UBUNTU-CVE-2026-32792

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support '--enable-dnscrypt'. A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit...

Comment and Control: Hijacking Agentic Workflows Via Context-Grounded Evolution

Automation platforms such as GitHub Actions and n8n are increasingly adopting so-called agentic workflows, which integrate Large Language Model LLM agents for tasks such as code review and data synchronization. While bringing convenience for developers, this integration exposes a new risk: An...

Finding Memory Leaks in C/C++ Programs Via Neuro-Symbolic Augmented Static Analysis

Memory leaks remain prevalent in real-world C/C++ software. Static analyzers such as CodeQL provide scalable program analysis but frequently miss such bugs because they cannot recognize project-specific custom memory-management functions and lack path-sensitive control-flow modeling. We present...

Small Language Models for Phishing Website Detection: Cost, Performance, and Privacy Trade-Offs

Phishing websites pose a major cybersecurity threat, exploiting unsuspecting users and causing significant financial and organisational harm. Traditional machine learning approaches for phishing detection often require extensive feature engineering, continuous retraining, and costly infrastructur...

AFLGopher: Accelerating Directed Fuzzing Via Feasibility-Aware Guidance

Directed fuzzing is a useful testing technique that aims to efficiently reach target code sites in a program. The core of directed fuzzing is the guiding mechanism that directs the fuzzing to the specified target. A general guiding mechanism adopted in existing directed fuzzers is to calculate th...

EUVD-2005-3480

Malware in sbrugna...

EUVD-2017-12849

Malware in sbrugna...

EUVD-2021-34028

Malicious code in bioql PyPI...

Behind the Mask: Benchmarking Camouflaged Jailbreaks in Large Language Models

Large Language Models LLMs are increasingly vulnerable to a sophisticated form of adversarial prompting known as camouflaged jailbreaking. This method embeds malicious intent within seemingly benign language to evade existing safety mechanisms. Unlike overt attacks, these subtle prompts exploit...

Dynamic Temporal Positional Encodings for Early Intrusion Detection in IoT

The rapid expansion of the Internet of Things IoT has introduced significant security challenges, necessitating efficient and adaptive Intrusion Detection Systems IDS. Traditional IDS models often overlook the temporal characteristics of network traffic, limiting their effectiveness in early thre...

Differentiation-Based Extraction of Proprietary Data from Fine-Tuned LLMs

The increasing demand for domain-specific and human-aligned Large Language Models LLMs has led to the widespread adoption of Supervised Fine-Tuning SFT techniques. SFT datasets often comprise valuable instruction-response pairs, making them highly valuable targets for potential extraction. This...

Assessing the Resilience of Automotive Intrusion Detection Systems to Adversarial Manipulation

The security of modern vehicles has become increasingly important, with the controller area network CAN bus serving as a critical communication backbone for various Electronic Control Units ECUs. The absence of robust security measures in CAN, coupled with the increasing connectivity of vehicles,...

The Race to Build Trump’s ‘Golden Dome’ Missile Defense System Is On

President Donald Trump has proposed building a massive antimissile system in space that could enrich Elon Musk if it materializes. But experts say the project’s feasibility remains unclear...

Sandcastles in the Storm: Revisiting the (Im)Possibility of Strong Watermarking

Watermarking AI-generated text is critical for combating misuse. Yet recent theoretical work argues that any watermark can be erased via random walk attacks that perturb text while preserving quality. However, such attacks rely on two key assumptions: 1 rapid mixing watermarks dissolve quickly...

Acoustic Side-Channel Attacks on a Computer Mouse

Acoustic Side-Channel Attacks ASCAs extract sensitive information by using audio emitted from a computing devices and their peripherals. Attacks targeting keyboards are popular and have been explored in the literature. However, similar attacks targeting other human interface peripherals, such as...

Revisiting Data Auditing in Large Vision-Language Models

With the surge of large language models LLMs, Large Vision-Language Models VLMs--which integrate vision encoders with LLMs for accurate visual grounding--have shown great potential in tasks like generalist agents and robotic control. However, VLMs are typically trained on massive web-scraped...

Licensing AI Engineers

The debate over professionalizing software engineers is decades old. The basic idea is that, like lawyers and architects, there should be some professional licensing requirement for software engineers. Heres a law journal article recommending the same idea for AI engineers. This Article proposes...

CVE-2024-24255

A Race Condition discovered in geofence.cpp and missionfeasibilitychecker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions...

Race condition

A Race Condition discovered in geofence.cpp and missionfeasibilitychecker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions...

CVE-2024-24255

A Race Condition discovered in geofence.cpp and missionfeasibilitychecker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions...