42 matches found
Evaluating Large Language Models for Phishing Detection, Self-Consistency, Faithfulness, and Explainability
Phishing attacks remain one of the most prevalent and persistent cybersecurity threat with attackers continuously evolving and intensifying tactics to evade the general detection system. Despite significant advances in artificial intelligence and machine learning, faithfully reproducing the...
Enclosing Prototypical Variational Autoencoder for Explainable Out-of-Distribution Detection
Understanding the decision-making and trusting the reliability of Deep Machine Learning Models is crucial for adopting such methods to safety-relevant applications. We extend self-explainable Prototypical Variational models with autoencoder-based out-of-distribution OOD detection: A Variational...
CVE-2025-6193
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
CVE-2025-6193
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
CVE-2025-6193 Trustyai-explainability: command injection via lmevaljob cr
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
CVE-2025-6193 Trustyai-explainability: command injection via lmevaljob cr
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
CVE-2025-6193
TrustyAI Explainability toolkit vulnerability CVE-2025-6193 arises from command injection in LMEvalJob CR handling. An attacker with permissions to deploy a LMEValJob CR can craft fields that escape the constructed lm_eval command, leading to arbitrary commands executed in the LMEvalJob pod termi...
CVE-2025-6193
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
CVE-2025-6193
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource CR may be executed in the LMEvalJob pod's terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with...
PT-2025-26441 · Unknown · Trustyai Explainability Toolkit
Name of the Vulnerable Software and Affected Versions: TrustyAI Explainability toolkit affected versions not specified Description: A command injection issue was discovered in the TrustyAI Explainability toolkit. This issue allows arbitrary commands placed in certain fields of a LMEValJob custom...
TrustyAI Explainability 操作系统命令注入漏洞
TrustyAI Explainability is an open source TrustyAI toolkit from TrustyAI. TrustyAI Explainability suffers from an operating system command injection vulnerability that stems from command injection and could result in an authenticated user executing arbitrary commands...
Striking Back at Cobalt: Using Network Traffic Metadata to Detect Cobalt Strike Masquerading Command and Control Channels
Off-the-shelf software for Command and Control is often used by attackers and legitimate pentesters looking for discretion. Among other functionalities, these tools facilitate the customization of their network traffic so it can mimic popular websites, thereby increasing their secrecy. Cobalt...
Chances and Challenges of the Model Context Protocol in Digital Forensics and Incident Response
Large language models hold considerable promise for supporting forensic investigations, but their widespread adoption is hindered by a lack of transparency, explainability, and reproducibility. This paper explores how the emerging Model Context Protocol can address these challenges and support th...
LLM-Driven APT Detection for 6G Wireless Networks: a Systematic Review and Taxonomy
Sixth Generation 6G wireless networks, which are expected to be deployed in the 2030s, have already created great excitement in academia and the private sector with their extremely high communication speed and low latency rates. However, despite the ultra-low latency, high throughput, and...
Interpretable Anomaly Detection in Encrypted Traffic Using SHAP with Machine Learning Models
The widespread adoption of encrypted communication protocols such as HTTPS and TLS has enhanced data privacy but also rendered traditional anomaly detection techniques less effective, as they often rely on inspecting unencrypted payloads. This study aims to develop an interpretable machine...
Unveiling the Black Box: a Multi-Layer Framework for Explaining Reinforcement Learning-Based Cyber Agents
Reinforcement Learning RL agents are increasingly used to simulate sophisticated cyberattacks, but their decision-making processes remain opaque, hindering trust, debugging, and defensive preparedness. In high-stakes cybersecurity contexts, explainability is essential for understanding how...
Explainable Machine Learning for Cyberattack Identification from Traffic Flows
The increasing automation of traffic management systems has made them prime targets for cyberattacks, disrupting urban mobility and public safety. Traditional network-layer defenses are often inaccessible to transportation agencies, necessitating a machine learning-based approach that relies sole...
GiBy: a Giant-Step Baby-Step Classifier for Anomaly Detection in Industrial Control Systems
The continuous monitoring of the interactions between cyber-physical components of any industrial control system ICS is required to secure automation of the system controls, and to guarantee plant processes are fail-safe and remain in an acceptably safe state. Safety is achieved by managing...
A Gradient-Optimized TSK Fuzzy Framework for Explainable Phishing Detection
Phishing attacks represent an increasingly sophisticated and pervasive threat to individuals and organizations, causing significant financial losses, identity theft, and severe damage to institutional reputations. Existing phishing detection methods often struggle to simultaneously achieve high...
On the Consistency of GNN Explanations for Malware Detection
Control Flow Graphs CFGs are critical for analyzing program execution and characterizing malware behavior. With the growing adoption of Graph Neural Networks GNNs, CFG-based representations have proven highly effective for malware detection. This study proposes a novel framework that dynamically...