4 matches found
PYSEC-2026-478 PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval()` tool execution
Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A server without configuring authtoken. 2. The same example binds the server to 0.0.0.0. 3. The example registers a calculateexpression tool...
Knowledge-To-Data: LLM-Driven Synthesis of Structured Network Traffic for Testbed-Free IDS Evaluation
Realistic, large-scale, and well-labeled cybersecurity datasets are essential for training and evaluating Intrusion Detection Systems IDS. However, they remain difficult to obtain due to privacy constraints, data sensitivity, and the cost of building controlled collection environments such as...
Realistic Environmental Injection Attacks on GUI Agents
GUI agents built on LVLMs are increasingly used to interact with websites. However, their exposure to open-world content makes them vulnerable to Environmental Injection Attacks EIAs that hijack agent behavior via webpage elements. Many recent studies assume the attacker to be a regular user who...
LATENT: LLM-Augmented Trojan Insertion and Evaluation Framework for Analog Netlist Topologies
Analog and mixed-signal A/MS integrated circuits ICs are integral to safety-critical applications. However, the globalization and outsourcing of A/MS ICs to untrusted third-party foundries expose them to security threats, particularly analog Trojans. Unlike digital Trojans which have been...