Adversarial Bug Reports As a Security Risk in Language Model-Based Automated Program Repair

Large Language Model LLM - based Automated Program Repair APR systems are increasingly integrated into modern software development workflows, offering automated patches in response to natural language bug reports. However, this reliance on untrusted user input introduces a novel and underexplored...

1965 Cryptanalysis Training Workbook Released by the NSA

In the early 1960s, National Security Agency cryptanalyst and cryptanalysis instructor Lambros D. Callimahos coined the term "Stethoscope" to describe a diagnostic computer program used to unravel the internal structure of pre-computer ciphertexts. The term appears in the newly declassified...

Exploit for CVE-2025-38676

CVE-2025-38676 — Linux Kernel ≤ 6.17-rc2 AMD IOMMU stack buf...

Every Keystroke You Make: a Tech-Law Measurement and Analysis of Event Listeners for Wiretapping

The privacy community has a long track record of investigating emerging types of web tracking techniques. Recent work has focused on compliance of web trackers with new privacy laws such as Europe's GDPR and California's CCPA. Despite the growing body of research documenting widespread lack of...

Towards Principled Analysis and Mitigation of Space Cyber Risks

Space infrastructures have become an underpinning of modern society, but their associated cyber risks are little understood. This Dissertation advances the state-of-the-art via four contributions. i It introduces an innovative framework for characterizing real-world cyber attacks against space...

False Data-Injection Attack Detection in Cyber-Physical Systems: a Wasserstein Distributionally Robust Reachability Optimization Approach

Cyber-physical system CPS is the foundational backbone of modern critical infrastructures, so ensuring its security and resilience against cyber-attacks is of pivotal importance. This paper addresses the challenge of designing anomaly detectors for CPS under false-data injection FDI attacks and...

MAL-2025-34872 Malicious code in test-mlw2-ameba-study (npm)

The package test-mlw2-ameba-study was found to contain malicious code...

Malicious code in test-mlw2-ameba-study (npm)

The package test-mlw2-ameba-study was found to contain malicious code...

Attack Pattern Mining to Discover Hidden Threats to Industrial Control Systems

This work focuses on validation of attack pattern mining in the context of Industrial Control System ICS security. A comprehensive security assessment of an ICS requires generating a large and variety of attack patterns. For this purpose we have proposed a data driven technique to generate attack...

PhishParrot: LLM-Driven Adaptive Crawling to Unveil Cloaked Phishing Sites

Phishing attacks continue to evolve, with cloaking techniques posing a significant challenge to detection efforts. Cloaking allows attackers to display phishing sites only to specific users while presenting legitimate pages to security crawlers, rendering traditional detection systems ineffective...

PT-2025-31742 · Undefined · Undefined

🔥 Urgent Kubernetes Patch Alert! CVE-2025-02350-2 allows host-level breaches in SUSE environments. ✅ Step-by-step hardening guide + real-world case study. Read more:👉 https://t.co/6fS6OlKnna https://t.co/WvXf5cXWCi...

Secure Coding for Web Applications: Frameworks, Challenges, and the Role of LLMs

Secure coding is a critical yet often overlooked practice in software development. Despite extensive awareness efforts, real-world adoption remains inconsistent due to organizational, educational, and technical barriers. This paper provides a comprehensive review of secure coding practices across...

Interpretable Anomaly-Based DDoS Detection in AI-RAN with XAI and LLMs

Next generation Radio Access Networks RANs introduce programmability, intelligence, and near real-time control through intelligent controllers, enabling enhanced security within the RAN and across broader 5G/6G infrastructures. This paper presents a comprehensive survey highlighting opportunities...

Exploring the Jupyter Ecosystem: an Empirical Study of Bugs and Vulnerabilities

Background. Jupyter notebooks are one of the main tools used by data scientists. Notebooks include features configuration scripts, markdown, images, etc. that make them challenging to analyze compared to traditional software. As a result, existing software engineering models, tools, and studies d...

Cyber Security of Mega Events: a Case Study of Securing the Digital Infrastructure for MahaKumbh 2025 -- a 45 Days Mega Event of 600 Million Footfalls

Mega events such as the Olympics, World Cup tournaments, G-20 Summit, religious events such as MahaKumbh are increasingly digitalized. From event ticketing, vendor booth or lodging reservations, sanitation, event scheduling, customer service, crime reporting, media streaming and messaging on...

Mitigating Trojanized Prompt Chains in Educational LLM Use Cases: Experimental Findings and Detection Tool Design

The integration of Large Language Models LLMs in K--12 education offers both transformative opportunities and emerging risks. This study explores how students may Trojanize prompts to elicit unsafe or unintended outputs from LLMs, bypassing established content moderation systems with safety...

An Adversarial Quantum Key Distribution Project

Quantum key distribution QKD is a popular introduction to quantum technologies used in education and public outreach, as very little background in quantum theory is needed and the practical applications are easily understood. There is considerably less exposure to the many real-world consideratio...

New Study Shows Google Tracking Persists Even With Privacy Tools

A new SafetyDetectives study reveals the surprising extent of Google tracking across the web in the US, UK, Switzerland, and Sweden. Discover how Google Analytics, AdSense, and YouTube embeds collect your data, even when using DuckDuckGo...

ARPaCCino: an Agentic-RAG for Policy As Code Compliance

Policy as Code PaC is a paradigm that encodes security and compliance policies into machine-readable formats, enabling automated enforcement in Infrastructure as Code IaC environments. However, its adoption is hindered by the complexity of policy languages and the risk of misconfigurations. In th...

Can Large Language Models Improve Phishing Defense? A Large-Scale Controlled Experiment on Warning Dialogue Explanations

Phishing has become a prominent risk in modern cybersecurity, often used to bypass technological defences by exploiting predictable human behaviour. Warning dialogues are a standard mitigation measure, but the lack of explanatory clarity and static content limits their effectiveness. In this pape...