PT-2026-41802

When using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check...

Operationalizing Cybersecurity Governance for Mitigation Planning with Attack-Path Modeling and Reinforcement Learning

We address a fundamental challenge in cybersecurity operations of translating governance frameworks into actionable mitigation decisions under realistic resource constraints. Frameworks such as the NIST Cybersecurity Framework CSF provide widely adopted measures of organizational maturity, but do...

CSLE: A Reinforcement Learning Platform for Autonomous Security Management

Reinforcement learning is a promising approach to autonomous and adaptive security management in networked systems. However, current reinforcement learning solutions for security management are mostly limited to simulation environments and it is unclear how they generalize to operational systems...

An Efficient Anomaly Detection Framework for Wireless Sensor Networks Using Markov Process

Wireless Sensor Networks forms the backbone of modern cyber physical systems used in various applications such as environmental monitoring, healthcare monitoring, industrial automation, and smart infrastructure. Ensuring the reliability of data collected through these networks is essential as the...

EUVD-2024-1647

Malicious code in bioql PyPI...

Markov Chain-Based Model of Blockchain Radio Access Networks

Security has always been a priority, for researchers, service providers and network operators when it comes to radio access networks RAN. One wireless access approach that has captured attention is blockchain enabled RAN B-RAN due to its secure nature. This research introduces a framework that...

Trusted Data Fusion, Multi-Agent Autonomy, Autonomous Vehicles

Multi-agent collaboration enhances situational awareness in intelligence, surveillance, and reconnaissance ISR missions. Ad hoc networks of unmanned aerial vehicles UAVs allow for real-time data sharing, but they face security challenges due to their decentralized nature, making them vulnerable t...

Learning-Based Cost-Aware Defense of Parallel Server Systems against Malicious Attacks

We consider the cyber-physical security of parallel server systems, which is relevant for a variety of engineering applications such as networking, manufacturing, and transportation. These systems rely on feedback control and may thus be vulnerable to malicious attacks such as denial-of-service,...

Secure Goal-Oriented Communication: Defending against Eavesdropping Timing Attacks

Goal-oriented Communication GoC is a new paradigm that plans data transmission to occur only when it is instrumental for the receiver to achieve a certain goal. This leads to the advantage of reducing the frequency of transmissions significantly while maintaining adherence to the receiver's...

Balancing Privacy and Utility in Correlated Data: a Study of Bayesian Differential Privacy

Privacy risks in differentially private DP systems increase significantly when data is correlated, as standard DP metrics often underestimate the resulting privacy leakage, leaving sensitive information vulnerable. Given the ubiquity of dependencies in real-world databases, this oversight poses a...

Secure Time-Modulated Intelligent Reflecting Surface via Generative Flow Networks

We propose a novel directional modulation DM design for OFDM transmitters aided by a time-modulated intelligent reflecting surface TM-IRS. The TM-IRS is configured to preserve the integrity of transmitted signals toward multiple legitimate users while scrambling the signal in all other directions...

CVE-2024-34075

kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows...

Denial Of Service (DoS)

kurwov is vulnerable to Denial Of Service DoS. The vulnerability is due to improper sanitization within the MarkovDatagetNext method, which is utilized in both Markovgenerate and Markovchoose functions, which results in a maliciously crafted string within the dataset to bypass sanitization checks...

kurwov vulnerable to Denial of Service due to improper data sanitization

Summary An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. Details...

CVE-2024-34075

kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...

CVE-2024-34075 kurwov vulnerable to Denial of Service due to improper data sanitization

kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...

CVE-2024-34075

CVE-2024-34075 (kurwov) affects the Markov chain library kurwov. A flaw in the unsafe sanitization in MarkovData#getNext (used by Markov#generate and Markov#choose) lets a crafted dataset string bypass sanitization when it contains the forbidden substring "proto " followed by a space, by manipula...

CVE-2024-34075 kurwov vulnerable to Denial of Service due to improper data sanitization

kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...

xz security update

CentOS Errata and Security Advisory CESA-2022:5052 An update for xz is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...