AI Agentic Vulnerability Injection and Transformation with Optimized Reasoning

The increasing complexity of software systems and the sophistication of cyber-attacks have underscored the critical need for effective automated vulnerability detection and repair systems. Traditional methods, such as static program analysis, face significant challenges related to scalability,...

FALCON: Autonomous Cyber Threat Intelligence Mining with LLMs for IDS Rule Generation

Signature-based Intrusion Detection Systems IDS detect malicious activities by matching network or host activity against predefined rules. These rules are derived from extensive Cyber Threat Intelligence CTI, which includes attack signatures and behavioral patterns obtained through automated tool...

When Machine Learning Meets Vulnerability Discovery: Challenges and Lessons Learned

In recent years, machine learning has demonstrated impressive results in various fields, including software vulnerability detection. Nonetheless, using machine learning to identify software vulnerabilities presents new challenges, especially regarding the scale of data involved, which was not a...

Malicious code in lyft-dataset-sdk (npm)

The package lyft-dataset-sdk was found to contain malicious code...

MAL-2025-25712 Malicious code in lyft-dataset-sdk (npm)

The package lyft-dataset-sdk was found to contain malicious code...

Malicious code in gces-dataset (npm)

The package gces-dataset was found to contain malicious code...

MAL-2025-21231 Malicious code in gces-dataset (npm)

The package gces-dataset was found to contain malicious code...

BERTector: Intrusion Detection Based on Joint-Dataset Learning

Intrusion detection systems IDS are facing challenges in generalization and robustness due to the heterogeneity of network traffic and the diversity of attack patterns. To address this issue, we propose a new joint-dataset training paradigm for IDS and propose a scalable BERTector framework based...

Enhance the Machine Learning Algorithm Performance in Phishing Detection with Keyword Features

Recently, we can observe a significant increase of the phishing attacks in the Internet. In a typical phishing attack, the attacker sets up a malicious website that looks similar to the legitimate website in order to obtain the end-users' information. This may cause the leakage of the sensitive...

Beyond Uniform Criteria: Scenario-Adaptive Multi-Dimensional Jailbreak Evaluation

Precise jailbreak evaluation is vital for LLM red teaming and jailbreak research. Current approaches employ binary classification e.g., string matching, toxic text classifiers, LLM-driven methods, yielding only "yes/no" labels without quantifying harm intensity. Existing multi-dimensional...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2025-53770 – Microsoft SharePoint Server 2019 Unauthentica...

Semi-Supervised Supply Chain Fraud Detection with Unsupervised Pre-Filtering

Detecting fraud in modern supply chains is a growing challenge, driven by the complexity of global networks and the scarcity of labeled data. Traditional detection methods often struggle with class imbalance and limited supervision, reducing their effectiveness in real-world applications. This...

Multilingual Source Tracing of Speech Deepfakes: a First Benchmark

Recent progress in generative AI has made it increasingly easy to create natural-sounding deepfake speech from just a few seconds of audio. While these tools support helpful applications, they also raise serious concerns by making it possible to generate convincing fake speech in many languages...

The Dark Side of Upgrades: Uncovering Security Risks in Smart Contract Upgrades

Smart contract upgrades are increasingly common due to their flexibility in modifying deployed contracts, such as fixing bugs or adding new functionalities. Meanwhile, upgrades compromise the immutability of contracts, introducing significant security concerns. While existing research has explore...

LMDG: Advancing Lateral Movement Detection through High-Fidelity Dataset Generation

Lateral Movement LM attacks continue to pose a significant threat to enterprise security, enabling adversaries to stealthily compromise critical assets. However, the development and evaluation of LM detection systems are impeded by the absence of realistic, well-labeled datasets. To address this...

Proactive Disentangled Modeling of Trigger-Object Pairings for Backdoor Defense

Deep neural networks DNNs and generative AI GenAI are increasingly vulnerable to backdoor attacks, where adversaries embed triggers into inputs to cause models to misclassify or misinterpret target labels. Beyond traditional single-trigger scenarios, attackers may inject multiple triggers across...

Leveraging Machine Learning for Botnet Attack Detection in Edge-Computing Assisted IoT Networks

The increase of IoT devices, driven by advancements in hardware technologies, has led to widespread deployment in large-scale networks that process massive amounts of data daily. However, the reliance on Edge Computing to manage these devices has introduced significant security vulnerabilities, a...

Resource-Efficient Automatic Software Vulnerability Assessment Via Knowledge Distillation and Particle Swarm Optimization

The increasing complexity of software systems has led to a surge in cybersecurity vulnerabilities, necessitating efficient and scalable solutions for vulnerability assessment. However, the deployment of large pre-trained models in real-world scenarios is hindered by their substantial computationa...

Exploit for Deserialization of Untrusted Data in Microsoft

OurSharePoint - CVE-2025-53770 PoC This is a simple C tool...

Understanding Concept Drift with Deprecated Permissions in Android Malware Detection

Permission analysis is a widely used method for Android malware detection. It involves examining the permissions requested by an application to access sensitive data or perform potentially malicious actions. In recent years, various machine learning ML algorithms have been applied to Android...