RAG Safety: Exploring Knowledge Poisoning Attacks to Retrieval-Augmented Generation

Retrieval-Augmented Generation RAG enhances large language models LLMs by retrieving external data to mitigate hallucinations and outdated knowledge issues. Benefiting from the strong ability in facilitating diverse data sources and supporting faithful reasoning, knowledge graphs KGs have been...

CLIP-Guided Backdoor Defense through Entropy-Based Poisoned Dataset Separation

Deep Neural Networks DNNs are susceptible to backdoor attacks, where adversaries poison training data to implant backdoor into the victim model. Current backdoor defenses on poisoned data often suffer from high computational costs or low effectiveness against advanced attacks like clean-label and...

Phantom Subgroup Poisoning: Stealth Attacks on Federated Recommender Systems

Federated recommender systems FedRec have emerged as a promising solution for delivering personalized recommendations while safeguarding user privacy. However, recent studies have demonstrated their vulnerability to poisoning attacks. Existing attacks typically target the entire user group, which...

That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat

With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what's legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response EDR fall short at detecting the most important threats to your...

5 Cyber Trends That Should Be Shaping Your 2025 Security Strategy

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. 2024 was the year cyber threats got faster, smarter, and far more lethal. Ransomware groups became...

Navigating cyber risks with Microsoft Security Exposure Management eBook

Imagine steering a vessel through Arctic waters where 90% of iceberg mass lies hidden beneath the surface; your lookouts equipped only with telescopes and blind to the submerged threats. This parallels today's cybersecurity landscape: According to the Microsoft Digital Defense Report 2024, nearly...

Automatic Selection of Protections to Mitigate Risks against Software Applications

This paper introduces a novel approach for the automated selection of software protections to mitigate MATE risks against critical assets within software applications. We formalize the key elements involved in protection decision-making - including code artifacts, assets, security requirements,...

From LLMs to MLLMs to Agents: a Survey of Emerging Paradigms in Jailbreak Attacks and Defenses within LLM Ecosystem

Large language models LLMs are rapidly evolving from single-modal systems to multimodal LLMs and intelligent agents, significantly expanding their capabilities while introducing increasingly severe security risks. This paper presents a systematic survey of the growing complexity of jailbreak...

Autonomous 3D Moving Target Encirclement and Interception with Range Measurement

Commercial UAVs are an emerging security threat as they are capable of carrying hazardous payloads or disrupting air traffic. To counter UAVs, we introduce an autonomous 3D target encirclement and interception strategy. Unlike traditional ground-guided systems, this strategy employs autonomous...

The importance of managing your SEO strategy in a safe way

As SEO leans towards AI, site owners are more in need of third-party tools, and agencies and updating…...

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=55.v51410e712e0c <=57.v0756db_b_f6926), be.personify.iam:personify-frontend (>=1.5.4.RELEASE <=1.5.5.RELEASE) +1905 more potentially affected by CVE-2025-48976 via org.apache.commons:commons-fileupload2-core (>=2.0.0-M1 <=2.0.0-M3)

org.apache.commons:commons-fileupload2-core MAVEN version =2.0.0-M1, =55.v51410e712e0c, =1.5.4.RELEASE, =1.0.0, =0.0.15, =24.7.0, =24.7.0, =24.7.0, =24.7.0, =24.11.0, =24.7.0, =24.7.0, =24.7.0, =25.1.0, =3.0.1, =3.2.12 and more Source cves: CVE-2025-48976 Source advisory: OSV:GHSA-VV7R-C36W-3PRJ...

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=55.v51410e712e0c <=57.v0756db_b_f6926), be.personify.iam:personify-frontend (>=1.5.4.RELEASE <=1.5.5.RELEASE) +1905 more potentially affected by CVE-2025-48976 via org.apache.commons:commons-fileupload2-core (>=2.0.0-M1 <=2.0.0-M3)

org.apache.commons:commons-fileupload2-core MAVEN version =2.0.0-M1, =55.v51410e712e0c, =1.5.4.RELEASE, =1.0.0, =0.0.15, =24.7.0, =24.7.0, =24.7.0, =24.7.0, =24.11.0, =24.7.0, =24.7.0, =24.7.0, =25.1.0, =3.0.1, =3.2.12 and more Source cves: CVE-2025-48976 Source advisory:...

New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes

Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's LLM safety and content moderation guardrails with just a single character change. "The TokenBreak attack targets a text classification model's tokenization...

Beyond Implementation: Building a Zero Trust Strategy That Works

...

Oracle-Based Multistep Strategy for Solving Polynomial Systems over Finite Fields and Algebraic Cryptanalysis of the Aradi Cipher

The multistep solving strategy consists in a divide-and-conquer approach: when a multivariate polynomial system is computationally infeasible to solve directly, one variable is assigned over the elements of the base finite field, and the procedure is recursively applied to the resulting simplifie...

Expert-In-The-Loop Systems with Cross-Domain and In-Domain Few-Shot Learning for Software Vulnerability Detection

As cyber threats become more sophisticated, rapid and accurate vulnerability detection is essential for maintaining secure systems. This study explores the use of Large Language Models LLMs in software vulnerability assessment by simulating the identification of Python code with known Common...

Navigating AWS Migration: Achieving Clarity and Confidence

Migrating workloads to Amazon Web Services AWS represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy for visibility and security can introduce unforeseen risks,...

GradEscape: a Gradient-Based Evader against AI-Generated Text Detectors

In this paper, we introduce GradEscape, the first gradient-based evader designed to attack AI-generated text AIGT detectors. GradEscape overcomes the undifferentiable computation problem, caused by the discrete nature of text, by introducing a novel approach to construct weighted embeddings for t...

TokenBreak: Bypassing Text Classification Models through Token Manipulation

Natural Language Processing NLP models are used for text-related tasks such as classification and generation. To complete these tasks, input data is first tokenized from human-readable text into a format the model can understand, enabling it to make inferences and understand context. Text...

Navigating AWS Migration: Achieving Clarity and Confidence

Migrating workloads to Amazon Web Services AWS represents a significant strategic opportunity, enabling greater agility, scalability, and potential for innovation. But undertaking this transition without a comprehensive strategy for visibility and security can introduce unforeseen risks,...