13 matches found
[SECURITY] Fedora 42 Update: GitPython-3.1.50-1.fc42
GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...
WARD: Adversarially Robust Defense of Web Agents against Prompt Injections
Web agents can autonomously complete online tasks by interacting with websites, but their exposure to open web environments makes them vulnerable to prompt injection attacks embedded in HTML content or visual interfaces. Existing guard models still suffer from limited generalization to unseen...
Reality Check for Tor Website Fingerprinting in the Open World
Website fingerprinting WF attacks on Tor can infer user destinations from encrypted traffic metadata. However, their real-world effectiveness remains debated due to laboratory settings that fail to capture network fluctuations, evaluate noise, and create a representative open world. In this work,...
Allocation of Resources Without Limits or Throttling
Overview keras is a Keras is a high-level neural networks API for Python.. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in HDF5 dataset metadata validation. An attacker can cause excessive memory consumption and crash the Python...
ScamSweeper: Detecting Illegal Accounts in Web3 Scams Via Transactions Analysis
The web3 applications have recently been growing, especially on the Ethereum platform, starting to become the target of scammers. The web3 scams, imitating the services provided by legitimate platforms, mimic regular activity to deceive users. However, previous studies have primarily concentrated...
AutoMalDesc: Large-Scale Script Analysis for Cyber Threat Research
Generating thorough natural language explanations for threat detections remains an open problem in cybersecurity research, despite significant advances in automated malware detection systems. In this work, we present AutoMalDesc, an automated static analysis summarization framework that, followin...
Have I Been Pwned Adds 1.96B Accounts From Synthient Credential Data
Have I Been Pwned HIBP, the popular breach notification service, has added another massive dataset to its platform.…...
Enhance the Machine Learning Algorithm Performance in Phishing Detection with Keyword Features
Recently, we can observe a significant increase of the phishing attacks in the Internet. In a typical phishing attack, the attacker sets up a malicious website that looks similar to the legitimate website in order to obtain the end-users' information. This may cause the leakage of the sensitive...
The Dark Side of Upgrades: Uncovering Security Risks in Smart Contract Upgrades
Smart contract upgrades are increasingly common due to their flexibility in modifying deployed contracts, such as fixing bugs or adding new functionalities. Meanwhile, upgrades compromise the immutability of contracts, introducing significant security concerns. While existing research has explore...
Secure Energy Transactions Using Blockchain Leveraging AI for Fraud Detection and Energy Market Stability
Peer-to-peer trading and the move to decentralized grids have reshaped the energy markets in the United States. Notwithstanding, such developments lead to new challenges, mainly regarding the safety and authenticity of energy trade. This study aimed to develop and build a secure, intelligent, and...
Data Encryption Battlefield: a Deep Dive into the Dynamic Confrontations in Ransomware Attacks
In the rapidly evolving landscape of cybersecurity threats, ransomware represents a significant challenge. Attackers increasingly employ sophisticated encryption methods, such as entropy reduction through Base64 encoding, and partial or intermittent encryption to evade traditional detection...
Phishing URL Detection Using Bi-LSTM
Phishing attacks threaten online users, often leading to data breaches, financial losses, and identity theft. Traditional phishing detection systems struggle with high false positive rates and are usually limited by the types of attacks they can identify. This paper proposes a deep learning-based...
A Gradient-Optimized TSK Fuzzy Framework for Explainable Phishing Detection
Phishing attacks represent an increasingly sophisticated and pervasive threat to individuals and organizations, causing significant financial losses, identity theft, and severe damage to institutional reputations. Existing phishing detection methods often struggle to simultaneously achieve high...