Family group chats: Your (very last) line of cyber defense

Welcome to this week's edition of the Threat Source newsletter, and happy Cybersecurity Awareness Month. Like everyone under the age of 35 who has at least one father, my dad sends me advice on online safety at least once a week. Does he work in information security? No. He's a recently retired...

RLCracker: Exposing the Vulnerability of LLM Watermarks with Adaptive RL Attacks

Large Language Models LLMs watermarking has shown promise in detecting AI-generated content and mitigating misuse, with prior work claiming robustness against paraphrasing and text editing. In this paper, we argue that existing evaluations are not sufficiently adversarial, obscuring critical...

WordPress plugin Pro Bulk Watermark 安全漏洞

WordPress Pro Bulk Watermark plugin is an image watermark plugin designed for WordPress websites, mainly used to add custom watermarks to uploaded images in bulk, supporting text and image watermark types. A path traversal vulnerability exists in WordPress Pro Bulk Watermark plugin, which can be...

Multi-Use LLM Watermarking and the False Detection Problem

Digital watermarking is a promising solution for mitigating some of the risks arising from the misuse of automatically generated text. These approaches either embed non-specific watermarks to allow for the detection of any text generated by a particular sampler, or embed specific keys that allow...

SoK: Are Watermarks in LLMs Ready for Deployment?

Large Language Models LLMs have transformed natural language processing, demonstrating impressive capabilities across diverse tasks. However, deploying these models introduces critical risks related to intellectual property violations and potential misuse, particularly as adversaries can imitate...

PoLO: Proof-Of-Learning and Proof-Of-Ownership at Once with Chained Watermarking

Machine learning models are increasingly shared and outsourced, raising requirements of verifying training effort Proof-of-Learning, PoL to ensure claimed performance and establishing ownership Proof-of-Ownership, PoO for transactions. When models are trained by untrusted parties, PoL and PoO mus...

Removing Watermarks with Partial Regeneration Using Semantic Information

As AI-generated imagery becomes ubiquitous, invisible watermarks have emerged as a primary line of defense for copyright and provenance. The newest watermarking schemes embed semantic signals - content-aware patterns that are designed to survive common image manipulations - yet their true...

GenPTW: In-Generation Image Watermarking for Provenance Tracing and Tamper Localization

The rapid development of generative image models has brought tremendous opportunities to AI-generated content AIGC creation, while also introducing critical challenges in ensuring content authenticity and copyright ownership. Existing image watermarking methods, though partially effective, often...

DataPatrol 安全漏洞

DataPatrol is a data security software solution from DataPatrol, Inc. designed to help organizations prevent internal data leaks by implementing visible watermarks on files A security vulnerability exists in DataPatrol version 3.5.2.0 that originates in a physical neighbor where an attacker could...

Malicious code in image-watermarks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 696779031d179d99d69d2fd89de3ae89e25e8bc093c528000aeb73c0bf7525f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2260 Malicious code in image-watermarks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 696779031d179d99d69d2fd89de3ae89e25e8bc093c528000aeb73c0bf7525f7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-50219

...

CVE-2024-1994

CVE-2024-1994 affects the Image Watermark WordPress plugin; due to a missing capability check in watermark_action_ajax(), authenticated users with subscriber level access and higher can apply or remove watermarks in all versions up to 1.7.3. Impact: data modification (watermarking) of images. Aff...

Web beacons on websites and in e-mail

There is a vast number of trackers, which gather information about users activities online. For all intents and purposes, we have grown accustomed to online service providers, marketing agencies, and analytical companies tracking our every mouse click, our social posts, browser and streaming...

Nextcloud: Secure view trivial to bypass

The secure view feature in Nextcloud was vulnerable to bypassing, allowing users to download files without watermarks. This was possible by using the richdocuments app and adding "/contents" to the URL. The checkbox indicating that downloading is not allowed was misleading, and a solution could b...

Unspecified Vulnerability in Printchaser

Printchaser is a solution from Informer Technologies that enables companies to sense and track the dangers of unauthorized information outflow by applying print log management and monitoring as well as inserting watermarks into printouts from office PCs. Printchaser has a security vulnerability...

CVE-2020-8856

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit PhantomPDF Memory Error Reference Remote Code Execution Vulnerability (CNVD-2020-07240)

PhantomPDF is a Chinese Foxit Foxit company for enterprise-level users of PDF document processing software. A memory error referencing remote code execution vulnerability exists in the handling of watermarks in AcroForms in Foxit PhantomPDF 9.7.0.29455 and earlier versions. The vulnerability stem...

CVE-2020-8856

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...