Artificial Intelligence – What's all the fuss?

Talking about AI: Definitions Artificial Intelligence AI — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing...

Malicious Code Detection in Smart Contracts Via Opcode Vectorization

With the booming development of blockchain technology, smart contracts have been widely used in finance, supply chain, Internet of things and other fields in recent years. However, the security problems of smart contracts become increasingly prominent. Security events caused by smart contracts...

DYNAMITE: Dynamic Defense Selection for Enhancing Machine Learning-Based Intrusion Detection against Adversarial Attacks

The rapid proliferation of the Internet of Things IoT has introduced substantial security vulnerabilities, highlighting the need for robust Intrusion Detection Systems IDS. Machine learning-based intrusion detection systems ML-IDS have significantly improved threat detection capabilities; however...

From Data Behavior to Code Analysis: a Multimodal Study on Security and Privacy Challenges in Blockchain-Based DApp

The recent proliferation of blockchain-based decentralized applications DApp has catalyzed transformative advancements in distributed systems, with extensive deployments observed across financial, entertainment, media, and cybersecurity domains. These trustless architectures, characterized by the...

Bypassing Prompt Injection and Jailbreak Detection in LLM Guardrails

Large Language Models LLMs guardrail systems are designed to protect against prompt injection and jailbreak attacks. However, they remain vulnerable to evasion techniques. We demonstrate two approaches for bypassing LLM prompt injection and jailbreak detection systems via traditional character...

The Evolution of Zero Trust Architecture (ZTA) from Concept to Implementation

Zero Trust Architecture ZTA is one of the paradigm changes in cybersecurity, from the traditional perimeter-based model to perimeterless. This article studies the core concepts of ZTA, its beginning, a few use cases and future trends. Emphasising the always verify and least privilege access, some...

AIs as Trusted Third Parties

This is a truly fascinating paper: "Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography." The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of privacy can limit t...

A Taxonomy of Adversarial Machine Learning Attacks and Mitigations

NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures...

polyaxon 跨站请求伪造漏洞

polyaxon is a polyaxon open source MLOps tool for managing and orchestrating the machine learning lifecycle. A cross-site request forgery vulnerability exists in polyaxon version v2.4.0, which stems from cross-site request forgery and could lead to unauthorized operations...

H2O 代码问题漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A code issue vulnerability exists in H2O version 3.46.0.4, which stems from deserializing untrusted data and could lead to remote code execution...

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0, which stems from a custom encryption tool endpoint that does not restrict encrypted files, potentially leading to ransomware behavior...

Announcing the winners of the Adaptive Prompt Injection Challenge (LLMail-Inject)

We are excited to announce the winners of LLMail-Inject, our first Adaptive Prompt Injection Challenge! The challenge ran from December 2024 until February 2025 and was featured as one of the four official competitions of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning IEEE...

The vulnerability of the Iced training platform’s classes allows a hacker to execute arbitrary code.

The vulnerability of the Iced training platform for machine learning H2O is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

EPSS Decoded: An Examination & Comparison to CVSS

Running short on time but still want to stay in the know? Well, we've got you covered! We've condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all! A Paradigm Shift in Vulnerability Management Vulnerability...

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Cybersecurity researchers have uncovered two malicious machine learning ML models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning...

CVE-2021-37648

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for tf.rawops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation uses ValidateInputs to check that the input arguments are vali...

CVE-2022-23574

Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write. Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the...

Security Bulletin: Vulnerabilites in the IBM WebSphere Application Server Liberty version 17.0.0.3 - 24.0.0.5 affects Watson Machine Learning Accelerator on Cloud Pak for Data

Summary Vulnerabilites in the IBM WebSphere Application Server Liberty version 17.0.0.3 - 24.0.0.5 affects Watson Machine Learning Accelerator on Cloud Pak for Data several releases. It has be fixed in Watson Machine Learning Accelerator on Cloud Pak for Data 5.0.1 release. Vulnerability Details...

PT-2025-2712 · Qualcomm · Qualcomm Snapdragon Auto

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto affected versions not specified Description: Memory corruption occurs while parsing the ML IE due to invalid frame content. This issue could potentially be exploited for remote code execution. Recommendations: At the...

CVE-2024-49375 Remote Code Execution via Remote Model Loading in Rasa

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...