OpenRT: An Open-Source Red Teaming Framework for Multimodal LLMs

The rapid integration of Multimodal Large Language Models MLLMs into critical applications is increasingly hindered by persistent safety vulnerabilities. However, existing red-teaming benchmarks are often fragmented, limited to single-turn text interactions, and lack the scalability required for...

AI-Powered Hybrid Intrusion Detection Framework for Cloud Security Using Novel Metaheuristic Optimization

Cybersecurity poses considerable problems to Cloud Computing CC, especially regarding Intrusion Detection Systems IDSs, facing difficulties with skewed datasets and suboptimal classification model performance. This study presents the Hybrid Intrusion Detection System HyIDS, an innovative IDS that...

Emoji-Based Jailbreaking of Large Language Models

Large Language Models LLMs are integral to modern AI applications, but their safety alignment mechanisms can be bypassed through adversarial prompt engineering. This study investigates emoji-based jailbreaking, where emoji sequences are embedded in textual prompts to trigger harmful and unethical...

Cracking IoT Security: Can LLMs Outsmart Static Analysis Tools?

Smart home IoT platforms such as openHAB rely on Trigger Action Condition TAC rules to automate device behavior, but the interplay among these rules can give rise to interaction threats, unintended or unsafe behaviors emerging from implicit dependencies, conflicting triggers, or overlapping...

CVE-2025-15391 D-Link DIR-806A SSDP Request ssdpcgi_main command injection

A weakness has been identified in D-Link DIR-806A 100CNb11. Affected is the function ssdpcgimain of the component SSDP Request Handler. This manipulation causes command injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. This...

GHSA-46H3-79WF-XR6C Picklescan is vulnerable to RCE via missing detection when calling built-in python _operator.attrgetter

Summary Picklescan uses operator.attrgetter, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.attrgetter function in the reduce method. - Then,...

GHSA-X843-G5MX-G377 Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.methodcaller

Summary Picklescan uses operator.methodcaller, which is a built-in python library function to execute remote pickle files. Details The attack payload executes in the following steps: - First, the attacker crafts the payload by calling the operator.methodcaller function in method reduce. - Then,...

GHSA-VQMV-47XG-9WPR Picklescan missing detection when calling pty.spawn

Summary Using pty.spawn, which is a built-in python library function to execute arbitrary commands on the host system. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to pty.spawn function in the reduce method. Then the victim attempts ...

Agentic AI for Autonomous Defense in Software Supply Chain Security: Beyond Provenance to Vulnerability Mitigation

The software supply chain attacks are becoming more and more focused on trusted development and delivery procedures, so the conventional post-build integrity mechanisms cannot be used anymore. The available frameworks like SLSA, SBOM and in toto are majorly used to offer provenance and traceabili...

Breaking Audio Large Language Models by Attacking Only the Encoder: A Universal Targeted Latent-Space Audio Attack

Audio-language models combine audio encoders with large language models to enable multimodal reasoning, but they also introduce new security vulnerabilities. We propose a universal targeted latent space attack, an encoder-level adversarial attack that manipulates audio latent representations to...

Multi-Agent Framework for Threat Mitigation and Resilience in AI-Based Systems

Machine learning ML underpins foundation models in finance, healthcare, and critical infrastructure, making them targets for data poisoning, model extraction, prompt injection, automated jailbreaking, and preference-guided black-box attacks that exploit model comparisons. Larger models can be mor...

EquaCode: A Multi-Strategy Jailbreak Approach for Large Language Models Via Equation Solving and Code Completion

Large language models LLMs, such as ChatGPT, have achieved remarkable success across a wide range of fields. However, their trustworthiness remains a significant concern, as they are still susceptible to jailbreak attacks aimed at eliciting inappropriate or harmful responses. However, existing...

From Rookie to Expert: Manipulating LLMs for Automated Vulnerability Exploitation in Enterprise Software

LLMs democratize software engineering by enabling non-programmers to create applications, but this same accessibility fundamentally undermines security assumptions that have guided software engineering for decades. We show in this work how publicly available LLMs can be socially engineered to...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...

A Statistical Side-Channel Risk Model for Timing Variability in Lattice-Based Post-Quantum Cryptography

Timing side-channels are an important threat to cryptography that still needs to be addressed in implementations, and the advent of post-quantum cryptography raises this issue because the lattice-based schemes may produce secret-dependent timing variability with the help of complex arithmetic and...

The Imitation Game: Using Large Language Models As Chatbots to Combat Chat-Based Cybercrimes

Chat-based cybercrime has emerged as a pervasive threat, with attackers leveraging real-time messaging platforms to conduct scams that rely on trust-building, deception, and psychological manipulation. Traditional defense mechanisms, which operate on static rules or shallow content filters,...

AutoBaxBuilder: Bootstrapping Code Security Benchmarking

As LLMs see wide adoption in software engineering, the reliable assessment of the correctness and security of LLM-generated code is crucial. Notably, prior work has demonstrated that security is often overlooked, exposing that LLMs are prone to generating code with security vulnerabilities. These...

Assessing the Software Security Comprehension of Large Language Models

Large language models LLMs are increasingly used in software development, but their level of software security expertise remains unclear. This work systematically evaluates the security comprehension of five leading LLMs: GPT-4o-Mini, GPT-5-Mini, Gemini-2.5-Flash, Llama-3.1, and Qwen-2.5, using...

On the Effectiveness of Instruction-Tuning Local LLMs for Identifying Software Vulnerabilities

Large Language Models LLMs show significant promise in automating software vulnerability analysis, a critical task given the impact of security failure of modern software systems. However, current approaches in using LLMs to automate vulnerability analysis mostly rely on using online API-based LL...

Odysseus: Jailbreaking Commercial Multimodal LLM-Integrated Systems Via Dual Steganography

By integrating language understanding with perceptual modalities such as images, multimodal large language models MLLMs constitute a critical substrate for modern AI systems, particularly intelligent agents operating in open and interactive environments. However, their increasing accessibility al...