163 matches found
Vulnerability of the WebRTC component: The signaling browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird, which allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the WebRTC component: The signaling browsers Mozilla Firefox, Firefox ESR, and the email client Thunderbird are vulnerable due to dependencies on behaviors that are uncertain for each type of implementation. Exploiting this vulnerability allows a malicious actor to compromise...
Do Skill Descriptions Tell the Truth? Detecting Undisclosed Security Behaviors in Code-Backed LLM Skills
Programmatic skills in LLM ecosystems consist of a natural-language description and executable implementation files. Users and LLMs rely on the description to understand the skill's scope. However, the implementation may perform security-relevant operations, such as credential access, network...
CVE-2025-52641
HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information...
FreeBSD 安全漏洞
FreeBSD is a Unix-like operating system developed by the FreeBSD Foundation. There is a security vulnerability in FreeBSD, which stems from issues with hash calculations. This vulnerability may cause rules that use address-range syntax to be silently discarded, resulting in unexpected behaviors...
iccDEV 安全漏洞
iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained security vulnerabilities; these vulnerabilities were caused by specially crafted ICC configuration files that could trigger undefined behaviors...
iccDEV 数字错误漏洞
iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.6 contained a numerical error vulnerability. This vulnerability occurred due to specially crafted TIFF inputs, which could lead to zero errors and trigger...
iccDEV security vulnerability
iccDEV is an open-source color configuration code library developed by the International Color Consortium. Versions of iccDEV prior to 2.3.1.1 contained security vulnerabilities. These vulnerabilities were caused by empty pointer dereferencing and undefined behaviors in CIccXmlArrayType, which...
RampoNN: A Reachability-Guided System Falsification for Efficient Cyber-Kinetic Vulnerability Detection
Detecting kinetic vulnerabilities in Cyber-Physical Systems CPS, vulnerabilities in control code that can precipitate hazardous physical consequences, is a critical challenge. This task is complicated by the need to analyze the intricate coupling between complex software behavior and the system's...
EUVD-2024-18550
Malicious code in bioql PyPI...
EUVD-2024-18607
Malicious code in bioql PyPI...
IMDS Abused: Hunting Rare Behaviors to Uncover Exploits
When common processes start asking the wrong questions...
The vulnerability of the console-based graphic editor ImageMagick lies in its dependence on behaviors that are uncertain for each implementation type. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the console-based graphic editor ImageMagick is related to its dependence on behaviors that are uncertain for each implementation type. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...
Rethinking Denial-Of-Service: a Conditional Taxonomy Unifying Availability and Sustainability Threats
This paper proposes a unified, condition-based framework for classifying both legacy and cloud-era denial-of-service DoS attacks. The framework comprises three interrelated models: a formal conditional tree taxonomy, a hierarchical lattice structure based on order theory, and a conceptual Venn...
Thwart Me If You Can: an Empirical Analysis of Android Platform Armoring against Stalkerware
Stalkerware is a serious threat to individuals' privacy that is receiving increased attention from the security and privacy research communities. Existing works have largely focused on studying leading stalkerware apps, dual-purpose apps, monetization of stalkerware, or the experience of survivor...
Hunting in the Dark: Metrics for Early Stage Traffic Discovery
Threat hunting is an operational security process where an expert analyzes traffic, applying knowledge and lightweight tools on unlabeled data in order to identify and classify previously unknown phenomena. In this paper, we examine threat hunting metrics and practice by studying the detection of...
Red Teaming AI Red Teaming
Red teaming has evolved from its origins in military applications to become a widely adopted methodology in cybersecurity and AI. In this paper, we take a critical look at the practice of AI red teaming. We argue that despite its current popularity in AI governance, there exists a significant gap...
Shill Bidding Prevention in Decentralized Auctions Using Smart Contracts
In online auctions, fraudulent behaviors such as shill bidding pose significant risks. This paper presents a conceptual framework that applies dynamic, behavior-based penalties to deter auction fraud using blockchain smart contracts. Unlike traditional post-auction detection methods, this approac...
ChatGPT o3 Resists Shutdown Despite Instructions, Study Claims
ChatGPT o3 resists shutdown despite explicit instructions, raising fresh concerns over AI safety, alignment, and reinforcement learning behaviors...
CVE-2024-20835
Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors...
CVE-2024-7595
GRE and GRE6 Protocols RFC2784 do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered simil...