Clustering Malware at Scale: A First Full-Benchmark Study

Recent years have shown that malware attacks still happen with high frequency. Malware experts seek to categorize and classify incoming samples to confirm their trustworthiness or prove their maliciousness. One of the ways in which groups of malware samples can be identified is through malware...

JLSEC-2025-284 LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:36...

LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c:3604, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit cfbb883b...

JLSEC-2025-304 A vulnerability was found in the libtiff library

A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c...

How Can We Effectively Use LLMs for Phishing Detection?: Evaluating the Effectiveness of Large Language Model-Based Phishing Detection Models

Large language models LLMs have emerged as a promising phishing detection mechanism, addressing the limitations of traditional deep learning-based detectors, including poor generalization to previously unseen websites and a lack of interpretability. However, LLMs' effectiveness for phishing...

APThreatHunter: An Automated Planning-Based Threat Hunting Framework

Cyber attacks threaten economic interests, critical infrastructure, and public health and safety. To counter this, entities adopt cyber threat hunting, a proactive approach that involves formulating hypotheses and searching for attack patterns within organisational networks. Automating cyber thre...

CVE-2025-61301

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 commit 52e4b43, on 2025-05-17 allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits o...

Injection, Attack and Erasure: Revocable Backdoor Attacks Via Machine Unlearning

Backdoor attacks pose a persistent security risk to deep neural networks DNNs due to their stealth and durability. While recent research has explored leveraging model unlearning mechanisms to enhance backdoor concealment, existing attack strategies still leave persistent traces that may be detect...

EUVD-2012-2770

Malware in sbrugna...

EUVD-2012-2772

Malware in sbrugna...

EUVD-2007-3944

Malware in sbrugna...

EUVD-2009-3966

Malware in sbrugna...

EUVD-2015-8844

Malware in sbrugna...

Adversarial-Resilient RF Fingerprinting: A CNN-GAN Framework for Rogue Transmitter Detection

Radio Frequency Fingerprinting RFF has evolved as an effective solution for authenticating devices by leveraging the unique imperfections in hardware components involved in the signal generation process. In this work, we propose a Convolutional Neural Network CNN based framework for detecting rog...

EUVD-2023-59899

Malicious code in bioql PyPI...

EUVD-2023-52100

Malicious code in bioql PyPI...

From threats to apology, hackers pull child data offline after public backlash

Last week we yelled at some “hackers” that threatened parents after stealing data from their children's nursery. This followed a BBC report that a group calling itself “Radiant” claimed to have stolen sensitive data related to around 8,000 children from nursery chain Kido, which operates in the U...

Hackers threaten parents: Get nursery to pay ransom or we leak your child’s data

Just when you think extortionists can’t sink any lower, along comes a lowlife that manages to surprise you. The BBC reported that a group calling itself "Radiant" claims to have stolen sensitive data related to around 8,000 children from nursery chain Kido, which operates in the UK, US, China, an...

RLCracker: Exposing the Vulnerability of LLM Watermarks with Adaptive RL Attacks

Large Language Models LLMs watermarking has shown promise in detecting AI-generated content and mitigating misuse, with prior work claiming robustness against paraphrasing and text editing. In this paper, we argue that existing evaluations are not sufficiently adversarial, obscuring critical...

CVE-2025-59801

In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xpsunpredicttiff in xpstiff.c because the samplesperpixel value is not checked...

MalEval Android Malware Evaluation Framework

This repository contains the source code of MalEval, an evaluation framework for Android malware behavior auditing, focusing on explaining and substantiating malicious behaviors. The framework provides expert-verified reports, curated metadata, and model outputs to enable reproducible evaluation ...