BentoML 代码问题漏洞

BentoML is an open source modeling service library from BentoML Open Source. It is used to build high-performance and scalable artificial intelligence applications using Python. A code issue vulnerability exists in BentoML versions 1.4.0 through 1.4.19 that stems from the file upload processing...

WBHT: a Generative Attention Architecture for Detecting Black Hole Anomalies in Backbone Networks

We propose the Wasserstein Black Hole Transformer WBHT framework for detecting black hole BH anomalies in communication networks. These anomalies cause packet loss without failure notifications, disrupting connectivity and leading to financial losses. WBHT combines generative modeling, sequential...

DREAM: Scalable Red Teaming for Text-To-Image Generative Systems Via Distribution Modeling

Despite the integration of safety alignment and external filters, text-to-image T2I generative models are still susceptible to producing harmful content, such as sexual or violent imagery. This raises serious concerns about unintended exposure and potential misuse. Red teaming, which aims to...

Characterizing Security and Privacy Teaching Standards for Schools in the United States

Increasingly, students begin learning aspects of security and privacy during their primary and secondary education grades K-12 in the United States. Individual U.S. states and some national organizations publish teaching standards -- guidance that outlines expectations for what students should...

Modeling CORS frameworks with CodeQL to find security vulnerabilities

There are many different types of vulnerabilities that can occur when setting up CORS for your web application, and insecure usage of CORS frameworks and logic errors in homemade CORS implementations can lead to serious security vulnerabilities that allow attackers to bypass authentication. What'...

Agent Safety Alignment Via Reinforcement Learning

The emergence of autonomous Large Language Model LLM agents capable of tool usage has introduced new safety risks that go beyond traditional conversational misuse. These agents, empowered to execute external functions, are vulnerable to both user-initiated threats e.g., adversarial prompts and...

Hedge Funds on a Swamp: Analyzing Patterns, Vulnerabilities, and Defense Measures in Blockchain Bridges [Experiment, Analysis and Benchmark]

Blockchain bridges have become essential infrastructure for enabling interoperability across different blockchain networks, with more than $24B monthly bridge transaction volume. However, their growing adoption has been accompanied by a disproportionate rise in security breaches, making them the...

TELSAFE: Security Gap Quantitative Risk Assessment Framework

Gaps between established security standards and their practical implementation have the potential to introduce vulnerabilities, possibly exposing them to security risks. To effectively address and mitigate these security and compliance challenges, security risk management strategies are essential...

A Survey on Artificial Noise for Physical Layer Security: Opportunities, Technologies, Guidelines, Advances, and Trends

Due to the broadcast nature of wireless communications, physical-layer security has attracted increasing concerns from both academia and industry. Artificial noise AN, as one of the promising physical-layer security techniques, is capable of utilizing the spatial degree-of-freedom of channels to...

Boosting Generative Adversarial Transferability with Self-Supervised Vision Transformer Features

The ability of deep neural networks DNNs come from extracting and interpreting features from the data provided. By exploiting intermediate features in DNNs instead of relying on hard labels, we craft adversarial perturbation that generalize more effectively, boosting black-box transferability...

Microsoft Named a Leader in the 2025 IDC CNAPP MarketScape: Key Takeaways for Security Buyers

The cloud-native application protection platform CNAPP market continues to evolve rapidly as organizations look to secure increasingly complex cloud environments. In the recently published 2025 IDC MarketScape for Worldwide CNAPP, Microsoft has been recognized as a Leader, reaffirming its...

SV-LLM: an Agentic Approach for SoC Security Verification Using Large Language Models

Ensuring the security of complex system-on-chips SoCs designs is a critical imperative, yet traditional verification techniques struggle to keep pace due to significant challenges in automation, scalability, comprehensiveness, and adaptability. The advent of large language models LLMs, with their...

GNSS Spoofing Detection Based on Opportunistic Position Information

The limited or no protection for civilian Global Navigation Satellite System GNSS signals makes spoofing attacks relatively easy. With modern mobile devices often featuring network interfaces, state-of-the-art signals of opportunity SOP schemes can provide accurate network positions in replacemen...

DinoCompanion: an Attachment-Theory Informed Multimodal Robot for Emotionally Responsive Child-AI Interaction

Children's emotional development fundamentally relies on secure attachment relationships, yet current AI companions lack the theoretical foundation to provide developmentally appropriate emotional support. We introduce DinoCompanion, the first attachment-theory-grounded multimodal robot for...

Agent Capability Negotiation and Binding Protocol (ACNBP)

As multi-agent systems evolve to encompass increasingly diverse and specialized agents, the challenge of enabling effective collaboration between heterogeneous agents has become paramount, with traditional agent communication protocols often assuming homogeneous environments or predefined...

PROVSYN: Synthesizing Provenance Graphs for Data Augmentation in Intrusion Detection Systems

Provenance graph analysis plays a vital role in intrusion detection, particularly against Advanced Persistent Threats APTs, by exposing complex attack patterns. While recent systems combine graph neural networks GNNs with natural language processing NLP to capture structural and semantic features...

Membership Inference Attacks on Sequence Models

Sequence models, such as Large Language Models LLMs and autoregressive image generators, have a tendency to memorize and inadvertently leak sensitive information. While this tendency has critical legal implications, existing tools are insufficient to audit the resulting risks. We hypothesize that...

Combining Threat Intelligence with IoT Scanning to Predict Cyber Attack

While the Web has become a global platform for communication, malicious actors, including hackers and hacktivist groups, often disseminate ideological content and coordinate activities through the "Dark Web", an obscure counterpart of the conventional web. Presently, challenges such as informatio...

Red-Teaming Text-To-Image Systems by Rule-Based Preference Modeling

Text-to-image T2I models raise ethical and safety concerns due to their potential to generate inappropriate or harmful images. Evaluating these models' security through red-teaming is vital, yet white-box approaches are limited by their need for internal access, complicating their use with...

Efficient and Stealthy Jailbreak Attacks Via Adversarial Prompt Distillation from LLMs to SLMs

Attacks on large language models LLMs in jailbreaking scenarios raise many security and ethical issues. Current jailbreak attack methods face problems such as low efficiency, high computational cost, and poor cross-model adaptability and versatility, which make it difficult to cope with the rapid...