How to Copy-Protect Malleable-Puncturable Cryptographic Functionalities under Arbitrary Challenge Distributions

A quantum copy-protection scheme Aaronson, CCC 2009 encodes a functionality into a quantum state such that given this state, no efficient adversary can create two possibly entangled quantum states that are both capable of running the functionality. There has been a recent line of works on...

Revisiting Pre-Trained Language Models for Vulnerability Detection

The rapid advancement of pre-trained language models PLMs has demonstrated promising results for various code-related tasks. However, their effectiveness in detecting real-world vulnerabilities remains a critical challenge. % for the security community. While existing empirical studies evaluate...

OESA-2025-1727 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL deref in ntfsupdatemftmirr If ntfsfillsuper wasn't called then sbi-sb will be equal to NULL. Code should check this ptr before dereferencing...

From Promise to Peril: Rethinking Cybersecurity Red and Blue Teaming in the Age of LLMs

Large Language Models LLMs are set to reshape cybersecurity by augmenting red and blue team operations. Red teams can exploit LLMs to plan attacks, craft phishing content, simulate adversaries, and generate exploit code. Conversely, blue teams may deploy them for threat intelligence synthesis, ro...

📄 FortiOS SSL-VPN 7.4.4 Insufficient Session Expiration / Cookie Reuse

An insufficient session expiration vulnerability in FortiOS SSL-VPN allows an attacker to reuse stale session cookies after logout, potentially leading to unauthorized access. The SVPNTMPCOOKIE remains valid even after the primary SVPNCOOKIE is invalidated during logout. Versions affected include...

Exploit for CVE-2025-7503

Research on V380 CCTV IP Camera CVE-2025-7503 🔒 Summ...

📄 AirKeyboard iOS App 1.0.5 Remote Input Injection

The AirKeyboard iOS application version 1.0.5 exposes a WebSocket server on port 8888 which accepts arbitrary input injection messages from any client. No authentication or pairing process is required. This allows any attacker to type arbitrary keystrokes directly into the victim’s iOS device in...

Bhatt Conjectures: on Necessary-But-Not-Sufficient Benchmark Tautology for Human like Reasoning

The Bhatt Conjectures framework introduces rigorous, hierarchical benchmarks for evaluating AI reasoning and understanding, moving beyond pattern matching to assess representation invariance, robustness, and metacognitive self-awareness. The agentreasoning-sdk demonstrates practical implementatio...

OS Command Exec, Unix Command Shell, Bind TCP (via AWK)

Execute an OS command from PHP. Listen for a connection and spawn a command shell via GNU AWK Module Options msf use payload/php/unix/cmd/bindawk msf payloadbindawk show actions ...actions... msf payloadbindawk set ACTION msf payloadbindawk show options ...show and set options... msf payloadbinda...

Pixel-Sensitive and Robust Steganography Based on Polar Codes

Steganography is an information hiding technique for covert communication. The core issue in steganography design is the rate-distortion coding problem. Polar codes, which have been proven to achieve the rate-distortion bound for any binary symmetric source, are utilized to design a steganographi...

Blockchain-Enabled Privacy-Preserving Second-Order Federated Edge Learning in Personalized Healthcare

Federated learning FL has attracted increasing attention to mitigate security and privacy challenges in traditional cloud-centric machine learning models specifically in healthcare ecosystems. FL methodologies enable the training of global models through localized policies, allowing independent...

PHP Exec, PHP Meterpreter, PHP Reverse TCP Stager

Execute a PHP payload as an OS command from a Posix-compatible shell. Run a meterpreter server in PHP. Reverse PHP connect back stager with checks for disabled functions Module Options msf use payload/cmd/unix/php/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf...

Exposing Go's Hidden Bugs: a Novel Concolic Framework

The widespread adoption of the Go programming language in infrastructure backends and blockchain projects has heightened the need for improved security measures. Established techniques such as unit testing, static analysis, and program fuzzing provide foundational protection mechanisms. Although...

Towards a Quantum-Classical Augmented Network

In the past decade, several small-scale quantum key distribution networks have been established. However, the deployment of large-scale quantum networks depends on the development of quantum repeaters, quantum channels, quantum memories, and quantum network protocols. To improve the security of...

Probing the Vulnerability of Large Language Models to Polysemantic Interventions

Polysemanticity -- where individual neurons encode multiple unrelated features -- is a well-known characteristic of large neural networks and remains a central challenge in the interpretability of language models. At the same time, its implications for model safety are also poorly understood...

Record System Authentication-related Events in Logs

System authentication-related events must be recorded to help analyze users SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

OPNSense Login Scanner

This module performs login attempts against a Deciso B.V OPNSense router webpage to bruteforce possible credentials. Module Options msf use auxiliary/scanner/http/opnsenselogin msf auxiliaryopnsenselogin show actions ...actions... msf auxiliaryopnsenselogin set ACTION msf auxiliaryopnsenselogin...

Exploit for Cross-site Scripting in Karaz Karazal

NOV-CVE Here is the CVE I’ve got: CVE-2...

📄 Microsoft Windows 11 23h2 Privilege Escalation

Microsoft Windows 11 23h2 CLFS.sys proof of concept privilege escalation exploit. Exploit Title:Microsoft Windows 11 23h2 - 'CLFS.sys' Elevation of Privilege Vulnerability Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...

How Do Mobile Applications Enhance Security? an Exploratory Analysis of Use Cases and Provided Information

The ubiquity of mobile applications has increased dramatically in recent years, opening up new opportunities for cyber attackers and heightening security concerns in the mobile ecosystem. As a result, researchers and practitioners have intensified their research into improving the security and...