8 matches found
The Authorization-Execution Gap Is a Major Safety and Security Problem in Open-World Agents
This position paper argues that the Authorization-Execution Gap AEG is a major safety and security problem in open-world agents. The AEG is the divergence between what a principal intends to authorize and what an open-world agent ultimately executes. Because such agents act autonomously across...
KryptoPilot: An Open-World Knowledge-Augmented LLM Agent for Automated Cryptographic Exploitation
Capture-the-Flag CTF competitions play a central role in modern cybersecurity as a platform for training practitioners and evaluating offensive and defensive techniques derived from real-world vulnerabilities. Despite recent advances in large language models LLMs, existing LLM-based agents remain...
Beyond a Single Perspective: Towards a Realistic Evaluation of Website Fingerprinting Attacks
Website Fingerprinting WF attacks exploit patterns in encrypted traffic to infer the websites visited by users, posing a serious threat to anonymous communication systems. Although recent WF techniques achieve over 90% accuracy in controlled experimental settings, most studies remain confined to...
Unlearning-Enhanced Website Fingerprinting Attack: against Backdoor Poisoning in Anonymous Networks
Website Fingerprinting WF is an effective tool for regulating and governing the dark web. However, its performance can be significantly degraded by backdoor poisoning attacks in practical deployments. This paper aims to address the problem of hidden backdoor poisoning attacks faced by Website...
‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles
An Elasticsearch server holding personal data of 6 million players of the popular mobile game Battle for the Galaxy was discovered insecure and containing over 1 terabyte of unencrypted data, meaning anyone with a link could access data stored on the repository. Ethical hackers WizCase found the...
PwnAdventure3 - Game Open-World MMORPG Intentionally Vulnerable To Hacks
Pwnie Island is a limited-release, first-person, true open-world MMORPG set on a beautiful island where anything could happen. That's because this game is intentionally vulnerable to all kinds of silly hacks! Flying, endless cash, and more are all one client change or network proxy away. Are you...
old.openworld.gov XSS vulnerability
Open Bug Bounty ID: OBB-392867 Description| Value ---|--- Affected Website:| old.openworld.gov Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Bad Nerd - Open World RPG - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Bad Nerd - Open World RPG published at the 'play' market has multiple vulnerabilities...