MAL-2025-20063 Malicious code in export-double-cache-benchmark-resolve (npm)

The package export-double-cache-benchmark-resolve was found to contain malicious code...

Malicious code in void-rho-load-double-benchmark (npm)

The package void-rho-load-double-benchmark was found to contain malicious code...

Malicious code in load-runtime-benchmark-hash-cluster (npm)

The package load-runtime-benchmark-hash-cluster was found to contain malicious code...

MAL-2025-25472 Malicious code in load-runtime-benchmark-hash-cluster (npm)

The package load-runtime-benchmark-hash-cluster was found to contain malicious code...

Malicious code in benchmark-deserialize-mu-epsilon-shell (npm)

The package benchmark-deserialize-mu-epsilon-shell was found to contain malicious code...

Malicious code in interface-cloud-class-benchmark-debug (npm)

The package interface-cloud-class-benchmark-debug was found to contain malicious code...

MAL-2025-40952 Malicious code in zero-report-benchmark-pi-scale (npm)

The package zero-report-benchmark-pi-scale was found to contain malicious code...

Malicious code in deploy-benchmark-fork-bundle-dog (npm)

The package deploy-benchmark-fork-bundle-dog was found to contain malicious code...

MAL-2025-15957 Malicious code in book-short-grid-benchmark-route (npm)

The package book-short-grid-benchmark-route was found to contain malicious code...

A Comparative Analysis of Lightweight Hash Functions Using AVR ATXMega128 and ChipWhisperer

Lightweight hash functions have become important building blocks for security in embedded and IoT systems. A plethora of algorithms have been proposed and standardized, providing a wide range of performance trade-off options for developers to choose from. This paper presents a comparative analysi...

Multilingual Source Tracing of Speech Deepfakes: a First Benchmark

Recent progress in generative AI has made it increasingly easy to create natural-sounding deepfake speech from just a few seconds of audio. While these tools support helpful applications, they also raise serious concerns by making it possible to generate convincing fake speech in many languages...

SVC 2025: the First Multimodal Deception Detection Challenge

Deception detection is a critical task in real-world applications such as security screening, fraud prevention, and credibility assessment. While deep learning methods have shown promise in surpassing human-level performance, their effectiveness often depends on the availability of high-quality a...

From Learning to Unlearning: Biomedical Security Protection in Multimodal Large Language Models

The security of biomedical Multimodal Large Language Models MLLMs has attracted increasing attention. However, training samples easily contain private information and incorrect knowledge that are difficult to detect, potentially leading to privacy leakage or erroneous outputs after deployment. An...

Towards Effective Offensive Security LLM Agents: Hyperparameter Tuning, LLM As a Judge, and a Lightweight CTF Benchmark

Recent advances in LLM agentic systems have improved the automation of offensive security tasks, particularly for Capture the Flag CTF challenges. We systematically investigate the key factors that drive agent success and provide a detailed recipe for building effective LLM-based offensive securi...

MAL-2025-6696 Malicious code in astro-benchmark (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in astro-benchmark (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection

With the rapid expansion of web-based applications and cloud services, malicious JavaScript code continues to pose significant threats to user privacy, system integrity, and enterprise security. But, detecting such threats remains challenging due to sophisticated code obfuscation techniques and...

Dedupe Python Library 操作系统命令注入漏洞

Dedupe Python Library is an open source Python library for accurate and scalable fuzzy matching, de-duplication from Dedupe.io. Dedupe Python Library suffers from an operating system command injection vulnerability that stems from issuecomment triggering the execution of untrusted code in the...

Security Challenges in AI Agent Deployment: Insights from a Large Scale Public Competition

Recent advances have enabled LLM-powered AI agents to autonomously execute complex tasks by combining language model reasoning with tools, memory, and web access. But can these systems be trusted to follow deployment policies in realistic environments, especially under attack? To investigate, we...

Running in CIRCLE? A Simple Benchmark for LLM Code Interpreter Security

As large language models LLMs increasingly integrate native code interpreters, they enable powerful real-time execution capabilities, substantially expanding their utility. However, such integrations introduce potential system-level cybersecurity threats, fundamentally different from prompt-based...