Exploring the Connection between Coding Habits and Cognitive Styles in Malware Developers

Malware research primarily studies the results, the methods, and the impact. Even from an offensive security perspective, what is examined is the method, not the development strategy of the offender. This study investigates the behavioral signatures and coding patterns embedded in the malware...

FALCON-C: Flow-Based Analysis and Labeling for Connected Vehicular Network Cybersecurity

Along with the recent rise in popularity of Electric Vehicles EVs, Electric Vehicle Supply Equipment EVSE has emerged as a new target for cyber attacks. Therefore, ensuring the security and integrity of network communication between EVSE components and vehicular clients is a significant challenge...

UNAD+: An Explainable Hybrid Framework for Unknown Network Attack Detection

The detection of previously unseen network attacks remains a major challenge for intrusion detection systems. Although supervised learning methods often perform well on known attack classes, they are limited when new attack types are not represented in the training data. Unsupervised methods are...

Detecting Trojaned DNNs Via Spectral Regression Analysis

Modern DNNs are repeatedly fine-tuned to incorporate new data and functionality. This evolutionary workflow introduces a security risk when updated data cannot be fully trusted, as adversaries may implant Trojans during fine-tuning. We present MIST, a Trojan detection approach that analyzes how a...

Learning to Look Benign: Targeted Evasion of Malware Detectors Via API Import Injection

Machine learning-based malware detectors are widely deployed in antivirus and endpoint detection systems, yet their reliance on static features makes them vulnerable to adversarial manipulation. This paper investigates whether a malware sample can be intentionally misclassified as a specific beni...

Be Kind, Rewrite: Benign Projections Via Rewriting Defend against LLM Data Poisoning Attacks

Large language models LLMs are highly susceptible to backdoor attacks BAs, wherein training samples are poisoned using trigger-based harmful content. Furthermore, existing defenses have proven ineffective when extensively tested across BA patterns. To better combat BAs, we explore the use of LLM...

Enhancing Anomaly-Based Intrusion Detection Systems with Process Mining

Anomaly-based Intrusion Detection Systems IDSs ensure protection against malicious attacks on networked systems. While deep learning-based IDSs achieve effective performance, their limited trustworthiness due to black-box architectures remains a critical constraint. Despite existing explainable...

BadSkill: Backdoor Attacks on Agent Skills Via Model-In-Skill Poisoning

Agent ecosystems increasingly rely on installable skills to extend functionality, and some skills bundle learned model artifacts as part of their execution logic. This creates a supply-chain risk that is not captured by prompt injection or ordinary plugin misuse: a third-party skill may appear...

Self-Purification Mitigates Backdoors in Multimodal Diffusion Language Models

Multimodal Diffusion Language Models MDLMs have recently emerged as a competitive alternative to their autoregressive counterparts. Yet their vulnerability to backdoor attacks remains largely unexplored. In this work, we show that well-established data-poisoning pipelines can successfully implant...

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

OpenClaw formerly Moltbot and Clawdbot has announced that it's partnering with Google-owned VirusTotal to scan skills that are being uploaded to ClawHub, its skill marketplace, as part of broader efforts to bolster the security of the agentic ecosystem. "All skills published to ClawHub are now...

The Semantic Trap: Do Fine-Tuned LLMs Learn Vulnerability Root Cause or Just Functional Pattern?

LLMs demonstrate promising performance in software vulnerability detection after fine-tuning. However, it remains unclear whether these gains reflect a genuine understanding of vulnerability root causes or merely an exploitation of functional patterns. In this paper, we identify a critical failur...

TrojanPraise: Jailbreak LLMs Via Benign Fine-Tuning

The demand of customized large language models LLMs has led to commercial LLMs offering black-box fine-tuning APIs, yet this convenience introduces a critical security loophole: attackers could jailbreak the LLMs by fine-tuning them with malicious data. Though this security issue has recently bee...

A Novel Contrastive Loss for Zero-Day Network Intrusion Detection

Machine learning has achieved state-of-the-art results in network intrusion detection; however, its performance significantly degrades when confronted by a new attack class -- a zero-day attack. In simple terms, classical machine learning-based approaches are adept at identifying attack classes o...

SourceBroken: A Large-Scale Analysis on the (Un)Reliability of SourceRank in the PyPI Ecosystem

SourceRank is a scoring system made of 18 metrics that assess the popularity and quality of open-source packages. Despite being used in several recent studies, none has thoroughly analyzed its reliability against evasion attacks aimed at inflating the score of malicious packages, thereby...

Better Call Graphs: A New Dataset of Function Call Graphs for Malware Classification

Function call graphs FCGs have emerged as a powerful abstraction for malware detection, capturing the behavioral structure of applications beyond surface-level signatures. Their utility in traditional program analysis has been well established, enabling effective classification and analysis of...

EUVD-2025-203260

The vulnerability arises when a client fetches a tools’ JSON specification, known as a Manual, from a remote Manual Endpoint. While a provider may initially serve a benign manual e.g., one defining an HTTP tool call, earning the clients’ trust, a malicious provider can later change the manual to...

Clustering Malware at Scale: A First Full-Benchmark Study

Recent years have shown that malware attacks still happen with high frequency. Malware experts seek to categorize and classify incoming samples to confirm their trustworthiness or prove their maliciousness. One of the ways in which groups of malware samples can be identified is through malware...

Towards Classifying Benign and Malicious Packages Using Machine Learning

Recently, the number of malicious open-source packages in package repositories has been increasing dramatically. While major security scanners focus on identifying known Common Vulnerabilities and Exposures CVEs in open-source packages, there are very few studies on detecting malicious packages...

BackWeak: Backdooring Knowledge Distillation Simply with Weak Triggers and Fine-Tuning

Knowledge Distillation KD is essential for compressing large models, yet relying on pre-trained "teacher" models downloaded from third-party repositories introduces serious security risks -- most notably backdoor attacks. Existing KD backdoor methods are typically complex and computationally...

How Can We Effectively Use LLMs for Phishing Detection?: Evaluating the Effectiveness of Large Language Model-Based Phishing Detection Models

Large language models LLMs have emerged as a promising phishing detection mechanism, addressing the limitations of traditional deep learning-based detectors, including poor generalization to previously unseen websites and a lack of interpretability. However, LLMs' effectiveness for phishing...