When Labels Are Scarce: A Systematic Mapping of Label-Efficient Code Vulnerability Detection

Machine-learning-based code vulnerability detection CVD has progressed rapidly, from deep program representations to pretrained code models and LLM-centered pipelines. Yet dependable vulnerability labeling remains expensive, noisy, and uneven across projects, languages, and CWE types, motivating...

Threat Intelligence Driven IP Protection for Entrepreneurial SMEs

Entrepreneurial small to medium enterprises face significant cybersecurity challenges when developing valuable intellectual property IP. This paper addresses the critical gap in research on how E-SMEs can protect their IP assets from cybersecurity threats through effective threat intelligence and...

Demystifying Feature Engineering in Malware Analysis of API Call Sequences

Machine learning ML has been widely used to analyze API call sequences in malware analysis, which typically requires the expertise of domain specialists to extract relevant features from raw data. The extracted features play a critical role in malware analysis. Traditional feature extraction is...

offensiveinterview

It is an offensive tool for penetration testing and red teaming. The repository contains a collection of interview questions to screen offensive red team/pentest candidates, categorized into open-ended, knowledge-based, and scenario-based questions. The questions cover various topics such as...

Adversarial Attacks on VQA-NLE: Exposing and Alleviating Inconsistencies in Visual Question Answering Explanations

Natural language explanations in visual question answering VQA-NLE aim to make black-box models more transparent by elucidating their decision-making processes. However, we find that existing VQA-NLE systems can produce inconsistent explanations and reach conclusions without genuinely understandi...

CRAKEN: Cybersecurity LLM Agent with Knowledge-Based Execution

Large Language Model LLM agents can automate cybersecurity tasks and can adapt to the evolving cybersecurity landscape without re-engineering. While LLM agents have demonstrated cybersecurity capabilities on Capture-The-Flag CTF competitions, they have two key limitations: accessing latest...

What NIST’s latest password standards mean, and why the old ones weren’t working

Say goodbye to the days of using the "@" symbol to mean "a" in your password or replacing an "S" with a "$." The U.S. National Institute of Standards and Technology NIST recently announced new guidelines for the ways website and organizations should handle password creation and management that wi...

NIST Recommends Some Common-Sense Password Rules

NIST's second draft of its "SP 800-63-4"--its digital identify guidelines--finally contains some really good rules about passwords: The following requirements apply to passwords: 1. lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require...

How to modify knowledge-based question on Netscaler Gateway

This article illustrates how to modify the KB Knowledge-based question on Netscaler Gateway...

answer Security breach

answer is an open source knowledge-based community software. A security vulnerability exists in answerdev/answer versions prior to 1.1.1, which stems from a conditional contention issue in threads...

answer Security breach

answer is an open source knowledge-based community software. A security vulnerability exists in versions of answer prior to 1.1.1, which stems from a misconfiguration of permissions that allows low-privileged users to create tags...

answer Code Issue Vulnerability

answer is an open source knowledge-based community software. A code issue vulnerability exists in answerdev/answer versions prior to 1.1.0 that stems from a session expiration insufficiency issue that allows an attacker to reuse old session credentials or IDs for authorization...

answer Security breach

answer is an open source knowledge-based community software. A security vulnerability exists in versions of answer prior to 1.1.0 that stems from a weak password policy when creating an account...

answer authorization issue vulnerability (CNVD-2023-40597)

answer is an open source knowledge-based community software. A vulnerability in authorization issues exists in versions of answer prior to 1.0.9, which stems from a lack of authorization for the software. An attacker could use this vulnerability to unauthorize changes or delete votes...

answer access control error vulnerability (CNVD-2023-29700)

answer is an open source knowledge-based community software. An access control error vulnerability exists in versions of answer prior to 1.1.6, which stems from prolonged password expiration. An attacker could exploit the vulnerability to account account takeover...

GHSA-65V8-6PVW-JWVQ Answer vulnerable to Insertion of Sensitive Information Into Sent Data

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc...

Answer vulnerable to account takeover because password reset links do not expire

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.6 is vulnerable to account takeover because the password reset link does not expire...

answer information disclosure vulnerability (CNVD-2023-29792)

answer is an open source knowledge-based community software. An information disclosure vulnerability exists in versions of answer prior to 1.0.6. The vulnerability stems from the fact that the application will respond with an account that cannot be found if an invalid account is used. In the case...

answer authorization issue vulnerability

answer is an open source knowledge-based community software. answer 1.0.6 prior versions of the authorization problem vulnerability , the vulnerability stems from the request to set a new password in /answer/admin/api/user/password there is improper permission management , a low-privilege attacke...

answer 安全漏洞

answer is an open source knowledge-based community software. A security vulnerability exists in versions of answer prior to 1.0.6, which stems from an unlimited number of authentications...