Configure Proper Policies for OUTPUT of nftables

There are two occasions in which a server sends outgoing packets: 1. The local host process proactively connects to an external server, for example, performing an HTTP access, or sending data to a log server. 2. The local host responds to the external access to the local services. If no policy is...

OET: Optimization-Based Prompt Injection Evaluation Toolkit

Large Language Models LLMs have demonstrated remarkable capabilities in natural language understanding and generation, enabling their widespread adoption across various domains. However, their susceptibility to prompt injection attacks poses significant security risks, as adversarial inputs can...

An Empirical Study on the Effectiveness of Large Language Models for Binary Code Understanding

Binary code analysis plays a pivotal role in the field of software security and is widely used in tasks such as software maintenance, malware detection, software vulnerability discovery, patch analysis, etc. However, unlike source code, reverse engineers face significant challenges in understandi...

Llama-3.1-FoundationAI-SecurityLLM-Base-8B Technical Report

As transformer-based large language models LLMs increasingly permeate society, they have revolutionized domains such as software engineering, creative writing, and digital arts. However, their adoption in cybersecurity remains limited due to challenges like scarcity of specialized training data a...

CipherBank: Exploring the Boundary of LLM Reasoning Capabilities through Cryptography Challenges

Large language models LLMs have demonstrated remarkable capabilities, especially the recent advancements in reasoning, such as o1 and o3, pushing the boundaries of AI. Despite these impressive achievements in mathematics and coding, the reasoning abilities of LLMs in domains requiring cryptograph...

Private Federated Learning Using Preference-Optimized Synthetic Data

In practical settings, differentially private Federated learning DP-FL is the dominant method for training models from private, on-device client data. Recent work has suggested that DP-FL may be enhanced or outperformed by methods that use DP synthetic data Wu et al., 2024; Hou et al., 2024. The...

Breaking the Flow and the Bank: Stealthy Cyberattacks on Water Network Hydraulics

As water distribution networks WDNs become increasingly connected with digital infrastructures, they face greater exposure to cyberattacks that threaten their operational integrity. Stealthy False Data Injection Attacks SFDIAs are particularly concerning, as they manipulate sensor data to...

Secure Transfer Learning: Training Clean Models against Backdoor in (Both) Pre-Trained Encoders and Downstream Datasets

Transfer learning from pre-trained encoders has become essential in modern machine learning, enabling efficient model adaptation across diverse tasks. However, this combination of pre-training and downstream adaptation creates an expanded attack surface, exposing models to sophisticated backdoor...

MAL-2025-3164 Malicious code in search-benchmark-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83090fc7978d15e4a0ee6c1d633d8998d6b7ce00f6c0ec85ec1e6297d679517e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in search-benchmark-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83090fc7978d15e4a0ee6c1d633d8998d6b7ce00f6c0ec85ec1e6297d679517e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

androidx.benchmark:benchmark-common (>=1.1.0 <=1.4.0-alpha07), androidx.benchmark:benchmark-junit4 (>=1.1.0 <=1.2.4) +432 more potentially affected by CVE-2024-58103 via com.squareup.wire:wire-runtime (>=1.0.0 <=5.1.0)

com.squareup.wire:wire-runtime MAVEN version =1.0.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =0.1.4-20211109.2053-a41370d, =0.1.0, =0.1.4-20211109.2053-a41370d, =0.1.4-20211109.2053-a41370d, =0.1.4-20220406.2256-c2ad520, =0.1.4-20211109.2053-a41370d, =0.1.0, =0.1.3-20210127.1838-76ab4fc,...

androidx.benchmark:benchmark-common (>=1.4.0-alpha01 <=1.4.0-alpha07), androidx.benchmark:benchmark-macro (>=1.4.0-alpha01 <=1.4.0-alpha07) +44 more potentially affected by CVE-2024-58103 via com.squareup.wire:wire-runtime (>=5.0.0-alpha01 <=5.1.0)

com.squareup.wire:wire-runtime MAVEN version =5.0.0-alpha01, =1.4.0-alpha01, =1.4.0-alpha01, =2.108.2, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6...

Malicious code in alchemy-asset-transfers-benchmark (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

MAL-2024-10570 Malicious code in spliffy-benchmark (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ead6b661fb169fc63b0a65eb514024ee59694c0b4e6031a27afc765d0089b5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in spliffy-benchmark (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ead6b661fb169fc63b0a65eb514024ee59694c0b4e6031a27afc765d0089b5d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CLSA-2024-1722533082 kernel: Fix of 47 CVEs

afunix: Fix garbage collector racing against connect CVE-2024-26923 - netfilter: nftlimit: reject configurations that cause integer overflow CVE-2024-26668 - libbpf: Fix use-after-free in btfdumpnamedups CVE-2022-3534 - bpf: Fix partial dynptr stack slot reads/writes CVE-2023-39191 - ima: Fix...

CVE-2024-41009

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumerpos is the consumer counter to show which...

CVE-2024-41009 bpf: Fix overrunning reservations in ringbuf

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumerpos is the consumer counter to show which...

SUSE CVE-2024-39277

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMANONODE correctly cpumaskofnode can be called for NUMANONODE inside domapbenchmark resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in...

SUSE CVE-2024-34777

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in mapbenchmarkioctl, nodepossible may be provided with invalid argument outside of 0,MAXNUMNODES-1 range leading to: BUG: KASAN: wild-memory-access in...