EUVD-2023-49086

Malicious code in bioql PyPI...

EUVD-2022-49878

Malicious code in bioql PyPI...

EUVD-2023-40285

Malicious code in bioql PyPI...

EUVD-2021-29305

Malicious code in bioql PyPI...

Dynamic Causal Attack Graph Based Cyber-Security Risk Assessment Framework for CTCS System

Protecting the security of the train control system is a critical issue to ensure the safe and reliable operation of high-speed trains. Scientific modeling and analysis for the security risk is a promising way to guarantee system security. However, the representation and assessment of the...

Binary Diff Summarization Using Large Language Models

Security of software supply chains is necessary to ensure that software updates do not contain maliciously injected code or introduce vulnerabilities that may compromise the integrity of critical infrastructure. Verifying the integrity of software updates involves binary differential analysis...

What 400 Executives Reveal About the Future of AI Adoption

Learn how a Forrester study discovered that most companies are already using AI for competitive differentiation, personalization, and customer retention...

STAF: Leveraging LLMs for Automated Attack Tree-Based Security Test Generation

In modern automotive development, security testing is critical for safeguarding systems against increasingly advanced threats. Attack trees are widely used to systematically represent potential attack vectors, but generating comprehensive test cases from these trees remains a labor-intensive,...

Reproducing a Security Risk Assessment Using Computer Aided Design

Security risk assessment is essential in establishing the trustworthiness and reliability of modern systems. While various security risk assessment approaches exist, prevalent applications are "pen and paper" implementations that -- even if performed digitally using computers -- remain prone to...

How Far Are We? an Empirical Analysis of Current Vulnerability Localization Approaches

Open-source software vulnerability patch detection is a critical component for maintaining software security and ensuring software supply chain integrity. Traditional manual detection methods face significant scalability challenges when processing large volumes of commit histories, while being...

Microsoft Defender delivered 242% return on investment over three years​​

The latest Forrester Total Economic Impact™ TEI study reveals a 242% return on investment ROI over three years for organizations that chose Microsoft Defender. It helps security leaders consolidate tools, reduce overhead, and empower their security operations SecOps teams with operational...

Microsoft Defender delivered 242% return on investment over three years​​

The latest Forrester Total Economic Impact™ TEI study reveals a 242% return on investment ROI over three years for organizations that chose Microsoft Defender. It helps security leaders consolidate tools, reduce overhead, and empower their security operations SecOps teams with operational...

GitHub's Copilot Code Review: Can AI Spot Security Flaws Before You Commit?

As software development practices increasingly adopt AI-powered tools, ensuring that such tools can support secure coding has become critical. This study evaluates the effectiveness of GitHub Copilot's recently introduced code review feature in detecting security vulnerabilities. Using a curated...

Early Approaches to Adversarial Fine-Tuning for Prompt Injection Defense: a 2022 Study of GPT-3 and Contemporary Models

This paper documents early research conducted in 2022 on defending against prompt injection attacks in large language models, providing historical context for the evolution of this critical security domain. This research focuses on two adversarial attacks against Large Language Models LLMs: promp...

Large Language Models for Security Operations Centers: a Comprehensive Survey

Large Language Models LLMs have emerged as powerful tools capable of understanding and generating human-like text, offering transformative potential across diverse domains. The Security Operations Center SOC, responsible for safeguarding digital infrastructure, represents one of these domains. SO...

Establishing a Baseline of Software Supply Chain Security Task Adoption by Software Organizations

Software supply chain attacks have increased exponentially since 2020. The primary attack vectors for supply chain attacks are through: 1 software components; 2 the build infrastructure; and 3 humans a.k.a software practitioners. Software supply chain risk management frameworks provide a list of...

PatchSeeker: Mapping NVD Records to Their Vulnerability-Fixing Commits with LLM Generated Commits and Embeddings

Software vulnerabilities pose serious risks to modern software ecosystems. While the National Vulnerability Database NVD is the authoritative source for cataloging these vulnerabilities, it often lacks explicit links to the corresponding Vulnerability-Fixing Commits VFCs. VFCs encode precise code...

Aspect-Oriented Programming in Secure Software Development: a Case Study of Security Aspects in Web Applications

Security remains a critical challenge in modern web applications, where threats such as unauthorized access, data breaches, and injection attacks continue to undermine trust and reliability. Traditional Object-Oriented Programming OOP often intertwines security logic with business functionality,...

Breaking SafetyCore: Exploring the Risks of On-Device AI Deployment

Due to hardware and software improvements, an increasing number of AI models are deployed on-device. This shift enhances privacy and reduces latency, but also introduces security risks distinct from traditional software. In this article, we examine these risks through the real-world case study of...

GPT-4o-mini Falls for Psychological Manipulation

Interesting experiment: To design their experiment, the University of Pennsylvania researchers tested 2024's GPT-4o-mini model on two requests that it should ideally refuse: calling the user a jerk and giving directions for how to synthesize lidocaine. The researchers created experimental prompts...