Security Risks in Tool-Enabled AI Agents: A Systematic Analysis of Privileged Execution Environments

Tool-enabled AI agents are increasingly deployed in cloud-hosted environments and offered as services, where they perform side-effecting operations through privileged tools within execution environments. While such agents enable powerful automation, the security implications of hosting autonomous...

AmbShield: Enhancing Physical Layer Security with Ambient Backscatter Devices against Eavesdroppers

Passive eavesdropping compromises confidentiality in wireless networks, especially in resource-constrained environments where heavyweight cryptography is impractical. Physical layer security PLS exploits channel randomness and spatial selectivity to confine information to an intended receiver wit...

SoK: Reviewing Two Decades of Security, Privacy, Accessibility, and Usability Studies on Internet of Things for Older Adults

The Internet of Things IoT has the potential to enhance older adults' independence and quality of life, but it also exposes them to security, privacy, accessibility, and usability SPAU risks. We conducted a systematic review of 44 peer-reviewed studies published between 2004 and 2024 using a...

Rockwell ArmorStart Improper Input Validation (CVE-2023-29030)

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation...