Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of Materials Graphs

Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials SBOM-based pipelines for security analysis typically treat scanner findings as independent per-CVE Common...

MemoPhishAgent: Memory-Augmented Multi-Modal LLM Agent for Phishing URL Detection

Traditional phishing website detection relies on static heuristics or reference lists, which lag behind rapidly evolving attacks. While recent systems incorporate large language models LLMs, they are still prompt-based, deterministic pipelines that underutilize reasoning capability. We present...

SourceBroken: A Large-Scale Analysis on the (Un)Reliability of SourceRank in the PyPI Ecosystem

SourceRank is a scoring system made of 18 metrics that assess the popularity and quality of open-source packages. Despite being used in several recent studies, none has thoroughly analyzed its reliability against evasion attacks aimed at inflating the score of malicious packages, thereby...

HyMAD: A Hybrid Multi-Activity Detection Approach for Border Surveillance and Monitoring

Seismic sensing has emerged as a promising solution for border surveillance and monitoring; the seismic sensors that are often buried underground are small and cannot be noticed easily, making them difficult for intruders to detect, avoid, or vandalize. This significantly enhances their...

Adversarially Robust and Interpretable Magecart Malware Detection

Magecart skimming attacks have emerged as a significant threat to client-side security and user trust in online payment systems. This paper addresses the challenge of achieving robust and explainable detection of Magecart attacks through a comparative study of various Machine Learning ML models...

WBHT: a Generative Attention Architecture for Detecting Black Hole Anomalies in Backbone Networks

We propose the Wasserstein Black Hole Transformer WBHT framework for detecting black hole BH anomalies in communication networks. These anomalies cause packet loss without failure notifications, disrupting connectivity and leading to financial losses. WBHT combines generative modeling, sequential...

Domain Adaptation for Image Classification of Defects in Semiconductor Manufacturing

In the semiconductor sector, due to high demand but also strong and increasing competition, time to market and quality are key factors in securing significant market share in various application areas. Thanks to the success of deep learning methods in recent years in the computer vision domain,...

Towards Effective Complementary Security Analysis Using Large Language Models

A key challenge in security analysis is the manual evaluation of potential security weaknesses generated by static application security testing SAST tools. Numerous false positives FPs in these reports reduce the effectiveness of security analysis. We propose using Large Language Models LLMs to...

From Thinking to Output: Chain-Of-Thought and Text Generation Characteristics in Reasoning Language Models

Recently, there have been notable advancements in large language models LLMs, demonstrating their growing abilities in complex reasoning. However, existing research largely overlooks a thorough and systematic comparison of these models' reasoning processes and outputs, particularly regarding thei...

A Certified Unlearning Approach without Access to Source Data

With the growing adoption of data privacy regulations, the ability to erase private or copyrighted information from trained models has become a crucial requirement. Traditional unlearning methods often assume access to the complete training dataset, which is unrealistic in scenarios where the...

What does Facebook know about me? (Lock and Code S06E11)

This week on the Lock and Code podcast … There's an easy way to find out what Facebook knows about you—you just have to ask. In 2020, the social media giant launched an online portal that allows all users to access their historical data and to request specific types of information for download...

Privacy-Aware, Public-Aligned: Embedding Risk Detection and Public Values into Scalable Clinical Text De-Identification for Trusted Research Environments

Clinical free-text data offers immense potential to improve population health research such as richer phenotyping, symptom tracking, and contextual understanding of patient care. However, these data present significant privacy risks due to the presence of directly or indirectly identifying...

SimProcess: High Fidelity Simulation of Noisy ICS Physical Processes

Industrial Control Systems ICS manage critical infrastructures like power grids and water treatment plants. Cyberattacks on ICSs can disrupt operations, causing severe economic, environmental, and safety issues. For example, undetected pollution in a water plant can put the lives of thousands at...

A Numerical Gradient Inversion Attack in Variational Quantum Neural-Networks

The loss landscape of Variational Quantum Neural Networks VQNNs is characterized by local minima that grow exponentially with increasing qubits. Because of this, it is more challenging to recover information from model gradients during training compared to classical Neural Networks NNs. In this...

Adversarial Sample Generation for Anomaly Detection in Industrial Control Systems

Machine learning ML-based intrusion detection systems IDS are vulnerable to adversarial attacks. It is crucial for an IDS to learn to recognize adversarial examples before malicious entities exploit them. In this paper, we generated adversarial samples using the Jacobian Saliency Map Attack JSMA...

Enhancing Leakage Attacks on Searchable Symmetric Encryption Using LLM-Based Synthetic Data Generation

Searchable Symmetric Encryption SSE enables efficient search capabilities over encrypted data, allowing users to maintain privacy while utilizing cloud storage. However, SSE schemes are vulnerable to leakage attacks that exploit access patterns, search frequency, and volume information. Existing...

EPSS Decoded: An Examination & Comparison to CVSS

Running short on time but still want to stay in the know? Well, we've got you covered! We've condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all! A Paradigm Shift in Vulnerability Management Vulnerability...

Taxonomy of Generative AI Misuse

Interesting paper: "Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data”: Generative, multimodal artificial intelligence GenAI offers transformative potential across industries, but its misuse poses significant risks. Prior research has shed light on the potential of...

Pantagrule - Large Hashcat Rulesets Generated From Real-World Compromised Passwords

gargantuan hashcat rulesets generated from compromised passwords Project maintenance warning : This project is deemed completed. No pull requests or changes will be made to this project in the future unless they are actual bugs or migrations to allow these rules to work with newer versions of...

Traditional AV solutions shown ineffective in real-time global heat map

It's no secret that antivirus technology AV has faced increased scrutiny in the tech industry for quite some time. With signature-based detection methods, traditional AV solutions are simply weak against unknown malware and other malicious content. Meanwhile, consumers and businesses continue to...