Robust and Efficient AI-Based Attack Recovery in Autonomous Drones

We introduce an autonomous attack recovery architecture to add common sense reasoning to plan a recovery action after an attack is detected. We outline use-cases of our architecture using drones, and then discuss how to implement this architecture efficiently and securely in edge devices...

CVE-2025-4727

A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedataserver.js. The manipulation of the argument forwardedFor leads to inefficient regular expression complexity. The attack may be...

Self-Destructive Language Model

Harmful fine-tuning attacks pose a major threat to the security of large language models LLMs, allowing adversaries to compromise safety guardrails with minimal harmful data. While existing defenses attempt to reinforce LLM alignment, they fail to address models' inherent "trainability" on harmfu...

AES-RV: Hardware-Efficient RISC-V Accelerator with Low-Latency AES Instruction Extension for IoT Security

The Advanced Encryption Standard AES is a widely adopted cryptographic algorithm essential for securing embedded systems and IoT platforms. However, existing AES hardware accelerators often face limitations in performance, energy efficiency, and flexibility. This paper presents AES-RV, a...

"Explain, Don'T Just Warn!" -- a Real-Time Framework for Generating Phishing Warnings with Contextual Cues

Anti-phishing tools typically display generic warnings that offer users limited explanation on why a website is considered malicious, which can prevent end-users from developing the mental models needed to recognize phishing cues on their own. This becomes especially problematic when these tools...

GDNTT: an Area-Efficient Parallel NTT Accelerator Using Glitch-Driven Near-Memory Computing and Reconfigurable 10T SRAM

With the rapid advancement of quantum computing technology, post-quantum cryptography PQC has emerged as a pivotal direction for next-generation encryption standards. Among these, lattice-based cryptographic schemes rely heavily on the fast Number Theoretic Transform NTT over polynomial rings,...

An Efficient Hybrid Key Exchange Mechanism

Whitepaper called An Efficient Hybrid Key Exchange Mechanism...

[SECURITY] Fedora 42 Update: nodejs-pnpm-10.9.0-1.fc42

A fast, disk space efficient package manager for NodeJS...

[SECURITY] Fedora 40 Update: nodejs-pnpm-10.9.0-1.fc40

A fast, disk space efficient package manager for NodeJS...

CVE-2025-46560

CVE-2025-46560 affects vLLM 0.8.0–0.8.4, where the multimodal tokenizer’s input preprocessing uses placeholder tokens replaced by repeated tokens. The replacement logic relies on inefficient list concatenation, yielding quadratic time complexity (O(n²)) and enabling resource exhaustion via crafte...

Starfish: Rebalancing Multi-Party Off-Chain Payment Channels

Blockchain technology has revolutionized the way transactions are executed, but scalability remains a major challenge. Payment Channel Network PCN, as a Layer-2 scaling solution, has been proposed to address this issue. However, skewed payments can deplete the balance of one party within a channe...

Property-Preserving Hashing for $\Ell_1$-Distance Predicates: Applications to Countering Adversarial Input Attacks

Perceptual hashing is used to detect whether an input image is similar to a reference image with a variety of security applications. Recently, they have been shown to succumb to adversarial input attacks which make small imperceptible changes to the input image yet the hashing algorithm does not...

[SECURITY] Fedora 42 Update: uv-0.6.14-3.fc42

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

IoT-AMLHP: Aligned Multimodal Learning of Header-Payload Representations for Resource-Efficient Malicious IoT Traffic Classification

Traffic classification is crucial for securing Internet of Things IoT networks. Deep learning-based methods can autonomously extract latent patterns from massive network traffic, demonstrating significant potential for IoT traffic classification tasks. However, the limited computational and spati...

VDA 2402 - How to redirect all URLs using Host to Client Redirection

Use Host to Client Redirection policy to redirect all URLs from the VDA to the Client. This is useful when redirection fails when the URL is not added to ValidSites Registry, but Customer wants to redirect a long list of URLs but doesn't mind redirecting all URLs...

Concept Enhancement Engineering: a Lightweight and Efficient Robust Defense against Jailbreak Attacks in Embodied AI

Embodied Intelligence EI systems integrated with large language models LLMs face significant security risks, particularly from jailbreak attacks that manipulate models into generating harmful outputs or executing unsafe physical actions. Traditional defense strategies, such as input filtering and...

Friday Squid Blogging: Squid and Efficient Solar Tech

Researchers are trying to use squid color-changing biochemistry for solar tech. This appears to be new and related research to a 2019 squid post. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered...

Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface UEFI Secure Boot as well ...

CVE-2025-31435

Cross-Site Request Forgery CSRF vulnerability in Efficient Scripts Microblog Poster microblog-poster allows Stored XSS.This issue affects Microblog Poster: from n/a through = 2.1.6...

CVE-2025-31435

Cross-Site Request Forgery CSRF vulnerability in Efficient Scripts Microblog Poster microblog-poster allows Stored XSS.This issue affects Microblog Poster: from n/a through = 2.1.6...