434 matches found
EUVD-2022-0124
Malicious code in bioql PyPI...
EUVD-2022-6575
Malicious code in bioql PyPI...
EUVD-2024-0310
Malicious code in bioql PyPI...
EUVD-2023-1753
Malicious code in bioql PyPI...
Bridging Technical Capability and User Accessibility: Off-Grid Civilian Emergency Communication
During large-scale crises disrupting cellular and Internet infrastructure, civilians lack reliable methods for communication, aid coordination, and access to trustworthy information. This paper presents a unified emergency communication system integrating a low-power, long-range network with a...
Overcoming DNSSEC Islands of Security: a TLS and IP-Based Certificate Solution
The Domain Name System DNS serves as the backbone of the Internet, primarily translating domain names to IP addresses. Over time, various enhancements have been introduced to strengthen the integrity of DNS. Among these, DNSSEC stands out as a leading cryptographic solution. It protects against...
Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePE
The North Korea-linked threat actor known as the Lazarus Group has been attributed to a social engineering campaign that distributes three different pieces of cross-platform malware called PondRAT, ThemeForestRAT, and RemotePE. The attack, observed by NCC Group's Fox-IT in 2024, targeted an...
The Aegis Protocol: a Foundational Security Framework for Autonomous AI Agents
The proliferation of autonomous AI agents marks a paradigm shift toward complex, emergent multi-agent systems. This transition introduces systemic security risks, including control-flow hijacking and cascading failures, that traditional cybersecurity paradigms are ill-equipped to address. This...
Fortifying the Agentic Web: a Unified Zero-Trust Architecture against Logic-Layer Threats
This paper presents a Unified Security Architecture that fortifies the Agentic Web through a Zero-Trust IAM framework. This architecture is built on a foundation of rich, verifiable agent identities using Decentralized Identifiers DIDs and Verifiable Credentials VCs, with discovery managed by a...
Enhancing Privacy in Decentralized Min-Max Optimization: a Differentially Private Approach
Decentralized min-max optimization allows multi-agent systems to collaboratively solve global min-max optimization problems by facilitating the exchange of model updates among neighboring agents, eliminating the need for a central server. However, sharing model updates in such systems carry a ris...
A Provably Secure Network Protocol for Private Communication with Analysis and Tracing Resistance
Anonymous communication networks have emerged as crucial tools for obfuscating communication pathways and concealing user identities. However, their practical deployments face significant challenges, including susceptibility to artificial intelligence AI-powered metadata analysis, difficulties in...
Trusted Data Fusion, Multi-Agent Autonomy, Autonomous Vehicles
Multi-agent collaboration enhances situational awareness in intelligence, surveillance, and reconnaissance ISR missions. Ad hoc networks of unmanned aerial vehicles UAVs allow for real-time data sharing, but they face security challenges due to their decentralized nature, making them vulnerable t...
Rethinking HSM and TPM Security in the Cloud: Real-World Attacks and Next-Gen Defenses
As organizations rapidly migrate to the cloud, the security of cryptographic key management has become a growing concern. Hardware Security Modules HSMs and Trusted Platform Modules TPMs, traditionally seen as the gold standard for securing encryption keys and digital trust, are increasingly...
MFAz: Historical Access Based Multi-Factor Authorization
Unauthorized access remains one of the critical security challenges in the realm of cybersecurity. With the increasing sophistication of attack techniques, the threat of unauthorized access is no longer confined to the conventional ones, such as exploiting weak access control policies. Instead,...
Scaling Decentralized Learning with FLock
Fine-tuning the large language models LLMs are prevented by the deficiency of centralized control and the massive computing and communication overhead on the decentralized schemes. While the typical standard federated learning FL supports data privacy, the central server requirement creates a...
A Privacy-Centric Approach: Scalable and Secure Federated Learning Enabled by Hybrid Homomorphic Encryption
Federated Learning FL enables collaborative model training without sharing raw data, making it a promising approach for privacy-sensitive domains. Despite its potential, FL faces significant challenges, particularly in terms of communication overhead and data privacy. Privacy-preserving Technique...
Kintsugi: Decentralized E2EE Key Recovery
Kintsugi is a protocol for key recovery, allowing a user to regain access to end-to-end encrypted data after they have lost their device, but still have their potentially low-entropy password. Existing E2EE key recovery methods, such as those deployed by Signal and WhatsApp, centralize trust by...
A Crowdsensing Intrusion Detection Dataset for Decentralized Federated Learning Models
This paper introduces a dataset and experimental study for decentralized federated learning DFL applied to IoT crowdsensing malware detection. The dataset comprises behavioral records from benign and eight malware families. A total of 21,582,484 original records were collected from system calls,...
From Semantic Web and MAS to Agentic AI: a Unified Narrative of the Web of Agents
The concept of the Web of Agents WoA, which transforms the static, document-centric Web into an environment of autonomous agents acting on users' behalf, has attracted growing interest as large language models LLMs become more capable. However, research in this area is still fragmented across...
PromptChain: a Decentralized Web3 Architecture for Managing AI Prompts As Digital Assets
We present PromptChain, a decentralized Web3 architecture that establishes AI prompts as first-class digital assets with verifiable ownership, version control, and monetization capabilities. Current centralized platforms lack mechanisms for proper attribution, quality assurance, or fair...