A Risk-Stratified Benchmark Dataset for Bad Randomness (SWC-120) Vulnerabilities in Ethereum Smart Contracts

Many Ethereum smart contracts rely on block attributes such as block.timestamp or blockhash to generate random numbers for applications like lotteries and games. However, these values are predictable and miner-manipulable, creating the Bad Randomness vulnerability SWC-120 that has led to real-wor...

CVE-2025-58409 GPU DDK - Disguised freelist buffers passed to RGXCreateHWRTDataSet can cause arbitrary physical memory writes corrupting memory

Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kern...

LLMs in Code Vulnerability Analysis: A Proof of Concept

Context: Traditional software security analysis methods struggle to keep pace with the scale and complexity of modern codebases, requiring intelligent automation to detect, assess, and remediate vulnerabilities more efficiently and accurately. Objective: This paper explores the incorporation of...

Behavioral Analytics for Continuous Insider Threat Detection in Zero-Trust Architectures

Insider threats are a particularly tricky cybersecurity issue, especially in zero-trust architectures ZTA where implicit trust is removed. Although the rule of thumb is never trust, always verify, attackers can still use legitimate credentials and impersonate the standard user activity. In...

ALFA: A Safe-By-Design Approach to Mitigate Quishing Attacks Launched Via Fancy QR Codes

Phishing with Quick Response QR codes is termed as Quishing. The attackers exploit this method to manipulate individuals into revealing their confidential data. Recently, we see the colorful and fancy representations of QR codes, the 2D matrix of QR codes which does not reflect a typical mixture ...

S-DAPT-2026: A Stage-Aware Synthetic Dataset for Advanced Persistent Threat Detection

The detection of advanced persistent threats APTs remains a crucial challenge due to their stealthy, multistage nature and the limited availability of realistic, labeled datasets for systematic evaluation. Synthetic dataset generation has emerged as a practical approach for modeling APT campaigns...

CVE-2023-50248

CKAN is an open-source data management system for powering data hubs and data portals. Starting in version 2.0.0 and prior to versions 2.9.10 and 2.10.3, when submitting a POST request to the /dataset/new endpoint including either the auth cookie or the Authorization header with a specially-craft...

CVE-2024-41804

Xibo is a content management system CMS. An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially...

Multi-Regional Cloud Honeypot Dataset (MURHCAD)

This data article introduces a comprehensive, high-resolution honeynet dataset designed to support standalone analyses of global cyberattack behaviors. Collected over a continuous 72-hour window June 9 to 11, 2025 on Microsoft Azure, the dataset comprises 132,425 individual attack events captured...

Large Language Models for Detecting Cyberattacks on Smart Grid Protective Relays

This paper presents a large language model LLM-based framework for detecting cyberattacks on transformer current differential relays TCDRs, which, if undetected, may trigger false tripping of critical transformers. The proposed approach adapts and fine-tunes compact LLMs such as DistilBERT to...

RedBench: A Universal Dataset for Comprehensive Red Teaming of Large Language Models

As large language models LLMs become integral to safety-critical applications, ensuring their robustness against adversarial prompts is paramount. However, existing red teaming datasets suffer from inconsistent risk categorizations, limited domain coverage, and outdated evaluations, hindering...

AutoVulnPHP: LLM-Powered Two-Stage PHP Vulnerability Detection and Automated Localization

PHP's dominance in web development is undermined by security challenges: static analysis lacks semantic depth, causing high false positives; dynamic analysis is computationally expensive; and automated vulnerability localization suffers from coarse granularity and imprecise context. Additionally,...

Focus on What Matters: Fisher-Guided Adaptive Multimodal Fusion for Vulnerability Detection

Software vulnerability detection is a critical task for securing software systems and can be formulated as a binary classification problem: given a code snippet, determine whether it contains a vulnerability. Existing multimodal approaches typically fuse Natural Code Sequence NCS representations...

Quantum AI for Cybersecurity: A Hybrid Quantum-Classical Models for Attack Path Analysis

Modern cyberattacks are increasingly complex, posing significant challenges to classical machine learning methods, particularly when labeled data is limited and feature interactions are highly non-linear. In this study we investigates the potential of hybrid quantum-classical learning to enhance...

SQLi_AI_defence

SQLiAIdefence A small model ba...

AI-Powered Hybrid Intrusion Detection Framework for Cloud Security Using Novel Metaheuristic Optimization

Cybersecurity poses considerable problems to Cloud Computing CC, especially regarding Intrusion Detection Systems IDSs, facing difficulties with skewed datasets and suboptimal classification model performance. This study presents the Hybrid Intrusion Detection System HyIDS, an innovative IDS that...

Comparative Evaluation of VAE, GAN, and SMOTE for Tor Detection in Encrypted Network Traffic

Encrypted network traffic poses significant challenges for intrusion detection due to the lack of payload visibility, limited labeled datasets, and high class imbalance between benign and malicious activities. Traditional data augmentation methods struggle to preserve the complex temporal and...

Towards Understanding and Characterizing Vulnerabilities in Intelligent Connected Vehicles through Real-World Exploits

Intelligent Connected Vehicles ICVs are a core component of modern transportation systems, and their security is crucial as it directly relates to user safety. Despite prior research, most existing studies focus only on specific sub-components of ICVs due to their inherent complexity. As a result...

Cracking IoT Security: Can LLMs Outsmart Static Analysis Tools?

Smart home IoT platforms such as openHAB rely on Trigger Action Condition TAC rules to automate device behavior, but the interplay among these rules can give rise to interaction threats, unintended or unsafe behaviors emerging from implicit dependencies, conflicting triggers, or overlapping...

An Empirical Evaluation of LLM-Based Approaches for Code Vulnerability Detection: RAG, SFT, and Dual-Agent Systems

The rapid advancement of Large Language Models LLMs presents new opportunities for automated software vulnerability detection, a crucial task in securing modern codebases. This paper presents a comparative study on the effectiveness of LLM-based techniques for detecting software vulnerabilities...