Separating Secrets from Placeholders: A Hybrid CNN-CodeBERT Framework for Three-Class Credential Leakage Detection

Credential leakage in public source code repositories poses a critical security threat, with over 23.8 million secrets exposed in 2024 alone. Existing detection tools suffer from high false-positive rates because rigid pattern matching and binary classification schemes fail to distinguish genuine...

Weaponizing the Commons: A Taxonomy and Detection Framework of Abuse on GitHub

GitHub plays a critical role in modern software supply chains, making its security an important research concern. Existing studies have primarily focused on CI/CD automation, collaboration patterns, and community management, while abuse behaviors on GitHub have received little systematic...

A Synthetic Conversational Smishing Dataset for Social Engineering Detection

Smishing SMS phishing has become a serious cybersecurity threat, especially for elderly and cyber-unaware individuals, causing financial loss and undermining user trust. Although prior work has focused on detecting smishing at the level of individual messages, real-world attackers often rely on...

Learning the APT Kill Chain: Temporal Reasoning over Provenance Data for Attack Stage Estimation

Advanced Persistent Threats APTs evolve through multiple stages, each exhibiting distinct temporal and structural behaviors. Accurate stage estimation is critical for enabling adaptive cyber defense. This paper presents StageFinder, a temporal graph learning framework for multi-stage attack...

SafePickle: Robust and Generic ML Detection of Malicious Pickle-Based ML Models

Model repositories such as Hugging Face increasingly distribute machine learning artifacts serialized with Python's pickle format, exposing users to remote code execution RCE risks during model loading. Recent defenses, such as PickleBall, rely on per-library policy synthesis that requires comple...

An Empirical Study of the Imbalance Issue in Software Vulnerability Detection

Vulnerability detection is crucial to protect software security. Nowadays, deep learning DL is the most promising technique to automate this detection task, leveraging its superior ability to extract patterns and representations within extensive code volumes. Despite its promise, DL-based...

Hydra: Robust Hardware-Assisted Malware Detection

Malware detection using Hardware Performance Counters HPCs offers a promising, low-overhead approach for monitoring program behavior. However, a fundamental architectural constraint, that only a limited number of hardware events can be monitored concurrently, creates a significant bottleneck,...

CVE-2025-65731

An issue was discovered in D-Link Router DIR-605L Hardware version F1; Firmware version: V6.02CN02 allowing an attacker with physical access to the UART pins to execute arbitrary commands due to presence of root terminal access on a serial interface without proper access control...

Hikvision DVR DS-7204HGHI-F1 安全漏洞

Hikvision DVR DS-7204HGHI-F1 is a hard disk recorder from Hikvision, a Chinese company. A security vulnerability exists in the Hikvision DVR DS-7204HGHI-F1 that stems from improper serial port authentication, which could result in elevated privileges...

Hikvision DVR DS-7204HGHI-F1 安全漏洞

The Hikvision DVR DS-7204HGHI-F1 is a hard disk recorder from Hikvision China. A security vulnerability exists in the Hikvision DVR DS-7204HGHI-F1 that originates from improper serial port authentication and could result in the execution of a series of commands...

Retrieval-Augmented Few-Shot Prompting Versus Fine-Tuning for Code Vulnerability Detection

Few-shot prompting has emerged as a practical alternative to fine-tuning for leveraging the capabilities of large language models LLMs in specialized tasks. However, its effectiveness depends heavily on the selection and quality of in-context examples, particularly in complex domains. In this wor...

CLASP: Cost-Optimized LLM-Based Agentic System for Phishing Detection

Phishing websites remain a significant cybersecurity threat, necessitating accurate and cost-effective detection mechanisms. In this paper, we present CLASP, a novel system that effectively identifies phishing websites by leveraging multiple intelligent agents, built using large language models...

EUVD-2015-9388

Malware in sbrugna...

EUVD-2010-0421

Malware in sbrugna...

EUVD-2008-0383

Malware in sbrugna...

Malicious code in @zalastax/nolb-f1 (npm)

The package @zalastax/nolb-f1 was found to contain malicious code...

MAL-2025-11416 Malicious code in @zalastax/nolb-f1 (npm)

The package @zalastax/nolb-f1 was found to contain malicious code...

MAL-2025-10003 Malicious code in @zalastax/nolb-_f1 (npm)

The package @zalastax/nolb-f1 was found to contain malicious code...

Malicious code in @zalastax/nolb-_f1 (npm)

The package @zalastax/nolb-f1 was found to contain malicious code...

CVE-2021-43269

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...