Watermarking Degrades Alignment in Language Models: Analysis and Mitigation

Watermarking techniques for large language models LLMs can significantly impact output quality, yet their effects on truthfulness, safety, and helpfulness remain critically underexamined. This paper presents a systematic analysis of how two popular watermarking approaches-Gumbel and KGW-affect...

Driving Success on the Track or in the Boardroom

Discover how the Trend Micro and the NEOM McLaren Formula E Team partnership is powered by a common vision for winning, on the track and in the boardroom...

Align Is Not Enough: Multimodal Universal Jailbreak Attack against Multimodal Large Language Models

Large Language Models LLMs have evolved into Multimodal Large Language Models MLLMs, significantly enhancing their capabilities by integrating visual information and other types, thus aligning more closely with the nature of human intelligence, which processes a variety of data forms beyond just...

Key Takeaways from the Take Command Summit 2025: Customer Panel on Future-Proofing VM Programs

One of the most actionable sessions at the Take Command 2025 Virtual Cybersecurity Summit came directly from the field. In a panel hosted by Aniket Menon, VP of Product Management at Rapid7, security leaders from Cross Financial Corp, Phibro Animal Health Corporation, and Miltenyi Biotec shared h...

H3C SecCenter SMP-E1114P02 路径遍历漏洞

H3C SecCenter SMP-E1114P02 is a security management platform from China's Xinhua San H3C. A path traversal vulnerability exists in H3C SecCenter SMP-E1114P02 20250513 and earlier versions, which stems from path traversal due to incorrect operation of the parameter Name in the...

CVE-2025-24401

Jenkins Folder-based Authorization Strategy Plugin 217.vd5b18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted typically optional permissions, like Overall/Manage to access functionality they're no longer entitle...

CVE-2024-48569

Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-Site Scripting XSS vulnerabilities in the add/edit form fields, at the urls starting with the subpaths: /ar/config/configuation/ and /ar/config/risk-strategy-control/...

CVE-2021-41275

spreeauthdevise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spreeauthdevise is subject to a CSRF vulnerability that allows user account...

CVE-2021-21624

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders...

CVE-2013-10025

A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is...

CVE-2013-10024

A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version...

Silent Leaks: Implicit Knowledge Extraction Attack on RAG Systems through Benign Queries

Retrieval-Augmented Generation RAG systems enhance large language models LLMs by incorporating external knowledge bases, but they are vulnerable to privacy risks from data extraction attacks. Existing extraction methods typically rely on malicious inputs such as prompt injection or jailbreaking,...

llm-strategy (>=2.0.0 <=2.2.0), llmtracer (>=1.1.0 <=1.2.1) potentially affected by CVE-2025-47425 via reflex (=0.3.10)

reflex PYPI version =0.3.10 is affected by a known vulnerability. The following packages have a transitive dependency on reflex and may be impacted: - llm-strategy =2.0.0, =1.1.0, =1.2.1 Source cves: CVE-2025-47425 Source advisory: SNYK:PYTHON-REFLEX-10442544...

CVE-2025-4516

There is an issue in CPython when using bytes.decode"unicodeescape", error="ignore|replace". If you are not using the "unicodeescape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode call in ...

5 BCDR Essentials for Effective Ransomware Defense

Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently...

Optimized Couplings for Watermarking Large Language Models

Large-language models LLMs are now able to produce text that is, in many cases, seemingly indistinguishable from human-generated content. This has fueled the development of watermarks that imprint a signal'' in LLM-generated text with minimal perturbation of an LLM's output. This paper provides a...

Malicious code in harvest-strategy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de22b4dfdf724c0f8cba6b9451ea1743b0a7d6be1256a89d00ec7ae20c3ef901 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3765 Malicious code in harvest-strategy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de22b4dfdf724c0f8cba6b9451ea1743b0a7d6be1256a89d00ec7ae20c3ef901 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Towards Quantum Resilience: Data-Driven Migration Strategy Design

The advancements in quantum computing are a threat to classical cryptographic systems. The traditional cryptographic methods that utilize factorization-based or discrete-logarithm-based algorithms, such as RSA and ECC, are some of these. This paper thoroughly investigates the vulnerabilities of...

CVE-2025-46572

Summary of CVE-2025-46572 (passport-wsfed-saml2): A SAML-based impersonation vulnerability affects versions 3.0.5 through 4.6.3 of passport-wsfed-saml2 when the Service Provider uses this module and a valid SAML document signed by the IdP can be obtained. An attacker can craft a SAMLResponse to i...