Striking Back at Cobalt: Using Network Traffic Metadata to Detect Cobalt Strike Masquerading Command and Control Channels

Off-the-shelf software for Command and Control is often used by attackers and legitimate pentesters looking for discretion. Among other functionalities, these tools facilitate the customization of their network traffic so it can mimic popular websites, thereby increasing their secrecy. Cobalt...

Explainable AI for Enhancing IDS against Advanced Persistent Kill Chain

Advanced Persistent Threats APTs represent a sophisticated and persistent cy-bersecurity challenge, characterized by stealthy, multi-phase, and targeted attacks aimed at compromising information systems over an extended period. Develop-ing an effective Intrusion Detection System IDS capable of...

Towards Generalized Source Tracing for Codec-Based Deepfake Speech

Recent attempts at source tracing for codec-based deepfake speech CodecFake, generated by neural audio codec-based speech generation CoSG models, have exhibited suboptimal performance. However, how to train source tracing models using simulated CoSG data while maintaining strong performance on re...

Are Trees Really Green? A Detection Approach of IoT Malware Attacks

Nowadays, the Internet of Things IoT is widely employed, and its usage is growing exponentially because it facilitates remote monitoring, predictive maintenance, and data-driven decision making, especially in the healthcare and industrial sectors. However, IoT devices remain vulnerable due to the...

Profiling Electric Vehicles Via Early Charging Voltage Patterns

Electric Vehicles EVs are rapidly gaining adoption as a sustainable alternative to fuel-powered vehicles, making secure charging infrastructure essential. Despite traditional authentication protocols, recent results showed that attackers may steal energy through tailored relay attacks. One...

[SECURITY] Fedora 41 Update: emacs-30.1-5.fc41

GNU Emacs is a powerful, customizable, self-documenting, modeless text editor. It contains special code editing features, a scripting language elisp, and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for Wayland, using t...

Identifying and Understanding Cross-Class Features in Adversarial Training

Adversarial training AT has been considered one of the most effective methods for making deep neural networks robust against adversarial attacks, while the training mechanisms and dynamics of AT remain open research problems. In this paper, we present a novel perspective on studying AT through th...

This Week in Spring - June 3rd, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I just finished recording my session with IntelliJ IDEA project lead Aleksey Stukalov about all the amazing features coming to IntelliJ IDEA to better support Java, Kotlin, and Spring developers. It went off without a hitch...

Ubuntu 24.04 LTS / 25.04 : MariaDB vulnerabilities (USN-7548-1)

The remote Ubuntu 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7548-1 advisory. Several security issues were discovered in MariaDB and this update includes a new upstream MariaDB version to fix these issues. In addition to...

USN-7548-1: MariaDB vulnerabilities

Several security issues were discovered in MariaDB and this update includes a new upstream MariaDB version to fix these issues. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes...

USN-7548-1 mariadb vulnerabilities

Several security issues were discovered in MariaDB and this update includes a new upstream MariaDB version to fix these issues. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes...

Unlearning Inversion Attacks for Graph Neural Networks

Graph unlearning methods aim to efficiently remove the impact of sensitive data from trained GNNs without full retraining, assuming that deleted information cannot be recovered. In this work, we challenge this assumption by introducing the graph unlearning inversion attack: given only black-box...

Security update for bind

This update for bind fixes the following issues: Update to version 9.20.9. Security issues fixed: CVE-2025-40775: denial-of-service due to assertion failure caused by the processing of a NS message with an invalid TSIG bsc1243361. CVE-2024-12705: CPU and memory exhaustion due to DNS-over-HTTPS...

PT-2025-23119 · M2Soft · M2Soft Crownix Report & Ers

Name of the Vulnerable Software and Affected Versions: M2Soft CROWNIX Report & ERS versions 5.x through 5.5.14.1070 M2Soft CROWNIX Report & ERS versions 7.x through 7.4.3.960 M2Soft CROWNIX Report & ERS versions 8.x through 8.2.0.345 Description: An arbitrary file upload issue allows attackers to...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

USN-7533-1 openjdk-17-crac vulnerabilities

Alicja Kario discovered that the JSSE component of CRaC JDK 17 incorrectly handled RSA padding. An attacker could possibly use this issue to obtain sensitive information. CVE-2025-21587 It was discovered that the Compiler component of CRaC JDK 17 incorrectly handled compiler transformations. An...

Fedora: Security Advisory (FEDORA-2024-9fb3492511)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-7714

The AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 lacks sufficient access controls allowing an unauthenticated user to disconnect the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin before 2.1.0 from OpenAI, thereby disabling the AI ChatB...

CVE-2024-45313

Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security...

CVE-2024-51484

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to...