PT-2025-31075

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in Comedi subdevice instruction handlers where data elements beyond the first insn-n elements may be accessed in certain cases. The do insn ioctl and do...

Rethinking and Exploring String-Based Malware Family Classification in the Era of LLMs and RAG

Malware Family Classification MFC aims to identify the fine-grained family e.g., GuLoader or BitRAT to which a potential malware sample belongs, in contrast to malware detection or sample classification that predicts only an Yes/No. Accurate family identification can greatly facilitate automated...

When Data-Free Knowledge Distillation Meets Non-Transferable Teacher: Escaping Out-Of-Distribution Trap Is All You Need

Data-free knowledge distillation DFKD transfers knowledge from a teacher to a student without access the real in-distribution ID data. Its common solution is to use a generator to synthesize fake data and use them as a substitute for real ID data. However, existing works typically assume teachers...

Universal and Efficient Detection of Adversarial Data through Nonuniform Impact on Network Layers

Deep Neural Networks DNNs are notoriously vulnerable to adversarial input designs with limited noise budgets. While numerous successful attacks with subtle modifications to original input have been proposed, defense techniques against these attacks are relatively understudied. Existing defense...

Watermarking Quantum Neural Networks Based on Sample Grouped and Paired Training

Quantum neural networks QNNs leverage quantum computing to create powerful and efficient artificial intelligence models capable of solving complex problems significantly faster than traditional computers. With the fast development of quantum hardware technology, such as superconducting qubits,...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream-samples to accommodate stream-nsamples + samplescount elements of type QtDemuxSample. The problem is that samplescount is read from the input file. If th...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds reading has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue occurs when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The...

Computational Attestations of Polynomial Integrity Towards Verifiable Machine-Learning

Machine-learning systems continue to advance at a rapid pace, demonstrating remarkable utility in various fields and disciplines. As these systems continue to grow in size and complexity, a nascent industry is emerging which aims to bring machine-learning-as-a-service MLaaS to market. Outsourcing...

MalGEN: a Generative Agent Framework for Modeling Malicious Software in Cybersecurity

The dual use nature of Large Language Models LLMs presents a growing challenge in cybersecurity. While LLM enhances automation and reasoning for defenders, they also introduce new risks, particularly their potential to be misused for generating evasive, AI crafted malware. Despite this emerging...

STOPA: a Database of Systematic VariaTion of DeePfake Audio for Open-Set Source Tracing and Attribution

A key research area in deepfake speech detection is source tracing - determining the origin of synthesised utterances. The approaches may involve identifying the acoustic model AM, vocoder model VM, or other generation-specific parameters. However, progress is limited by the lack of a dedicated,...

Privacy Leaks by Adversaries: Adversarial Iterations for Membership Inference Attack

Membership inference attack MIA has become one of the most widely used and effective methods for evaluating the privacy risks of machine learning models. These attacks aim to determine whether a specific sample is part of the model's training set by analyzing the model's output. While traditional...

Practical Adversarial Attacks on Stochastic Bandits Via Fake Data Injection

Adversarial attacks on stochastic bandits have traditionally relied on some unrealistic assumptions, such as per-round reward manipulation and unbounded perturbations, limiting their relevance to real-world systems. We propose a more practical threat model, Fake Data Injection, which reflects...

LAMDA: a Longitudinal Android Malware Benchmark for Concept Drift Analysis

Machine learning ML-based malware detection systems often fail to account for the dynamic nature of real-world training and test data distributions. In practice, these distributions evolve due to frequent changes in the Android ecosystem, adversarial development of new malware families, and the...

Mal-D2GAN: Double-Detector Based GAN for Malware Generation

Machine learning ML has been developed to detect malware in recent years. Most researchers focused their efforts on improving the detection performance but ignored the robustness of the ML models. In addition, many machine learning algorithms are very vulnerable to intentional attacks. To solve...

CVE-2024-30915

An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to cause a denial of service and obtain sensitive information via the maxsamples parameter within the DataReaderQoS component...

CVE-2024-30916

An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service DoS and obtain sensitive information via a crafted maxsamples parameter in DurabilityService QoS component...

CVE-2021-2075

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Samples. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP...

Backdoor Cleaning without External Guidance in MLLM Fine-Tuning

Multimodal Large Language Models MLLMs are increasingly deployed in fine-tuning-as-a-service FTaaS settings, where user-submitted datasets adapt general-purpose models to downstream tasks. This flexibility, however, introduces serious security risks, as malicious fine-tuning can implant backdoors...

Is Artificial Intelligence Generated Image Detection a Solved Problem?

The rapid advancement of generative models, such as GANs and Diffusion models, has enabled the creation of highly realistic synthetic images, raising serious concerns about misinformation, deepfakes, and copyright infringement. Although numerous Artificial Intelligence Generated Image AIGI...

MalVis: a Large-Scale Image-Based Framework and Dataset for Advancing Android Malware Classification

As technology advances, Android malware continues to pose significant threats to devices and sensitive data. The open-source nature of the Android OS and the availability of its SDK contribute to this rapid growth. Traditional malware detection techniques, such as signature-based, static, and...