AoI-Guided Client Selection for Robust and Timely Federated Intrusion Detection in Cloud-Edge Security Analytics

Federated learning FL is attractive for cloud-edge intrusion detection because it enables collaborative training over distributed telemetry without centralizing raw logs. In production security analytics pipelines, however, only a subset of clients participates in each round, and heterogeneous...

Stealthy Poisoning Attacks Bypass Defenses in Regression Settings

Regression models are widely used in industrial processes, engineering and in natural and physical sciences, yet their robustness to poisoning has received less attention. When it has, studies often assume unrealistic threat models and are thus less useful in practice. In this paper, we propose a...

CVE-2022-33989

dproxy-nexgen aka dproxy nexgen uses a static UDP source port selected randomly only at boot time in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks...

EUVD-2008-5207

Malware in sbrugna...

EUVD-2013-1174

Malware in sbrugna...

EUVD-2024-46429

Malicious code in bioql PyPI...

Decoding Deception: Understanding Automatic Speech Recognition Vulnerabilities in Evasion and Poisoning Attacks

Recent studies have demonstrated the vulnerability of Automatic Speech Recognition systems to adversarial examples, which can deceive these systems into misinterpreting input speech commands. While previous research has primarily focused on white-box attacks with constrained optimizations, and...

A Systematic Evaluation of Parameter-Efficient Fine-Tuning Methods for the Security of Code LLMs

Code-generating Large Language Models LLMs significantly accelerate software development. However, their frequent generation of insecure code presents serious risks. We present a comprehensive evaluation of seven parameter-efficient fine-tuning PEFT techniques, demonstrating substantial gains in...

On the Security and Privacy of Federated Learning: a Survey with Attacks, Defenses, Frameworks, Applications, and Future Directions

Federated Learning FL is an emerging distributed machine learning paradigm enabling multiple clients to train a global model collaboratively without sharing their raw data. While FL enhances data privacy by design, it remains vulnerable to various security and privacy threats. This survey provide...

The Hidden Threat in Plain Text: Attacking RAG Data Loaders

Large Language Models LLMs have transformed human-machine interaction since ChatGPT's 2022 debut, with Retrieval-Augmented Generation RAG emerging as a key framework that enhances LLM outputs by integrating external knowledge. However, RAG's reliance on ingesting external documents introduces new...

Generalization under Byzantine and Poisoning Attacks: Tight Stability Bounds in Robust Distributed Learning

Whitepaper called Generalization Under Byzantine and Poisoning Attacks: Tight Stability Bounds In Robust Distributed Learning...

Hacklink Market Linked to SEO Poisoning Attacks in Google Results

Cybersecurity researchers at Netcraft have discovered a series of new SEO poisoning related attacks exploiting Google’s search results…...

Joint-GCG: Unified Gradient-Based Poisoning Attacks on Retrieval-Augmented Generation Systems

Retrieval-Augmented Generation RAG systems enhance Large Language Models LLMs by retrieving relevant documents from external corpora before generating responses. This approach significantly expands LLM capabilities by leveraging vast, up-to-date external knowledge. However, this reliance on...

Benchmarking Poisoning Attacks against Retrieval-Augmented Generation

Retrieval-Augmented Generation RAG has proven effective in mitigating hallucinations in large language models by incorporating external knowledge during inference. However, this integration introduces new security vulnerabilities, particularly to poisoning attacks. Although prior work has explore...

Securing Generative AI: Navigating Risk and Building Resilience

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on CAASM & CDMB Inefficiencies! Generative AI has changed the way ...

Sparsification under Siege: Defending against Poisoning Attacks in Communication-Efficient Federated Learning

Federated Learning FL enables collaborative model training across distributed clients while preserving data privacy, yet it faces significant challenges in communication efficiency and vulnerability to poisoning attacks. While sparsification techniques mitigate communication overhead by...

Traceback of Poisoning Attacks to Retrieval-Augmented Generation

Large language models LLMs integrated with retrieval-augmented generation RAG systems improve accuracy by leveraging external knowledge sources. However, recent research has revealed RAG's susceptibility to poisoning attacks, where the attacker injects poisoned texts into the knowledge database,...

Secure Transfer Learning: Training Clean Models against Backdoor in (Both) Pre-Trained Encoders and Downstream Datasets

Transfer learning from pre-trained encoders has become essential in modern machine learning, enabling efficient model adaptation across diverse tasks. However, this combination of pre-training and downstream adaptation creates an expanded attack surface, exposing models to sophisticated backdoor...

Over 800 npm Packages Found with Discrepancies, 18 Exploit 'Manifest Confusion'

New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest confusion. The findings come from cybersecurity firm JFrog, which said the issue could be exploited by...

CVE-2024-1226 Multiple vulnerabilities in Rejetto's Http File Server

The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker could control the...