81 matches found
Monitoring Decomposition Attacks in LLMs with Lightweight Sequential Monitors
Current LLM safety defenses fail under decomposition attacks, where a malicious goal is decomposed into benign subtasks that circumvent refusals. The challenge lies in the existing shallow safety alignment techniques: they only detect harm in the immediate prompt and do not reason about long-rang...
What Is the Cost of Differential Privacy for Deep Learning-Based Trajectory Generation?
While location trajectories offer valuable insights, they also reveal sensitive personal information. Differential Privacy DP offers formal protection, but achieving a favourable utility-privacy trade-off remains challenging. Recent works explore deep learning-based generative models to produce...
Interpreting Agent Behaviors in Reinforcement-Learning-Based Cyber-Battle Simulation Platforms
We analyze two open source deep reinforcement learning agents submitted to the CAGE Challenge 2 cyber defense challenge, where each competitor submitted an agent to defend a simulated network against each of several provided rules-based attack agents. We demonstrate that one can gain...
WordPress HyperComments 1.2.2 Privilege Escalation
WordPress HyperComments plugin versions 1.2.2 and below suffer from an unauthenticated remote privilege escalation vulnerability...
Towards Lifecycle Unlearning Commitment Management: Measuring Sample-Level Unlearning Completeness
Growing concerns over data privacy and security highlight the importance of machine unlearning--removing specific data influences from trained models without full retraining. Techniques like Membership Inference Attacks MIAs are widely used to externally assess successful unlearning. However,...
Attention Knows Whom to Trust: Attention-Based Trust Management for LLM Multi-Agent Systems
Large Language Model-based Multi-Agent Systems LLM-MAS have demonstrated strong capabilities in solving complex tasks but remain vulnerable when agents receive unreliable messages. This vulnerability stems from a fundamental gap: LLM agents treat all incoming messages equally without evaluating...
Does Johnny Get the Message? Evaluating Cybersecurity Notifications for Everyday Users
Due to the increasing presence of networked devices in everyday life, not only cybersecurity specialists but also end users benefit from security applications such as firewalls, vulnerability scanners, and intrusion detection systems. Recent approaches use large language models LLMs to rewrite...
IRCopilot: Automated Incident Response with Large Language Models
Incident response plays a pivotal role in mitigating the impact of cyber attacks. In recent years, the intensity and complexity of global cyber threats have grown significantly, making it increasingly challenging for traditional threat detection and incident response methods to operate effectivel...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect...
A Private Approximation of the 2nd-Moment Matrix of Any Subsamplable Input
We study the problem of differentially private second moment estimation and present a new algorithm that achieve strong privacy-utility trade-offs even for worst-case inputs under subsamplability assumptions on the data. We call an input $m,α,β$-subsamplable if a random subsample of size $m$ or...
Ensure That the Group Names Are Unique
The user group names in /etc/group must be unique. If user group names in /etc/group are duplicate, only the GID of the first user group in /etc/group is valid. If the administrator runs commands such as useradd or groupadd to add users or user groups, duplicate user group names typically do not...
AI-Driven Security in Cloud Computing: Enhancing Threat Detection, Automated Response, and Cyber Resilience
Cloud security concerns have been greatly realized in recent years due to the increase of complicated threats in the computing world. Many traditional solutions do not work well in real-time to detect or prevent more complex threats. Artificial intelligence is today regarded as a revolution in...
Give LLMs a Security Course: Securing Retrieval-Augmented Code Generation Via Knowledge Injection
Retrieval-Augmented Code Generation RACG leverages external knowledge to enhance Large Language Models LLMs in code synthesis, improving the functional correctness of the generated code. However, existing RACG systems largely overlook security, leading to substantial risks. Especially, the...
BELL-CVE-2025-1152
Bulletin has no description...
CISA: Microsoft Expanded Cloud Logs Implementation Playbook
This playbook provides a detailed overview of the newly introduced logging capabilities in Microsoft Purview Audit Standard. These capabilities enable organizations to conduct forensic and compliance investigations by accessing critical events...
OESA-2024-1647 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction memcpy is called in a loop while 'operation-length' upper bound is not checked and 'dataidx'...
Exploit for Cross-site Scripting in Ritecms
🛡️ CVE-2024-28623 – XSS Vulnerability in RiteCMS v3.0.0 🔍...
openssl: Possible DoS translating ASN.1 object identifiers
A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when...
Exploit for Incorrect Authorization in Canonical Ubuntu_Linux
PoC exploit for CVE-2023-2640 and CVE-2023-32629, two vulnerabil...
Exploit for Command Injection in Totolink A3700R_Firmware
repo POC: - CVE-2023-46574 - CVE-2023-6612...