[SECURITY] Fedora 42 Update: qt6-qtserialport-6.9.1-1.fc42

Qt Serial Port provides the basic functionality, which includes configuring, I/O operations, getting and setting the control signals of the RS-232 pinouts...

Safeguarding Multimodal Knowledge Copyright in the RAG-As-A-Service Environment

As Retrieval-Augmented Generation RAG evolves into service-oriented platforms Rag-as-a-Service with shared knowledge bases, protecting the copyright of contributed data becomes essential. Existing watermarking methods in RAG focus solely on textual knowledge, leaving image knowledge unprotected. ...

From Threat to Tool: Leveraging Refusal-Aware Injection Attacks for Safety Alignment

Safely aligning large language models LLMs often demands extensive human-labeled preference data, a process that's both costly and time-consuming. While synthetic data offers a promising alternative, current methods frequently rely on complex iterative prompting or auxiliary models. To address...

Keeping an Eye on LLM Unlearning: the Hidden Risk and Remedy

Although Large Language Models LLMs have demonstrated impressive capabilities across a wide range of tasks, growing concerns have emerged over the misuse of sensitive, copyrighted, or harmful data during training. To address these concerns, unlearning techniques have been developed to remove the...

Breaking the Gold Standard: Extracting Forgotten Data under Exact Unlearning in Large Language Models

Large language models are typically trained on datasets collected from the web, which may inadvertently contain harmful or sensitive personal information. To address growing privacy concerns, unlearning methods have been proposed to remove the influence of specific data from trained models. Of...

CVE-2024-29971

Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected signals...

CVE-2024-9310

By utilizing software-defined radios and a custom low-latency processing pipeline, RF signals with spoofed location data can be transmitted to aircraft targets. This can lead to the appearance of fake aircraft on displays and potentially trigger undesired Resolution Advisories RAs...

CVE-2024-25371

Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from an Interface vulnerability due to mismatching SW signals vs HW exceptions...

CVE-2024-29970

Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads to state corruption via injected signals...

CVE-2024-52344

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Codeies Pvt Ltd Provide Forex Signals provide-forex-signals allows Stored XSS.This issue affects Provide Forex Signals: from n/a through = 1.0...

CVE-2022-38766

The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack...

CVE-2022-36945

The Remote Keyless Entry RKE receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to...

CVE-2021-38546

CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensit...

CVE-2021-38365

Winner aka ToneWinner desktop speakers through 2021-08-09 allow remote attackers to recover speech signals from the power-indicator LED via a telescope and an electro-optical sensor, aka a "Glowworm" attack...

CVE-2021-38548

JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a...

Backdoor Cleaning without External Guidance in MLLM Fine-Tuning

Multimodal Large Language Models MLLMs are increasingly deployed in fine-tuning-as-a-service FTaaS settings, where user-submitted datasets adapt general-purpose models to downstream tasks. This flexibility, however, introduces serious security risks, as malicious fine-tuning can implant backdoors...

GSDFuse: Capturing Cognitive Inconsistencies from Multi-Dimensional Weak Signals in Social Media Steganalysis

The ubiquity of social media platforms facilitates malicious linguistic steganography, posing significant security risks. Steganalysis is profoundly hindered by the challenge of identifying subtle cognitive inconsistencies arising from textual fragmentation and complex dialogue structures, and th...

📄 Tiiwee X1 Alarm System Replay Attack

The Tiiwee X1 Alarm System suffers from a replay attack using a Flipper Zero. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2025-006 Product: Tiiwee X1 Alarm System Manufacturer: Tiiwee B.V. Affected Versions: TWX1HAKV2 Tested Versions: TWX1HAKV2 Vulnerability Type:...

Alibaba Cloud Linux 3 : 0201: glib2 (ALINUX3-SA-2024:0201)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0201 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-34397: An issue was discovered in GNOME GL...

EulerOS 2.0 SP10 : glib2 (EulerOS-SA-2025-1514)

According to the versions of the glib2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus- based client subscribes to signals from a...