on cross-doma...

Towards Classifying Benign and Malicious Packages Using Machine Learning

Recently, the number of malicious open-source packages in package repositories has been increasing dramatically. While major security scanners focus on identifying known Common Vulnerabilities and Exposures CVEs in open-source packages, there are very few studies on detecting malicious packages...

LFreeDA: Label-Free Drift Adaptation for Windows Malware Detection

Machine learning ML-based malware detectors degrade over time as concept drift introduces new and evolving families unseen during training. Retraining is limited by the cost and time of manual labeling or sandbox analysis. Existing approaches mitigate this via drift detection and selective...

Collaborative research by Microsoft and NVIDIA on real-time immunity

AI-Powered Threats Demand AI-Powered Defense While AI supports growth and innovation, it is also reshaping how organizations address faster, more adaptive security risks. AI-driven security threats, including “vibe-hacking”, are evolving faster than traditional defenses can adapt. Attackers can n...