Outsourcing SAT-Based Verification Computations in Network Security

The emergence of cloud computing gives huge impact on large computations. Cloud computing platforms offer servers with large computation power to be available for customers. These servers can be used efficiently to solve problems that are complex by nature, for example, satisfiability SAT problem...

UBUNTU-CVE-2025-37905

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Balance device refcount when destroying devices Using devicefindchild to lookup the proper SCMI device to destroy causes an unbalance in device refcount, since devicefindchild calls an implicit getdevice: this,...

Adaptive Pruning of Deep Neural Networks for Resource-Aware Embedded Intrusion Detection on the Edge

Artificial neural network pruning is a method in which artificial neural network sizes can be reduced while attempting to preserve the predicting capabilities of the network. This is done to make the model smaller or faster during inference time. In this work we analyze the ability of a selection...

Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain

We have detected a new tactic involving fake CAPTCHA pages that trick users into executing harmful commands in Windows. This scheme uses disguised files sent via phishing and other malicious methods...

BeamClean: Language Aware Embedding Reconstruction

In this work, we consider an inversion attack on the obfuscated input embeddings sent to a language model on a server, where the adversary has no access to the language model or the obfuscation mechanism and sees only the obfuscated embeddings along with the model's embedding table. We propose...

PT-2025-22336 · Spring · Spring Security Aspects

Name of the Vulnerable Software and Affected Versions: Spring Security Aspects affected versions not specified Description: The issue concerns Spring Security Aspects not correctly locating method security annotations on private methods, potentially causing an authorization bypass. This can affec...

Fragments to Facts: Partial-Information Fragment Inference from LLMs

Large language models LLMs can leak sensitive training data through memorization and membership inference attacks. Prior work has primarily focused on strong adversarial assumptions, including attacker access to entire samples or long, ordered prefixes, leaving open the question of how vulnerable...

The vulnerability of the Naumen Service Management Platform, related to the use of dangerous methods or functions, allows a perpetrator to execute arbitrary code.

The vulnerability of the Naumen Service Management Platform is related to the use of dangerous methods or functions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

[SECURITY] Fedora 41 Update: syslog-ng-4.8.2-1.fc41

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...

Server-Side Template Injection Vulnerabilities and Exploitation Techniques

Research article called Server-Side Template Injection SSTI Vulnerabilities and Exploitation Techniques. The paper provides a structured methodology for detecting and exploiting SSTI vulnerabilities across multiple template engines, along with real-world case studies and mitigation strategies...

CVE-2025-31493

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data...

Description of the security update for Office 2016: May 13, 2025 (KB5002695)

Description of the security update for Office 2016: May 13, 2025 KB5002695 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2025-32704.​​​​​​​​​​​​​​ Note: To...

Description of the security update for Office Online Server: May 13, 2025 (KB5002707)

Description of the security update for Office Online Server: May 13, 2025 KB5002707 Summary This security update resolves a Microsoft Excel remote code execution vulnerability. To learn more about the vulnerability, see the following security advisories: Microsoft Common Vulnerabilities and...

MUBox: a Critical Evaluation Framework of Deep Machine Unlearning

Recent legal frameworks have mandated the right to be forgotten, obligating the removal of specific data upon user requests. Machine Unlearning has emerged as a promising solution by selectively removing learned information from machine learning models. This paper presents MUBox, a comprehensive...

Mirror Mirror on the Wall, Have I Forgotten It All? A New Framework for Evaluating Machine Unlearning

Machine unlearning methods take a model trained on a dataset and a forget set, then attempt to produce a model as if it had only been trained on the examples not in the forget set. We empirically show that an adversary is able to distinguish between a mirror model a control model produced by...

Revealing Weaknesses in Text Watermarking through Self-Information Rewrite Attacks

Text watermarking aims to subtly embed statistical signals into text by controlling the Large Language Model LLM's sampling process, enabling watermark detectors to verify that the output was generated by the specified model. The robustness of these watermarking algorithms has become a key factor...

Exploit for CVE-2025-24203

dirtyZero A simple customization toolbox that utilizes CVE-...

MTL-UE: Learning to Learn Nothing for Multi-Task Learning

Most existing unlearnable strategies focus on preventing unauthorized users from training single-task learning STL models with personal data. Nevertheless, the paradigm has recently shifted towards multi-task data and multi-task learning MTL, targeting generalist and foundation models that can...

CVE-2025-32441 Rack session gets restored after deletion

Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the Rack::Session::Pool middleware, simultaneous rack requests can restore a deleted rack session, which allows the unauthenticated user to occupy that session. Rack session middleware prepares the session at the...

Cisco IOS XE Software DHCP Snooping Denial of Service Vulnerability

A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue wedge, which could result in a denial of service DoS condition. This vulnerability is due to improper handling of DHCP request packets. An...