6907 matches found
Gentoo Linux Security Advisory 201607-04
Gentoo Linux Security Advisory 201607-04 - Multiple vulnerabilities have been found in GD, the worst of which allows remote attackers to execute arbitrary code. Versions less than 2.2.2 are affected...
Finetuning-Activated Backdoors in LLMs
Finetuning openly accessible Large Language Models LLMs has become standard practice for achieving task-specific performance improvements. Until now, finetuning has been regarded as a controlled and secure process in which training on benign datasets led to predictable behaviors. In this paper, w...
Invisible Tokens, Visible Bills: the Urgent Need to Audit Hidden Operations in Opaque LLM Services
Whitepaper called Invisible Tokens, Visible Bills: The Urgent Need To Audit Hidden Operations In Opaque LLM Services...
Architectural Backdoors for Within-Batch Data Stealing and Model Inference Manipulation
For nearly a decade the academic community has investigated backdoors in neural networks, primarily focusing on classification tasks where adversaries manipulate the model prediction. While demonstrably malicious, the immediate real-world impact of such prediction-altering attacks has remained...
Verifiable Deep Learning Inference on an Untrusted Party
Whitepaper called Verifiable Deep Learning Inference On An Untrusted Party...
Gentoo Linux Security Advisory 201908-26
Gentoo Linux Security Advisory 201908-26 - Multiple vulnerabilities have been found in libofx, the worst of which could result in the arbitrary execution of code. Versions less than 0.9.14 are affected...
MTSA: Multi-Turn Safety Alignment for LLMs through Multi-Round Red-Teaming
Whitepaper called MTSA: Multi-Turn Safety Alignment For LLMs Through Multi-Round Red-Teaming...
Can ChatGPT Perform Image Splicing Detection? A Preliminary Study
Multimodal Large Language Models MLLMs like GPT-4V are capable of reasoning across text and image modalities, showing promise in a variety of complex vision-language tasks. In this preliminary study, we investigate the out-of-the-box capabilities of GPT-4V in the domain of image forensics,...
LLM Access Shield: Domain-Specific LLM Framework for Privacy Policy Compliance
Large language models LLMs are increasingly applied in fields such as finance, education, and governance due to their ability to generate human-like text and adapt to specialized tasks. However, their widespread adoption raises critical concerns about data privacy and security, including the risk...
Unlearning Isn'T Deletion: Investigating Reversibility of Machine Unlearning in LLMs
Unlearning in large language models LLMs is intended to remove the influence of specific data, yet current evaluations rely heavily on token-level metrics such as accuracy and perplexity. We show that these metrics can be misleading: models often appear to forget, but their original behavior can ...
SuperPure: Efficient Purification of Localized and Distributed Adversarial Patches Via Super-Resolution GAN Models
As vision-based machine learning models are increasingly integrated into autonomous and cyber-physical systems, concerns about physical adversarial patch attacks are growing. While state-of-the-art defenses can achieve certified robustness with minimal impact on utility against highly-concentrate...
Understanding the Security Landscape of Embedded Non-Volatile Memories: a Comprehensive Survey
The modern semiconductor industry requires memory solutions that can keep pace with the high-speed demands of high-performance computing. Embedded non-volatile memories eNVMs address these requirements by offering faster access to stored data at an improved computational throughput and efficiency...
Timestamp Manipulation: Timestamp-Based Nakamoto-Style Blockchains Are Vulnerable
Nakamoto consensus are the most widely adopted decentralized consensus mechanism in cryptocurrency systems. Since it was proposed in 2008, many studies have focused on analyzing its security. Most of them focus on maximizing the profit of the adversary. Examples include the selfish mining attack ...
Poster: Towards an Automated Security Testing Framework for Industrial UEs
With the ongoing adoption of 5G for communication in industrial systems and critical infrastructure, the security of industrial UEs such as 5G-enabled industrial robots becomes an increasingly important topic. Most notably, to meet the stringent security requirements of industrial deployments,...
An End-To-End Model for Logits Based Large Language Models Watermarking
The rise of LLMs has increased concerns over source tracing and copyright protection for AIGC, highlighting the need for advanced detection technologies. Passive detection methods usually face high false positives, while active watermarking techniques using logits or sampling manipulation offer...
Compile-Time Fully Homomorphic Encryption of Vectors: Eliminating Online Encryption Via Algebraic Basis Synthesis
Whitepaper called Compile-Time Fully Homomorphic Encryption Of Vectors: Eliminating Online Encryption Via Algebraic Basis Synthesis...
BadVLA: Towards Backdoor Attacks on Vision-Language-Action Models Via Objective-Decoupled Optimization
Vision-Language-Action VLA models have advanced robotic control by enabling end-to-end decision-making directly from multimodal inputs. However, their tightly coupled architectures expose novel security vulnerabilities. Unlike traditional adversarial perturbations, backdoor attacks represent a...
CAIN: Hijacking LLM-Humans Conversations Via a Two-Stage Malicious System Prompt Generation and Refining Framework
Large language models LLMs have advanced many applications, but are also known to be vulnerable to adversarial attacks. In this work, we introduce a novel security threat: hijacking AI-human conversations by manipulating LLMs' system prompts to produce malicious answers only to specific targeted...
LLM-BSCVM: an LLM-Based Blockchain Smart Contract Vulnerability Management Framework
Smart contracts are a key component of the Web 3.0 ecosystem, widely applied in blockchain services and decentralized applications. However, the automated execution feature of smart contracts makes them vulnerable to potential attacks due to inherent flaws, which can lead to severe security risks...
Password Strength Detection Via Machine Learning: Analysis, Modeling, and Evaluation
As network security issues continue gaining prominence, password security has become crucial in safeguarding personal information and network systems. This study first introduces various methods for system password cracking, outlines password defense strategies, and discusses the application of...
Language-Based Security and Time-Inserting Supervisor
Algebraic methods are employed in order to define language-based security properties of processes. A supervisor is introduced that can disable unwanted behavior of an insecure process by controlling some of its actions or by inserting timed actions to make an insecure process secure. We assume a...
Enhancing Meme Token Market Transparency: a Multi-Dimensional Entity-Linked Address Analysis for Liquidity Risk Evaluation
Meme tokens represent a distinctive asset class within the cryptocurrency ecosystem, characterized by high community engagement, significant market volatility, and heightened vulnerability to market manipulation. This paper introduces an innovative approach to assessing liquidity risk in meme tok...
CTRAP: Embedding Collapse Trap to Safeguard Large Language Models from Harmful Fine-Tuning
Fine-tuning-as-a-service, while commercially successful for Large Language Model LLM providers, exposes models to harmful fine-tuning attacks. As a widely explored defense paradigm against such attacks, unlearning attempts to remove malicious knowledge from LLMs, thereby essentially preventing th...
Mitigating Fine-Tuning Risks in LLMs Via Safety-Aware Probing Optimization
The significant progress of large language models LLMs has led to remarkable achievements across numerous applications. However, their ability to generate harmful content has sparked substantial safety concerns. Despite the implementation of safety alignment techniques during the pre-training...
Harry Potter Is Still Here! Probing Knowledge Leakage in Targeted Unlearned Large Language Models Via Automated Adversarial Prompting
This work presents LURK Latent UnleaRned Knowledge, a novel framework that probes for hidden retained knowledge in unlearned LLMs through adversarial suffix prompting. LURK automatically generates adversarial prompt suffixes designed to elicit residual knowledge about the Harry Potter domain, a...
LogStamping: a Blockchain-Based Log Auditing Approach for Large-Scale Systems
Log management is crucial for ensuring the security, integrity, and compliance of modern information systems. Traditional log management solutions face challenges in achieving tamper-proofing, scalability, and real-time processing in distributed environments. This paper presents a blockchain-base...
Unsupervised Network Anomaly Detection with Autoencoders and Traffic Images
Due to the recent increase in the number of connected devices, the need to promptly detect security issues is emerging. Moreover, the high number of communication flows creates the necessity of processing huge amounts of data. Furthermore, the connected devices are heterogeneous in nature, having...
A Scalable Hierarchical Intrusion Detection System for Internet of Vehicles
Due to its nature of dynamic, mobility, and wireless data transfer, the Internet of Vehicles IoV is prone to various cyber threats, ranging from spoofing and Distributed Denial of Services DDoS attacks to malware. To safeguard the IoV ecosystem from intrusions, malicious activities, policy...
VIVID: a Novel Approach to Remediation Prioritization in Static Application Security Testing (SAST)
Static Application Security Testing SAST enables organizations to detect vulnerabilities in code early; however, major SAST platforms do not include visual aids and present little insight on correlations between tainted data chains. We propose VIVID - Vulnerability Information Via Data flow - a...
Advancing Security with Digital Twins: a Comprehensive Survey
The proliferation of electronic devices has greatly transformed every aspect of human life, such as communication, healthcare, transportation, and energy. Unfortunately, the global electronics supply chain is vulnerable to various attacks, including piracy of intellectual properties, tampering,...
Privacy-Aware Cyberterrorism Network Analysis Using Graph Neural Networks and Federated Learning
Cyberterrorism poses a formidable threat to digital infrastructures, with increasing reliance on encrypted, decentralized platforms that obscure threat actor activity. To address the challenge of analyzing such adversarial networks while preserving the privacy of distributed intelligence data, we...
ReCopilot: Reverse Engineering Copilot in Binary Analysis
Binary analysis plays a pivotal role in security domains such as malware detection and vulnerability discovery, yet it remains labor-intensive and heavily reliant on expert knowledge. General-purpose large language models LLMs perform well in programming analysis on source code, while...
GRAudit Grep Auditing Tool 3.9
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very...
Vehicular Intrusion Detection System for Controller Area Network: a Comprehensive Survey and Evaluation
The progress of automotive technologies has made cybersecurity a crucial focus, leading to various cyber attacks. These attacks primarily target the Controller Area Network CAN and specialized Electronic Control Units ECUs. In order to mitigate these attacks and bolster the security of vehicular...
WordPress Madara 2.2.2 Local File Inclusion
WordPress Madara theme versions 2.2.2 and below suffer from a local file inclusion vulnerability...
Secure Parsing and Serializing with Separation Logic Applied to CBOR, CDDL, and COSE
Incorrect handling of security-critical data formats, particularly in low-level languages, are the root cause of many security vulnerabilities. Provably correct parsing and serialization tools that target languages like C can help. Towards this end, we present PulseParse, a library of verified...
TP-Link Archer AX50 Buffer Overflow
The TP-Link Archer AX50 router is vulnerable to a stack-based buffer overflow on its firmware version 1.0.14 Build 20240108 rel.426554555, leading to remote code execution both in the LAN and in the WAN side. This vulnerability is the same as CVE-2020-10881, found by the Flashback team and largel...
Verifying Differentially Private Median Estimation
Differential Privacy DP is a robust privacy guarantee that is widely employed in private data analysis today, finding broad application in domains such as statistical query release and machine learning. However, DP achieves privacy by introducing noise into data or query answers, which malicious...
Interpretable Anomaly Detection in Encrypted Traffic Using SHAP with Machine Learning Models
The widespread adoption of encrypted communication protocols such as HTTPS and TLS has enhanced data privacy but also rendered traditional anomaly detection techniques less effective, as they often rely on inspecting unencrypted payloads. This study aims to develop an interpretable machine...
Consistent and Compatible Modelling of Cyber Intrusions and Incident Response Demonstrated in the Context of Malware Attacks on Critical Infrastructure
Cyber Security Incident Response IR Playbooks are used to capture the steps required to recover from a cyber intrusion. Individual IR playbooks should focus on a specific type of incident and be aligned with the architecture of a system under attack. Intrusion modelling focuses on a specific...
When Safety Detectors Aren'T Enough: a Stealthy and Effective Jailbreak Attack on LLMs Via Steganographic Techniques
Jailbreak attacks pose a serious threat to large language models LLMs by bypassing built-in safety mechanisms and leading to harmful outputs. Studying these attacks is crucial for identifying vulnerabilities and improving model security. This paper presents a systematic survey of jailbreak method...
Invisible Prompts, Visible Threats: Malicious Font Injection in External Resources for Large Language Models
Large Language Models LLMs are increasingly equipped with capabilities of real-time web search and integrated with protocols like Model Context Protocol MCP. This extension could introduce new security vulnerabilities. We present a systematic investigation of LLM vulnerabilities to hidden...
Robust LLM Fingerprinting Via Domain-Specific Watermarks
As open-source language models OSMs grow more capable and are widely shared and finetuned, ensuring model provenance, i.e., identifying the origin of a given model instance, has become an increasingly important issue. At the same time, existing backdoor-based model fingerprinting techniques often...
Adaptive Plan-Execute Framework for Smart Contract Security Auditing
Large Language Models LLMs have shown great promise in code analysis and auditing; however, they still struggle with hallucinations and limited context-aware reasoning. We introduce SmartAuditFlow, a novel Plan-Execute framework that enhances smart contract security analysis through dynamic audit...
DuFFin: a Dual-Level Fingerprinting Framework for LLMs IP Protection
Whitepaper called DuFFin: A Dual-Level Fingerprinting Framework For LLMs IP Protection...
All You Need Is "Leet": Evading Hate-Speech Detection AI
Social media and online forums are increasingly becoming popular. Unfortunately, these platforms are being used for spreading hate speech. In this paper, we design black-box techniques to protect users from hate-speech on online platforms by generating perturbations that can fool state of the art...
Backdoor Cleaning without External Guidance in MLLM Fine-Tuning
Multimodal Large Language Models MLLMs are increasingly deployed in fine-tuning-as-a-service FTaaS settings, where user-submitted datasets adapt general-purpose models to downstream tasks. This flexibility, however, introduces serious security risks, as malicious fine-tuning can implant backdoors...
Dynamic Encryption-Based Cloud Security Model Using Facial Image and Password-Based Key Generation for Multimedia Data
In this cloud-dependent era, various security techniques, such as encryption, steganography, and hybrid approaches, have been utilized in cloud computing to enhance security, maintain enormous storage capacity, and provide ease of access. However, the absence of data type-specific encryption and...
Energy Consumption Framework and Analysis of Post-Quantum Key-Generation on Embedded Devices
The emergence of quantum computing and Shor's algorithm necessitates an imminent shift from current public key cryptography techniques to post-quantum robust techniques. NIST has responded by standardising Post-Quantum Cryptography PQC algorithms, with ML-KEM FIPS-203 slated to replace ECDH...
OpenSSL Security Advisory 20250522
OpenSSL Security Advisory 20250522 - Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate...