CVE-2026-33594

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection...

Evaluating LLM-Generated Obfuscated XSS Payloads for Machine Learning-Based Detection

Cross-site scripting XSS remains a persistent web security vulnerability, especially because obfuscation can change the surface form of a malicious payload while preserving its behavior. These transformations make it difficult for traditional and machine learning-based detection systems to reliab...

[SECURITY] Fedora 44 Update: kf6-prison-6.25.0-1.fc44

Prison is a Qt-based barcode abstraction layer/library that provides an uniform access to generation of barcodes with data...

generatedata 安全漏洞

Generatedata is a random data generation engine developed by Ben Keen as an individual developer. Version 4.0.14 of Generatedata contains a security vulnerability, which stems from improper input during web page generation...

Agentic Knowledge Distillation: Autonomous Training of Small Language Models for SMS Threat Detection

SMS-based phishing smishing attacks have surged, yet training effective on-device detectors requires labelled threat data that quickly becomes outdated. To deal with this issue, we present Agentic Knowledge Distillation, which consists of a powerful LLM acts as an autonomous teacher that fine-tun...

Synthetic Data: AI'S New Weapon against Android Malware

The ever-increasing number of Android devices and the accelerated evolution of malware, reaching over 35 million samples by 2024, highlight the critical importance of effective detection methods. Attackers are now using Artificial Intelligence to create sophisticated malware variations that can...

AutoMalDesc: Large-Scale Script Analysis for Cyber Threat Research

Generating thorough natural language explanations for threat detections remains an open problem in cybersecurity research, despite significant advances in automated malware detection systems. In this work, we present AutoMalDesc, an automated static analysis summarization framework that, followin...

CrossGuard: Safeguarding MLLMs against Joint-Modal Implicit Malicious Attacks

Multimodal Large Language Models MLLMs achieve strong reasoning and perception capabilities but are increasingly vulnerable to jailbreak attacks. While existing work focuses on explicit attacks, where malicious content resides in a single modality, recent studies reveal implicit attacks, in which...

ConCap: Practical Network Traffic Generation for Flow-Based Intrusion Detection Systems

Network Intrusion Detection Systems NIDS have been studied in research for almost four decades. Yet, despite thousands of papers claiming scientific advances, a non-negligible number of recent works suggest that the findings of prior literature may be questionable. At the root of such a...

A Comprehensive Review of Denial of Wallet Attacks in Serverless Architectures

The Denial of Wallet DoW attack poses a unique and growing threat to serverless architectures that rely on Function-as-a-Service FaaS models, exploiting the cost structure of pay-as-you-go billing to financially burden application owners. Unlike traditional Denial of Service DoS attacks, which ai...

Generative AI for Critical Infrastructure in Smart Grids: a Unified Framework for Synthetic Data Generation and Anomaly Detection

In digital substations, security events pose significant challenges to the sustained operation of power systems. To mitigate these challenges, the implementation of robust defense strategies is critically important. A thorough process of anomaly identification and detection in information and...

From Learning to Unlearning: Biomedical Security Protection in Multimodal Large Language Models

The security of biomedical Multimodal Large Language Models MLLMs has attracted increasing attention. However, training samples easily contain private information and incorrect knowledge that are difficult to detect, potentially leading to privacy leakage or erroneous outputs after deployment. An...

LLM4MEA: Data-Free Model Extraction Attacks on Sequential Recommenders Via Large Language Models

Recent studies have demonstrated the vulnerability of sequential recommender systems to Model Extraction Attacks MEAs. MEAs collect responses from recommender systems to replicate their functionality, enabling unauthorized deployments and posing critical privacy and security risks. Black-box...

Malicious code in transaction-data-generation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1a6cb3f68b22b02db63a832b56fed4db00fc629b1b3540dbae8dc8114daa530 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PCEvolve: Private Contrastive Evolution for Synthetic Dataset Generation Via Few-Shot Private Data and Generative APIs

The rise of generative APIs has fueled interest in privacy-preserving synthetic data generation. While the Private Evolution PE algorithm generates Differential Privacy DP synthetic images using diffusion model APIs, it struggles with few-shot private data due to the limitations of its DP-protect...

FragFake: a Dataset for Fine-Grained Detection of Edited Images with Vision Language Models

Fine-grained edited image detection of localized edits in images is crucial for assessing content authenticity, especially given that modern diffusion models and image editing methods can produce highly realistic manipulations. However, this domain faces three challenges: 1 Binary classifiers yie...

Private Federated Learning Using Preference-Optimized Synthetic Data

In practical settings, differentially private Federated learning DP-FL is the dominant method for training models from private, on-device client data. Recent work has suggested that DP-FL may be enhanced or outperformed by methods that use DP synthetic data Wu et al., 2024; Hou et al., 2024. The...

PT-2025-6122 · Sap · Sap Netweaver +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver and ABAP Platform versions prior to the fixed version Description: The issue is caused by a missing authorization check in an RFC enabled function module in the transaction SDCCN. This allows an unauthenticated attacker to...

Synthetic Solutions: Redefining Cybersecurity Through Data Generation in the Face of Hacking

By Owais Sultan Cybersecurity is a constant battleground where hackers continuously devise new strategies to breach defences, jeopardizing sensitive information and… This is a post from HackRead.com Read the original post: Synthetic Solutions: Redefining Cybersecurity Through Data Generation in t...

Race Condition

@web3-react is vulnerable to a Race Condition. In the event that the user switches chains during the connection flow, the chainId may become outdated, making any data generated from it potentially inaccurate. An application that swaps between chains for instance, can cause the user to tokens mone...