659 matches found
Malicious code in supplychain-firewall-benchmark-hello (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 19af5203b034f6420f173bf6e45719afeb28ecfe359a8858cbe814fe3cd55d11 The OpenSSF Package Analysis project identified 'supplychain-firewall-benchmark-hello' @ 1.10.2 npm as malicious. It is considered malicious...
Systematic Assessment of Cache Timing Vulnerabilities on RISC-V Processors
While interest in the open RISC-V instruction set architecture is growing, tools to assess the security of concrete processor implementations are lacking. There are dedicated tools and benchmarks for common microarchitectural side-channel vulnerabilities for popular processor families such as Int...
Linux Distros Unpatched Vulnerability : CVE-2023-53531
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nullblk: fix poll request timeout handling When doing iouring benchmark on /dev/nullb0, it's...
INE Security Releases Industry Benchmark Report: “Wired Together: The Case for Cross-Training in Networking and Cybersecurity”
Raleigh, United States, 7th October 2025, CyberNewsWire...
EUVD-2019-16000
Malware in sbrugna...
EUVD-2023-36382
Malicious code in bioql PyPI...
EUVD-2024-29256
Malicious code in bioql PyPI...
EUVD-2023-1967
Malicious code in bioql PyPI...
EUVD-2024-29780
Malicious code in bioql PyPI...
EUVD-2022-27667
Malicious code in bioql PyPI...
CryptOracle: A Modular Framework to Characterize Fully Homomorphic Encryption
Privacy-preserving machine learning has become an important long-term pursuit in this era of artificial intelligence AI. Fully Homomorphic Encryption FHE is a uniquely promising solution, offering provable privacy and security guarantees. Unfortunately, computational cost is impeding its mass...
SoK: Measuring What Matters for Closed-Loop Security Agents
Cybersecurity is a relentless arms race, with AI driven offensive systems evolving faster than traditional defenses can adapt. Research and tooling remain fragmented across isolated defensive functions, creating blind spots that adversaries exploit. Autonomous agents capable of integrating, explo...
Binary Diff Summarization Using Large Language Models
Security of software supply chains is necessary to ensure that software updates do not contain maliciously injected code or introduce vulnerabilities that may compromise the integrity of critical infrastructure. Verifying the integrity of software updates involves binary differential analysis...
SafeSearch: Automated Red-Teaming for the Safety of LLM-Based Search Agents
Search agents connect LLMs to the Internet, enabling access to broader and more up-to-date information. However, unreliable search results may also pose safety threats to end users, establishing a new threat surface. In this work, we conduct two in-the-wild experiments to demonstrate both the...
SecureAgentBench: Benchmarking Secure Code Generation under Realistic Vulnerability Scenarios
Large language model LLM powered code agents are rapidly transforming software engineering by automating tasks such as testing, debugging, and repairing, yet the security risks of their generated code have become a critical concern. Existing benchmarks have offered valuable insights but remain...
FakeSound2: a Benchmark for Explainable and Generalizable Deepfake Sound Detection
The rapid development of generative audio raises ethical and security concerns stemming from forged data, making deepfake sound detection an important safeguard against the malicious use of such technologies. Although prior studies have explored this task, existing methods largely focus on binary...
CVE-2025-47906 vulnerabilities
Vulnerabilities for packages: newrelic-nri-statsd, shfmt, blobfuse2, pvc-autoresizer, sftpgo-plugin-pubsub, secrets-store-csi-driver-provider-aws, vexctl, kserve-rest-proxy, terraform-provider-time, sftpgo-plugin-geoipfilter, kube-vip-cloud-provider, gitsign, cloud-provider-aws, hivemind, nats,...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: newrelic-nri-statsd, shfmt, blobfuse2, pvc-autoresizer, sftpgo-plugin-pubsub, secrets-store-csi-driver-provider-aws, vexctl, kserve-rest-proxy, terraform-provider-time, sftpgo-plugin-geoipfilter, kube-vip-cloud-provider, gitsign, cloud-provider-aws, hivemind, nats,...
Time-of-Check Time-of-Use Attacks Against LLMs
This is a nice piece of research: "Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents".: Abstract: Large Language Model LLM-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security...
Exploiting Timing Side-Channels in Quantum Circuits Simulation Via ML-Based Methods
As quantum computing advances, quantum circuit simulators serve as critical tools to bridge the current gap caused by limited quantum hardware availability. These simulators are typically deployed on cloud platforms, where users submit proprietary circuit designs for simulation. In this work, we...