Anamorphic Encryption with CCA Security: A Standard Model Construction

Anamorphic encryption serves as a vital tool for covert communication, maintaining secrecy even during post-compromise scenarios. Particularly in the receiver-anamorphic setting, a user can shield hidden messages even when coerced into surrendering their secret keys. However, a major bottleneck i...

Security Barriers to Trustworthy AI-Driven Cyber Threat Intelligence in Finance: Evidence from Practitioners

Financial institutions face increasing cyber risk while operating under strict regulatory oversight. To manage this risk, they rely heavily on Cyber Threat Intelligence CTI to inform detection, response, and strategic security decisions. Artificial intelligence AI is widely suggested as a means t...

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

Rethinking Security of Diffusion-Based Generative Steganography

Generative image steganography is a technique that conceals secret messages within generated images, without relying on pre-existing cover images. Recently, a number of diffusion model-based generative image steganography DM-GIS methods have been introduced, which effectively combat traditional...

Protecting Context and Prompts: Deterministic Security for Non-Deterministic AI

Large Language Model LLM applications are vulnerable to prompt injection and context manipulation attacks that traditional security models cannot prevent. We introduce two novel primitives--authenticated prompts and authenticated context--that provide cryptographically verifiable provenance acros...

LLM Security and Safety: Insights from Homotopy-Inspired Prompt Obfuscation

In this study, we propose a homotopy-inspired prompt obfuscation framework to enhance understanding of security and safety vulnerabilities in Large Language Models LLMs. By systematically applying carefully engineered prompts, we demonstrate how latent model behaviors can be influenced in...

Mozilla Firefox和Mozilla Firefox ESR 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation.Mozilla Firefox ESR is an extended support version of Firefox web browser from the Mozilla Foundation.Mozilla Thunderbird is a suite of e-mail client software from the Mozilla Foundation that is separate from the Mozilla...

Whose Narrative Is It Anyway? A KV Cache Manipulation Attack

The Key ValueKV cache is an important component for efficient inference in autoregressive Large Language Models LLMs, but its role as a representation of the model's internal state makes it a potential target for integrity attacks. This paper introduces "History Swapping," a novel block-level...

PT-2025-46358

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 145 Firefox ESR versions prior to 140.5 Description A mitigation bypass exists in the DOM Security component of Firefox. This issue could allow a bypass of security mitigations. Recommendations Update Firefox to versi...

Targeted Pooled Latent-Space Steganalysis Applied to Generative Steganography, with a Fix

Steganographic schemes dedicated to generated images modify the seed vector in the latent space to embed a message, whereas most steganalysis methods attempt to detect the embedding in the image space. This paper proposes to perform steganalysis in the latent space by modeling the statistical...

Picklescan is missing detection when calling built-in python ensurepip._run_pip

Summary Using ensurepip.runpip function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to ensurepip.runpip function in reduce method Then when the victim after...

Risk Assessment and Security Analysis of Large Language Models

As large language models LLMs expose systemic security challenges in high risk applications, including privacy leaks, bias amplification, and malicious abuse, there is an urgent need for a dynamic risk assessment and collaborative defence framework that covers their entire life cycle. This paper...

GHSA-86CJ-95QR-2P4F Picklescan missing detection when calling pytorch function torch._dynamo.guards.GuardBuilder.get

Summary Using torch.dynamo.guards.GuardBuilder.get function, which is a pytorch library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to torch.dynamo.guards.GuardBuilder.get function in reduce...

Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks

In SaaS security conversations, "misconfiguration" and "vulnerability" are often used interchangeably. But they're not the same thing. And misunderstanding that distinction can quietly create real exposure. This confusion isn't just semantics. It reflects a deeper misunderstanding of the shared...

LoRA-Leak: Membership Inference Attacks against LoRA Fine-Tuned Language Models

Language Models LMs typically adhere to a "pre-training and fine-tuning" paradigm, where a universal pre-trained model can be fine-tuned to cater to various specialized domains. Low-Rank Adaptation LoRA has gained the most widespread use in LM fine-tuning due to its lightweight computational cost...

Defending against Prompt Injection with a Few DefensiveTokens

When large language model LLM systems interact with external data to perform complex tasks, a new attack, namely prompt injection, becomes a significant threat. By injecting instructions into the data accessed by the system, the attacker is able to override the initial user task with an arbitrary...

LLM Security: Vulnerabilities, Attacks, Defenses, and Countermeasures

As large language models LLMs continue to evolve, it is critical to assess the security threats and vulnerabilities that may arise both during their training phase and after models have been deployed. This survey seeks to define and categorize the various attacks targeting LLMs, distinguishing...

Picklescan Vulnerabilities Could Let Hackers Bypass AI Security Checks

Sonatype researchers uncover critical vulnerabilities in picklescan. Learn how these flaws impact AI model security, Hugging Face, and…...

CVE-2025-1945

picklescan before 0.0.23 fails to detect malicious pickle files inside PyTorch model archives when certain ZIP file flag bits are modified. By flipping specific bits in the ZIP file headers, an attacker can embed malicious pickle files that remain undetected by PickleScan while still being...

BIT-NODE-MIN-2024-21896

The permission model protects itself against path traversal attacks by calling path.resolve on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from to obtain a Buffer from the result of path.resolve. By monkey-patching Buffer internals, namely...