Exploiting Layer-Specific Vulnerabilities to Backdoor Attack in Federated Learning

Federated learning FL enables distributed model training across edge devices while preserving data locality. This decentralized approach has emerged as a promising solution for collaborative learning on sensitive user data, effectively addressing the longstanding privacy concerns inherent in...

From SFT to RL: Demystifying the Post-Training Pipeline for LLM-Based Vulnerability Detection

The integration of LLMs into vulnerability detection VD has shifted the field toward interpretable and context-aware analysis. While post-training methods have shown promise in general coding tasks, their systematic application to VD remains underexplored. In this paper, we present the first...

Backdoor Attacks on Contrastive Continual Learning for IoT Systems

The Internet of Things IoT systems increasingly depend on continual learning to adapt to non-stationary environments. These environments can include factors such as sensor drift, changing user behavior, device aging, and adversarial dynamics. Contrastive continual learning CCL combines contrastiv...

CVE-2019-25320

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

Exploit for Cross-site Scripting in Chamilo Chamilo_Lms

CVE-2023-4220 Arbitrary File Upload / RCE - PoC I created...

An Empirical Study of the Imbalance Issue in Software Vulnerability Detection

Vulnerability detection is crucial to protect software security. Nowadays, deep learning DL is the most promising technique to automate this detection task, leveraging its superior ability to extract patterns and representations within extensive code volumes. Despite its promise, DL-based...

PT-2026-7920

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

Unknown Attack Detection in IoT Networks Using Large Language Models: A Robust, Data-Efficient Approach

The rapid evolution of cyberattacks continues to drive the emergence of unknown zero-day threats, posing significant challenges for network intrusion detection systems in Internet of Things IoT networks. Existing machine learning and deep learning approaches typically rely on large labeled...

LoRA-Based Parameter-Efficient LLMs for Continuous Learning in Edge-Based Malware Detection

The proliferation of edge devices has created an urgent need for security solutions capable of detecting malware in real time while operating under strict computational and memory constraints. Recently, Large Language Models LLMs have demonstrated remarkable capabilities in recognizing complex...

CVE-2026-26031

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...

CVE-2026-26031

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...

CVE-2026-26031

The CVE describes a privacy flaw in Frappe Learning Management System (LMS) prior to version 2.44.0, where unauthorised users could retrieve the full list of enrolled students (by email) in batches. Affected software is the Frappe LMS prior to 2.44.0; the root cause is not explicitly detailed in ...

CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...

Frappe Learning Management System 安全漏洞

Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.44.0 contained security vulnerabilities. These vulnerabilities were due to improper access control, which could allow...

PT-2026-7726

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System versions prior to 2.44.0 Description A security issue was identified in Frappe Learning Management System where unauthorized users could access the full list of enrolled students, including their email...

The Role of Learning in Attacking Intrusion Detection Systems

Recent work on network attacks have demonstrated that ML-based network intrusion detection systems NIDS can be evaded with adversarial perturbations. However, these attacks rely on complex optimizations that have large computational overheads, making them impractical in many real-world settings. ...

StealthRL: Reinforcement Learning Paraphrase Attacks for Multi-Detector Evasion of AI-Text Detectors

AI-text detectors face a critical robustness challenge: adversarial paraphrasing attacks that preserve semantics while evading detection. We introduce StealthRL, a reinforcement learning framework that stress-tests detector robustness under realistic adversarial conditions. StealthRL trains a...

GPU-Fuzz: Finding Memory Errors in Deep Learning Frameworks

GPU memory errors are a critical threat to deep learning DL frameworks, leading to crashes or even security issues. We introduce GPU-Fuzz, a fuzzer locating these issues efficiently by modeling operator parameters as formal constraints. GPU-Fuzz utilizes a constraint solver to generate test cases...

SoK: The Pitfalls of Deep Reinforcement Learning for Cybersecurity

Deep Reinforcement Learning DRL has achieved remarkable success in domains requiring sequential decision-making, motivating its application to cybersecurity problems. However, transitioning DRL from laboratory simulations to bespoke cyber environments can introduce numerous issues. This is furthe...

One RNG to Rule Them All: How Randomness Becomes an Attack Vector in Machine Learning

Machine learning relies on randomness as a fundamental component in various steps such as data sampling, data augmentation, weight initialization, and optimization. Most machine learning frameworks use pseudorandom number generators as the source of randomness. However, variations in design choic...