AI Security Research Should Better Incentivize Defense Research

This work examines an imbalance in artificial intelligence AI security research: the field tends to produce more work on attacking AI systems than on defending them. Drawing on related academic papers, we find biased attack-to-defense ratios across subfields, including federated learning, speech...

Astra Linux - уязвимость в chromium

The use of “after free” in Speech Recognition in Google Chrome prior to version 107.0.5304.106 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

CVE-2025-33246

NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A successful exploit of this vulnerability might lead to code execution, escalation of privileges,...

CVE-2025-59509

CVE-2025-59509 affects Windows Speech, with the issue described as insertion of sensitive information into data sent by Windows Speech. The impact is local disclosure of information to an authorized attacker. The Connected documents confirm Windows-related fixes and hotpatch updates, but do not p...

CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability

...

CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability

...

CVE-2025-59508

CVE-2025-59508 is reported in Windows Speech as a race-condition in concurrent execution on a shared resource, enabling local privilege escalation for an authorized attacker. The connected NCSC advisory lists Windows Speech CVE-2025-59508 with an impact of obtaining increased rights. Public detai...

CVE-2025-59508 Windows Speech Recognition Elevation of Privilege Vulnerability

...

CVE-2025-59508 Windows Speech Recognition Elevation of Privilege Vulnerability

...

Windows Speech Recognition Information Disclosure Vulnerability

Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally...

Windows Speech Recognition Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Speech allows an authorized attacker to elevate privileges locally...

EUVD-2013-6466

Malware in sbrugna...

EUVD-2014-1806

Malware in sbrugna...

EUVD-2022-43222

Malicious code in bioql PyPI...

Decoding Deception: Understanding Automatic Speech Recognition Vulnerabilities in Evasion and Poisoning Attacks

Recent studies have demonstrated the vulnerability of Automatic Speech Recognition systems to adversarial examples, which can deceive these systems into misinterpreting input speech commands. While previous research has primarily focused on white-box attacks with constrained optimizations, and...

Remote Rowhammer Attack Using Adversarial Observations on Federated Learning Clients

Federated Learning FL has the potential for simultaneous global learning amongst a large number of parallel agents, enabling emerging AI such as LLMs to be trained across demographically diverse data. Central to this being efficient is the ability for FL to perform sparse gradient updates and...

CVE-2023-21342

In RemoteSpeechRecognitionService of RemoteSpeechRecognitionService.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

Cross site scripting

Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path...

Google Chrome < 107.0.5304.106 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 107.0.5304.106. It is, therefore, affected by multiple vulnerabilities as referenced in the 202211stable-channel-update-for-desktop advisory. - Heap buffer overflow in Crashpad in Google Chrome on Android prior to...

May 9, 2023—KB5026372 (OS Build 22621.1702)

May 9, 2023—KB5026372 OS Build 22621.1702 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to find out whe...