Protocol Dialects As Formal Patterns: a Composable Theory of Lingos -- Technical Report

Protocol dialects are methods for modifying protocols that provide light-weight security, especially against easy attacks that can lead to more serious ones. A lingo is a dialect's key security component by making attackers unable to "speak" the lingo. A lingo's "talk" changes all the time,...

Enhancing Security and Strengthening Defenses in Automated Short-Answer Grading Systems

This study examines vulnerabilities in transformer-based automated short-answer grading systems used in medical education, with a focus on how these systems can be manipulated through adversarial gaming strategies. Our research identifies three main types of gaming strategies that exploit the...

The Rise of Intelligent Security Validation: What a Month of Enhanced BAS Revealed

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! Four weeks ago, a major healthcare...

Data Encryption Battlefield: a Deep Dive into the Dynamic Confrontations in Ransomware Attacks

In the rapidly evolving landscape of cybersecurity threats, ransomware represents a significant challenge. Attackers increasingly employ sophisticated encryption methods, such as entropy reduction through Base64 encoding, and partial or intermittent encryption to evade traditional detection...

Erased but Not Forgotten: How Backdoors Compromise Concept Erasure

The expansion of large-scale text-to-image diffusion models has raised growing concerns about their potential to generate undesirable or harmful content, ranging from fabricated depictions of public figures to sexually explicit images. To mitigate these risks, prior work has devised machine...

CISA: Dams Sector Personnel Screening Guide

The Dams Sector Personnel Screening Guide 2025 provides information to assist Dams Sector owners and operators in developing and implementing personnel screening protocols appropriate for their facilities. An effective screening protocol for potential employees and contractor support can contribu...

📄 Ruby on Rails Cross Site Request Forgery

Ruby on Rails appears to include a one time pad for cross site request forgery protections to the user, making it possible to forge valid tokens. Good morning. All current versions and all versions since the 2022/2023 "fix" to the Rails cross-site request forgery CSRF protections continue to be...

Performance of Machine Learning Classifiers for Anomaly Detection in Cyber Security Applications

This work empirically evaluates machine learning models on two imbalanced public datasets KDDCUP99 and Credit Card Fraud 2013. The method includes data preparation, model training, and evaluation, using an 80/20 train/test split. Models tested include eXtreme Gradient Boosting XGB, Multi Layer...

CVE-2025-21605 Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not limit the outpu...

The Tech That Safeguards the Conclave’s Secrecy

Following the death of Pope Francis, the Vatican is preparing to organize a new conclave in less than 20 days. This is how they’ll tamp down on leaks...

AiXamine: Simplified LLM Safety and Security

Evaluating Large Language Models LLMs for safety and security remains a complex task, often requiring users to navigate a fragmented landscape of ad hoc benchmarks, datasets, metrics, and reporting formats. To address this challenge, we present aiXamine, a comprehensive black-box evaluation...

A Review on Privacy in DAG-Based DLTs

Directed Acyclic Graph DAG-based Distributed Ledger Technologies DLTs have emerged as a promising solution to the scalability issues inherent in traditional blockchains. However, amidst the focus on scalability, the crucial aspect of privacy within DAG-based DLTs has been largely overlooked. This...

Security Bulletin: Multiple vulnerabilities affect PowerSC and PowerSC MFA

Summary There are multiple vulnerabilities in PowerSC and PowerSC MFA. Vulnerability Details CVEID:CVE-2023-50939 DESCRIPTION: IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:...

Leveraging Vertical Public-Private Split for Improved Synthetic Data Generation

Differentially Private Synthetic Data Generation DP-SDG is a key enabler of private and secure tabular-data sharing, producing artificial data that carries through the underlying statistical properties of the input data. This typically involves adding carefully calibrated statistical noise to...

[SECURITY] Fedora 42 Update: openvpn-2.6.14-1.fc42

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

📄 Netman 204 Authentication Bypass / Remote Code Execution

Netman 204 allows for remote command execution without authentication. Exploit Title: Netman 204 - Remote command with out authentication Date: 2/4/2025 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: netman-204 https://www.riello-ups.com/downloads/25-netman-204 Version: netman-204 Teste...

Moodle 4.4.x < 4.4.2 Multiples Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.4.x prior to 4.4.2. It is, therefore, affected by multiples vulnerabilities : - Matrix user/power level management not always working as expected with suspended users. - Lack of access control when using...

OpenSSH 10.0

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...

OpenSSH 10.0p1

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...

The vulnerability of the Windows Local Session Manager (LSM) component of the Windows operating system, which allows a hacker to trigger a service failure

The vulnerability of the Windows Local Session Manager LSM component of the Windows operating system is related to the use of dangerous methods or functions. Exploiting this vulnerability can allow a malicious actor to cause service interruptions from a remote location...