Backchaining Loss of Control Mitigations from Mission-Specific Benchmarks in National Security

Affordances and permissions are promising and timely safety levers for mitigating Loss of Control LoC threats in high-stakes deployment contexts, such as national security. Deployers in defense and intelligence could rely on several approaches to identify which affordances and permissions should ...

Threat Modelling Using Domain-Adapted Language Models: Empirical Evaluation and Insights

Large Language ModelsLLMs are increasingly explored for cybersecurity applications such as vulnerability detection. In the domain of threat modelling, prior work has primarily evaluated a number of general-purpose Large Language Models under limited prompting settings. In this study, we extend th...

CVE-2026-42480

A stack-based out-of-bounds read vulnerability in VrmlDataScene::ReadLine in the VRML parser in Open CASCADE Technology OCCT V800rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr++anOffset without proper...

ATLAS: AI-Assisted Threat-To-Assertion Learning for System-On-Chip Security Verification

This work presents ATLAS, an LLM-driven framework that bridges standardized threat modeling and property-based formal verification for System-on-Chip SoC security. Starting from vulnerability knowledge bases such as Common Weakness Enumeration CWE, ATLAS identifies SoC-specific assets, maps...

Towards a Blockchain-Based CI/CD Framework to Enhance Security in Cloud Environments

Security is becoming a pivotal point in cloud platforms. Several divisions, such as business organisations, health care, government, etc., have experienced cyber-attacks on their infrastructures. This research focuses on security issues within Continuous Integration and Deployment CI/CD pipelines...

Towards Reliable and Practical LLM Security Evaluations Via Bayesian Modelling

Before adopting a new large language model LLM architecture, it is critical to understand vulnerabilities accurately. Existing evaluations can be difficult to trust, often drawing conclusions from LLMs that are not meaningfully comparable, relying on heuristic inputs or employing metrics that fai...

EUVD-2023-57853

Malicious code in bioql PyPI...

EUVD-2023-50793

Malicious code in bioql PyPI...

EUVD-2024-48645

Malicious code in bioql PyPI...

Threat Modeling for Enhancing Security of IoT Audio Classification Devices under a Secure Protocols Framework

The rapid proliferation of IoT nodes equipped with microphones and capable of performing on-device audio classification exposes highly sensitive data while operating under tight resource constraints. To protect against this, we present a defence-in-depth architecture comprising a security protoco...

Collaborative Intelligence: Topic Modelling of Large Language Model Use in Live Cybersecurity Operations

Objective: This work describes the topic modelling of Security Operations Centre SOC use of a large language model LLM, during live security operations. The goal is to better understand how these specialists voluntarily use this tool. Background: Human-automation teams have been extensively...

The CryptoNeo Threat Modelling Framework (CNTMF): Securing Neobanks and Fintech in Integrated Blockchain Ecosystems

The rapid integration of blockchain, cryptocurrency, and Web3 technologies into digital banks and fintech operations has created an integrated environment blending traditional financial systems with decentralised elements. This paper introduces the CryptoNeo Threat Modelling Framework CNTMF, a...

Autonomous AI-Based Cybersecurity Framework for Critical Infrastructure: Real-Time Threat Mitigation

Critical infrastructure systems, including energy grids, healthcare facilities, transportation networks, and water distribution systems, are pivotal to societal stability and economic resilience. However, the increasing interconnectivity of these systems exposes them to various cyber threats,...

CVE-2023-46590

A vulnerability has been identified in Siemens OPC UA Modelling Editor SiOME All versions V2.8. Affected products suffer from a XML external entity XXE injection vulnerability. This vulnerability could allow an attacker to interfere with an application's processing of XML data and read arbitrary...

CVE-2024-7784

CVE-2024-7784 affects Axis OS: a flaw in the Secure Boot/device-tampering protection could allow bypass of protection mechanisms. Public details consistently state no known exploits at this time; Axis has released patched AXIS OS versions addressing the flaw. The CVE notes a physical attack vecto...

CVE-2024-7784

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

CVE-2024-7784

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

Preparing for Unknown Risks: How to Better Prepare for Risks You Can't See Yet

As security professionals we’re used to dealing with unknowns and unpredictability. We understand that it's impossible to always know what's around the corner. It's not just about external threats and the big breaches splashed across the news headlines. On one hand, we’re combating threat actors...

CVE-2023-5553

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

Design/Logic Flaw

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...