447 matches found
Backdoor Attacks on Contrastive Continual Learning for IoT Systems
The Internet of Things IoT systems increasingly depend on continual learning to adapt to non-stationary environments. These environments can include factors such as sensor drift, changing user behavior, device aging, and adversarial dynamics. Contrastive continual learning CCL combines contrastiv...
Exploit for Incorrect Authorization in Qualcomm Aqt1000_Firmware
exploit my rework runnigga go fuck yourself scriptkid. this o...
Reading between the Code Lines: On the Use of Self-Admitted Technical Debt for Security Analysis
Static Analysis Tools SATs are central to security engineering activities, as they enable early identification of code weaknesses without requiring execution. However, their effectiveness is often limited by high false-positive rates and incomplete coverage of vulnerability classes. At the same...
osTicket 1.18.3 Intelligence and Security Analysis Module
This Metasploit auxiliary module is designed for intelligence gathering, security analysis, and vulnerability discovery in osTicket installations. It performs passive and active reconnaissance without direct exploitation and stores results in the Metasploit database for reporting...
XSS-Security-Analysis-HW8
No d...
An Empirical Study on Remote Code Execution in Machine Learning Model Hosting Ecosystems
Model-sharing platforms, such as Hugging Face, ModelScope, and OpenCSG, have become central to modern machine learning development, enabling developers to share, load, and fine-tune pre-trained models with minimal effort. However, the flexibility of these ecosystems introduces a critical security...
LLM Security and Safety: Insights from Homotopy-Inspired Prompt Obfuscation
In this study, we propose a homotopy-inspired prompt obfuscation framework to enhance understanding of security and safety vulnerabilities in Large Language Models LLMs. By systematically applying carefully engineered prompts, we demonstrate how latent model behaviors can be influenced in...
Post-Quantum Secure Aggregation Via Code-Based Homomorphic Encryption
Secure aggregation enables aggregation of inputs from multiple parties without revealing individual contributions to the server or other clients. Existing post-quantum approaches based on homomorphic encryption offer practical efficiency but predominantly rely on lattice-based hardness assumption...
Operational Runtime Behavior Mining for Open-Source Supply Chain Security
Open-source software OSS is a critical component of modern software systems, yet supply chain security remains challenging in practice due to unavailable or obfuscated source code. Consequently, security teams often rely on runtime observations collected from sandboxed executions to investigate...
Malicious code in mui7 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 229ec4207198813ec81b334b0a5ac72c964258b80165cda21a1c25564819ad83 The package mui7 was found to contain malicious code. Source: ghsa-malware 81251ad548d890c9ade683aab8ffd6fb9d307a5e8bf6359d3b31f91080d26e8e Any...
Fickling vulnerable to detection bypass due to "builtins" blindness
Fickling's assessment Fickling started emitting AST nodes for builtins imports in order to match them during analysis https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf. Original report Summary Fickling works by Pickle bytecode -- AST -- Security analysis...
GHSA-H4RM-MM56-XF63 Fickling vulnerable to detection bypass due to "builtins" blindness
Fickling's assessment Fickling started emitting AST nodes for builtins imports in order to match them during analysis https://github.com/trailofbits/fickling/commit/9f309ab834797f280cb5143a2f6f987579fa7cdf. Original report Summary Fickling works by Pickle bytecode -- AST -- Security analysis...
Exposing Hidden Interfaces: LLM-Guided Type Inference for Reverse Engineering MacOS Private Frameworks
Private macOS frameworks underpin critical services and daemons but remain undocumented and distributed only as stripped binaries, complicating security analysis. We present MOTIF, an agentic framework that integrates tool-augmented analysis with a finetuned large language model specialized for...
From Consensus to Chaos: A Vulnerability Assessment of the RAFT Algorithm
In recent decades, the RAFT distributed consensus algorithm has become a main pillar of the distributed systems ecosystem, ensuring data consistency and fault tolerance across multiple nodes. Although the fact that RAFT is well known for its simplicity, reliability, and efficiency, its security...
CellSecInspector: Safeguarding Cellular Networks Via Automated Security Analysis on Specifications
The complexity, interdependence, and rapid evolution of 3GPP specifications present fundamental challenges for ensuring the security of modern cellular networks. Manual reviews and existing automated approaches, which often depend on rule-based parsing or small sets of manually crafted security...
Analyzing Code Injection Attacks on LLM-Based Multi-Agent Systems in Software Development
Agentic AI and Multi-Agent Systems are poised to dominate industry and society imminently. Powered by goal-driven autonomy, they represent a powerful form of generative AI, marking a transition from reactive content generation into proactive multitasking capabilities. As an exemplar, we propose a...
MAL-2025-192677 Malicious code in shakti20261 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a217c3c91ff80edbc760c82358d7d22c5819f0110ccf221e4d3639eb22e08ac7 The package shakti20261 was found to contain malicious code. Source: ghsa-malware e75357912e9e470657d646a2fd23a82c2f23cd2a6d0a987fb5b880eb8fa4c731 An...
Primitive Vector Cipher(PVC): A Hybrid Encryption Scheme Based on the Vector Computational Diffie-Hellman (V-CDH) Problem
This work introduces the Primitive Vector Cipher PVC, a novel hybrid encryption scheme integrating matrix-based cryptography with advanced Diffie-Hellman key exchange. PVC's security is grounded on the established hardness of the Vector Computational Diffie- Hellman V-CDH problem. The two-layered...
📄 Microsoft Windows 11 Build 10.0.22631.6199 Advanced Admin Protection Bypass
This enhanced proof of concept exploit demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privileg...
An Introductory Review of the Theory of Continuous-Variable Quantum Key Distribution: Fundamentals, Protocols, and Security
Continuous-variable quantum key distribution CV-QKD has emerged as a promising approach for secure quantum communication, offering advantages such as high key generation rates, compatibility with standard telecommunication infrastructure, and potential for integration on photonic chips. This revi...