VulReaD: Knowledge-Graph-Guided Software Vulnerability Reasoning and Detection

Software vulnerability detection SVD is a critical challenge in modern systems. Large language models LLMs offer natural-language explanations alongside predictions, but most work focuses on binary evaluation, and explanations often lack semantic consistency with Common Weakness Enumeration CWE...

DREAM: Dynamic Red-Teaming across Environments for AI Models

Large Language Models LLMs are increasingly used in agentic systems, where their interactions with diverse tools and environments create complex, multi-stage safety challenges. However, existing benchmarks mostly rely on static, single-turn assessments that miss vulnerabilities from adaptive,...

KG-DF: A Black-Box Defense Framework against Jailbreak Attacks Based on Knowledge Graphs

With the widespread application of large language models LLMs in various fields, the security challenges they face have become increasingly prominent, especially the issue of jailbreak. These attacks induce the model to generate erroneous or uncontrolled outputs through crafted inputs, threatenin...

Large Language Models for Explainable Threat Intelligence

As cyber threats continue to grow in complexity, traditional security mechanisms struggle to keep up. Large language models LLMs offer significant potential in cybersecurity due to their advanced capabilities in text processing and generation. This paper explores the use of LLMs with...

TITAN: Graph-Executable Reasoning for Cyber Threat Intelligence

TITAN Threat Intelligence Through Automated Navigation is a framework that connects natural-language cyber threat queries with executable reasoning over a structured knowledge graph. It integrates a path planner model, which predicts logical relation chains from text, and a graph executor that...

MAL-2025-47327 Malicious code in mcp-knowledge-graph (npm)

The package was compromised and malicious code added. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7e385978fdd606a1cfafadbcf800ed35523992d9a683305fcca51a6f12ea8b0f Any computer that has this package installed or running should be considered fully compromised. All...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

graph-rag-poc

Graph RAG Pipeline - Proof of Concept A locally-executable Gr...

Consiglieres in the Shadow: Understanding the Use of Uncensored Large Language Models in Cybercrimes

The advancement of AI technologies, particularly Large Language Models LLMs, has transformed computing while introducing new security and privacy risks. Prior research shows that cybercriminals are increasingly leveraging uncensored LLMs ULLMs as backends for malicious services. Understanding the...

RAG Safety: Exploring Knowledge Poisoning Attacks to Retrieval-Augmented Generation

Retrieval-Augmented Generation RAG enhances large language models LLMs by retrieving external data to mitigate hallucinations and outdated knowledge issues. Benefiting from the strong ability in facilitating diverse data sources and supporting faithful reasoning, knowledge graphs KGs have been...

KnowML: Improving Generalization of ML-NIDS with Attack Knowledge Graphs

Despite extensive research on Machine Learning-based Network Intrusion Detection Systems ML-NIDS, their capability to detect diverse attack variants remains uncertain. Prior studies have largely relied on homogeneous datasets, which artificially inflate performance scores and offer a false sense ...

SmartGuard: Leveraging Large Language Models for Network Attack Detection through Audit Log Analysis and Summarization

End-point monitoring solutions are widely deployed in today's enterprise environments to support advanced attack detection and investigation. These monitors continuously record system-level activities as audit logs and provide deep visibility into security events. Unfortunately, existing methods ...

PICO: Secure Transformers Via Robust Prompt Isolation and Cybersecurity Oversight

We propose a robust transformer architecture designed to prevent prompt injection attacks and ensure secure, reliable response generation. Our PICO Prompt Isolation and Cybersecurity Oversight framework structurally separates trusted system instructions from untrusted user inputs through dual...

CVE-2025-27348

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daniel WP Social SEO Booster – Knowledge Graph Social Signals SEO wp-social-seo-booster allows Stored XSS.This issue affects WP Social SEO Booster – Knowledge Graph Social Signals SEO: from n/a...

WordPress WP Social SEO Booster plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WP Social SEO Booster – Knowledge Graph Social Signals SEO versions = 1.2.0...

CVE-2025-27348

CVE-2025-27348 pertains to a Stored XSS in the WordPress plugin WP Social SEO Booster – Knowledge Graph Social Signals SEO, affecting versions n/a through 1.2.0. The root cause, per the sources, is improper neutralization of input during web page generation. The vulnerability enables stored cross...

PT-2025-7762 · Unknown · Wp Social Seo Booster

Name of the Vulnerable Software and Affected Versions: WP Social SEO Booster – Knowledge Graph Social Signals SEO versions 1.2.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability...

Paragon - Red Team Engagement Platform With The Goal Of Unifying Offensive Tools Behind A Simple UI

Paragon is a Red Team engagement platform. It aims to unify offensive tools behind a simple UI, abstracting much of the backend work to enable operators to focus on writing implants and spend less time worrying about databases and css. The repository also provides some offensive tools already...