Can You Keep a Secret? Involuntary Information Leakage in Language Model Writing

Language models are deployed in settings that require compartmentalization: system prompts should not be disclosed, chain-of-thought reasoning is hidden from users, and sensitive data passes through shared contexts. We test whether models can keep prompted information out of their writing. We giv...

SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction

Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...

cipher-xbow-benchmark

Cipher XBOW Benchmark Results Black-box assessment results fr...

New RadzaRat Spyware Poses as File Manager to Hijack Android Devices

Certo Software found RadzaRat, an Android RAT disguised as a file manager that has a 0/66 detection rate on VirusTotal. It keylogs passwords and steals files...

Enhancing Watermarking Quality for LLMs Via Contextual Generation States Awareness

Recent advancements in watermarking techniques have enabled the embedding of secret messages into AI-generated text AIGT, serving as an important mechanism for AIGT detection. Existing methods typically interfere with the generation processes of large language models LLMs to embed signals within...

Simultaneously Exposing and Jamming Covert Communications Via Disco Reconfigurable Intelligent Surfaces

Covert communications provide a stronger privacy protection than cryptography and physical-layer security PLS. However, previous works on covert communications have implicitly assumed the validity of channel reciprocity, i.e., wireless channels remain constant or approximately constant during the...

Optimized Couplings for Watermarking Large Language Models

Large-language models LLMs are now able to produce text that is, in many cases, seemingly indistinguishable from human-generated content. This has fueled the development of watermarks that imprint a signal'' in LLM-generated text with minimal perturbation of an LLM's output. This paper provides a...

How to Interpret the 2023 MITRE ATT&CK Evaluation Results

Thorough, independent tests are a vital resource as cybersecurity leaders and their teams evaluate vendors' abilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluations:...

Mystic Stealer Malware Targeting Browsers, Wallets, and Messaging Platforms

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mystic Stealer is an advanced information stealer malware known for its low detection rate, code manipulation techniques and is stealing sensitive data from browsers, wallets & messaging platforms, posin...

FinSpy: unseen findings

FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset. Kaspersky has been tracking deployments of this spyware since 2011. Historically, its Windows implant was distributed through a single-stage installer. This version was detected and researched several times up to...

Huan - Encrypted PE Loader Generator

Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently, it works on 64 bit PE files. How It Works? First, Huan...

Mac threat detections on the rise in 2019

Conventional wisdom has been that, although not invulnerable to cyberthreats as some old Apple ads would have you believe, Macs are afflicted with considerably fewer infections than Windows PCs. However, when reviewing our 2019 Mac detection telemetry, we noticed a startling upward trend. Indeed,...

DGA-Detection - DGA Domain Detection using Bigram Frequency Analysis

More and more malware is being created with advanced blocking circumvention techniques. One of the most prevalent techniques being used is the use of Domain Generation Algorithms which periodically generates a set of Domains to contact a C&C server. The majority of these DGA domains generate rand...

Why I decided to uninstall Microsoft Security Essentials Antivirus?

Today I decided to remove Microsoft Security Essentials Antivirus from my system because Security Essentials failed another certification test by independent testing lab, AV-Test Institute. Microsoft's Security Essentials antivirus for Windows XP, Vista, and Windows 7 is a free add-on to Windows...