KeyDroid: a Large-Scale Analysis of Secure Key Storage in Android Apps

Most contemporary mobile devices offer hardware-backed storage for cryptographic keys, user data, and other sensitive credentials. Such hardware protects credentials from extraction by an adversary who has compromised the main operating system, such as a malicious third-party app. Since 2011,...

When There Is No Decoder: Removing Watermarks from Stable Diffusion Models in a No-Box Setting

Watermarking has emerged as a promising solution to counter harmful or deceptive AI-generated content by embedding hidden identifiers that trace content origins. However, the robustness of current watermarking techniques is still largely unexplored, raising critical questions about their...

JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation

Deobfuscating JavaScript JS code poses a significant challenge in web security, particularly as obfuscation techniques are frequently used to conceal malicious activities within scripts. While Large Language Models LLMs have recently shown promise in automating the deobfuscation process,...

Towards Provable (In)Secure Model Weight Release Schemes

Recent secure weight release schemes claim to enable open-source model distribution while protecting model ownership and preventing misuse. However, these approaches lack rigorous security foundations and provide only informal security guarantees. Inspired by established works in cryptography, we...

Algorithmic Approaches to Enhance Safety in Autonomous Vehicles: Minimizing Lane Changes and Merging

The rapid advancements in autonomous vehicle AV technology promise enhanced safety and operational efficiency. However, frequent lane changes and merging maneuvers continue to pose significant safety risks and disrupt traffic flow. This paper introduces the Minimizing Lane Change Algorithm MLCA, ...

Characterising Bugs in Jupyter Platform

As a representative literate programming platform, Jupyter is widely adopted by developers, data analysts, and researchers for replication, data sharing, documentation, interactive data visualization, and more. Understanding the bugs in the Jupyter platform is essential for ensuring its...

Tracker Installations Are Not Created Equal: Understanding Tracker Configuration of Form Data Collection

Targeted advertising is fueled by the comprehensive tracking of users' online activity. As a result, advertising companies, such as Google and Meta, encourage website administrators to not only install tracking scripts on their websites but configure them to automatically collect users' Personall...

Exploring Traffic Simulation and Cybersecurity Strategies Using Large Language Models

Intelligent Transportation Systems ITS are increasingly vulnerable to sophisticated cyberattacks due to their complex, interconnected nature. Ensuring the cybersecurity of these systems is paramount to maintaining road safety and minimizing traffic disruptions. This study presents a novel...

Specification and Evaluation of Multi-Agent LLM Systems -- Prototype and Cybersecurity Applications

Recent advancements in LLMs indicate potential for novel applications, e.g., through reasoning capabilities in the latest OpenAI and DeepSeek models. For applying these models in specific domains beyond text generation, LLM-based multi-agent approaches can be utilized that solve complex tasks by...

Evaluation Empirique De La Sécurisation Et De L'Alignement De ChatGPT Et Gemini: Analyse Comparative Des Vulnérabilités Par Expérimentations De Jailbreaks

Large Language models LLMs are transforming digital usage, particularly in text generation, image creation, information retrieval and code development. ChatGPT, launched by OpenAI in November 2022, quickly became a reference, prompting the emergence of competitors such as Google's Gemini. However...

Navigating Cookie Consent Violations across the Globe

Online services provide users with cookie banners to accept/reject the cookies placed on their web browsers. Despite the increased adoption of cookie banners, little has been done to ensure that cookie consent is compliant with privacy laws around the globe. Prior studies have found that cookies...

A Human Study of Cognitive Biases in Web Application Security

Cybersecurity training has become a crucial part of computer science education and industrial onboarding. Capture the Flag CTF competitions have emerged as a valuable, gamified approach for developing and refining the skills of cybersecurity and software engineering professionals. However, while...

CVE-2025-5232 PHPGurukul Student Study Center Management System report.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul Student Study Center Management System 1.0. This issue affects some unknown processing of the file /admin/report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be initiate...

CVE-2025-5232

PHPGurukul Student Study Center Management System 1.0 has a SQL injection in /admin/report.php caused by improper handling of fromdate/todate parameters. The vulnerability is exploitable remotely and has been publicly disclosed; exploitation details are present across multiple sources. Root cause...

PHPGurukul Student Study Center Management System 注入漏洞

PHPGurukul Student Study Center Management System is a student study center management system from PHPGurukul. An injection vulnerability exists in version 1.0 of the PHPGurukul Student Study Center Management System, which is caused by a SQL injection due to incorrect manipulation of the...

PT-2025-22965 · Unknown · Phpgurukul Student Study Center Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Student Study Center Management System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Student Study Center Management System. This issue affects the processing of the file /admin/report.php. The...

Penetration Testing for System Security: Methods and Practical Approaches

Penetration testing refers to the process of simulating hacker attacks to evaluate the security of information systems . This study aims not only to clarify the theoretical foundations of penetration testing but also to explain and demonstrate the complete testing process, including how network...

Usability of Token-Based and Remote Electronic Signatures: a User Experience Study

As electronic signatures e-signatures become increasingly integral to secure digital transactions, understanding their usability and security perception from an end-user perspective has become crucial. This study empirically evaluates and compares two major e-signature systems -- token-based and...

Exemplifying Emerging Phishing: QR-Based Browser-In-The-Browser (BiTB) Attack

Lately, cybercriminals constantly formulate productive approaches to exploit individuals. This article exemplifies an innovative attack, namely QR-based Browser-in-The-Browser BiTB, using proficiencies of Large Language Model LLM i.e. Google Gemini. The presented attack is a fusion of two emergin...

CVE-2024-6807

A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sscdms/classes/Users.php?f=save of the component HTTP POST Request Handler. The manipulation of the argument...