470 matches found
CVE-2023-54149
CVE-2023-54149 concerns the Linux kernel, where the felix driver used as a DSA master for another DSA switch can trigger a stack trace when VLAN-aware bridges join. The root cause is a call path where vlan_for_each() is expected to run with rtnl_lock() context but does not, inside DSA’s ndo_set_r...
CVE-2023-54149 net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses
In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one which supports UC filtering and MC filtering as a DSA master for a random other DSA switch, one can see the followi...
CVE-2023-54149 net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses
In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver the only one which supports UC filtering and MC filtering as a DSA master for a random other DSA switch, one can see the followi...
Failure Analysis of Safety Controllers in Autonomous Vehicles under Object-Based LiDAR Attacks
Autonomous vehicles rely on LiDAR based perception to support safety critical control functions such as adaptive cruise control and automatic emergency braking. While previous research has shown that LiDAR perception can be manipulated through object based spoofing and injection attacks, the impa...
Energy-Efficient Multi-LLM Reasoning for Binary-Free Zero-Day Detection in IoT Firmware
Securing Internet of Things IoT firmware remains difficult due to proprietary binaries, stripped symbols, heterogeneous architectures, and limited access to executable code. Existing analysis methods, such as static analysis, symbolic execution, and fuzzing, depend on binary visibility and...
Cyber Threat Detection Enabled by Quantum Computing
Threat detection models in cybersecurity must keep up with shifting traffic, strict feature budgets, and noisy hardware, yet even strong classical systems still miss rare or borderline attacks when the data distribution drifts. Small, near-term quantum processors are now available, but existing...
BGPFuzz: Automated Configuration Fuzzing of the Border Gateway Protocol
Telecommunications networks rely on configurations to define routing behavior, especially in the Border Gateway Protocol BGP, where misconfigurations can lead to severe outages and security breaches, as demonstrated by the 2021 Facebook outage. Unlike existing approaches that rely on synthesis or...
injection-research
injection-research A study comparing injection vulnerabilities...
TopoReformer: Mitigating Adversarial Attacks Using Topological Purification in OCR Models
Adversarially perturbed images of text can cause sophisticated OCR systems to produce misleading or incorrect transcriptions from seemingly invisible changes to humans. Some of these perturbations even survive physical capture, posing security risks to high-stakes applications such as document...
Resilient Distribution Network Planning against Dynamic Malicious Power Injection Attacks
Active distribution networks facilitating bidirectional power exchange with renewable energy resources are susceptible to cyberattacks due to integration of a diverse array of cyber components. This study introduces a grid-level defense strategy aimed at enhancing attack resiliency based on...
NegBLEURT Forest: Leveraging Inconsistencies for Detecting Jailbreak Attacks
Jailbreak attacks designed to bypass safety mechanisms pose a serious threat by prompting LLMs to generate harmful or inappropriate content, despite alignment with ethical guidelines. Crafting universal filtering rules remains difficult due to their inherent dependence on specific contexts. To...
VULPO: Context-Aware Vulnerability Detection Via On-Policy LLM Optimization
The widespread reliance on open-source software dramatically increases the risk of vulnerability exploitation, underscoring the need for effective and scalable vulnerability detection VD. Existing VD techniques, whether traditional machine learning-based or LLM-based approaches like prompt...
AFLGopher: Accelerating Directed Fuzzing Via Feasibility-Aware Guidance
Directed fuzzing is a useful testing technique that aims to efficiently reach target code sites in a program. The core of directed fuzzing is the guiding mechanism that directs the fuzzing to the specified target. A general guiding mechanism adopted in existing directed fuzzers is to calculate th...
CVE-2025-40160 xen/events: Return -EEXIST for bound VIRQs
In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change findvirq to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUGON from bindvirqtoirq to propogate the error upwards. Some VIRQ...
StyleBreak: Revealing Alignment Vulnerabilities in Large Audio-Language Models Via Style-Aware Audio Jailbreak
Large Audio-language Models LAMs have recently enabled powerful speech-based interactions by coupling audio encoders with Large Language Models LLMs. However, the security of LAMs under adversarial attacks remains underexplored, especially through audio jailbreaks that craft malicious audio promp...
Slice-Aware Spoofing Detection in 5G Networks Using Lightweight Machine Learning
The increasing virtualization of fifth generation 5G networks expands the attack surface of the user plane, making spoofing a persistent threat to slice integrity and service reliability. This study presents a slice-aware lightweight machine-learning framework for detecting spoofing attacks withi...
CVE-2025-63645
CVE-2025-63645 is a stored XSS in pH7Software pH7-Social-Dating-CMS 17.9.1, affecting the messaging system where unsanitized message content is persisted and later rendered in Inbox view without proper encoding, allowing attacker-controlled content to execute in a recipient’s browser. Public docs...
EUVD-2025-101318
Malicious code in awarestoatz3n npm...
MAL-2025-112757 Malicious code in aware_clam_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea924f320fc0e14f2b2db0d20de52369ed5d80a3b96c31198aa4ccd444fe046e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CISO's Expert Guide To AI Supply Chain Attacks
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations. Download the full CISO’s expert guide to AI Supply chain attacks here. TL;DR AI-enabled supply chain attacks are exploding in scale and...