GHSA-PQ2F-X424-6FJM mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

A Systematic Literature Review for Transformer-Based Software Vulnerability Detection

Context: Software vulnerabilities pose significant security threats to software systems, especially as software is increasingly used across many areas of daily life, including health, government, and finance. Recently, transformer-based models have demonstrated promising results in automatic...

Hierarchical Deep Fusion Framework for Multi-Dimensional Facial Forgery Detection - the 2024 Global Deepfake Image Detection Challenge

The proliferation of sophisticated deepfake technology poses significant challenges to digital security and authenticity. Detecting these forgeries, especially across a wide spectrum of manipulation techniques, requires robust and generalized models. This paper introduces the Hierarchical Deep...

PYSEC-2025-141

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...

PT-2025-36532

Name of the Vulnerable Software and Affected Versions: MONAI versions up to and including 1.5.0 Description: MONAI is an AI toolkit for health care imaging. The software contains insecure model loading methods that can trigger a deserialization vulnerability, potentially leading to code execution...

"Energon": Unveiling Transformers from GPU Power and Thermal Side-Channels

Transformers have become the backbone of many Machine Learning ML applications, including language translation, summarization, and computer vision. As these models are increasingly deployed in shared Graphics Processing Unit GPU environments via Machine Learning as a Service MLaaS, concerns aroun...

The Hidden Weaknesses in AI SOC Tools that No One Talks About

If you're evaluating AI-powered SOC platforms, you've likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might...

Adversarial Text Generation with Dynamic Contextual Perturbation

Adversarial attacks on Natural Language Processing NLP models expose vulnerabilities by introducing subtle perturbations to input text, often leading to misclassification while maintaining human readability. Existing methods typically focus on word-level or local text segment alterations,...

Sylva: Tailoring Personalized Adversarial Defense in Pre-Trained Models Via Collaborative Fine-Tuning

Whitepaper called Sylva: Tailoring Personalized Adversarial Defense In Pre-Trained Models Via Collaborative Fine-Tuning...

Protocol-Agnostic and Data-Free Backdoor Attacks on Pre-Trained Models in RF Fingerprinting

While supervised deep neural networks DNNs have proven effective for device authentication via radio frequency RF fingerprinting, they are hindered by domain shift issues and the scarcity of labeled data. The success of large language models has led to increased interest in unsupervised pre-train...

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks

A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service DoS attacks. "To better interact with users, a wide range of database applications employ AI...