6864 matches found
SAP NetWeaver Visual Composer Metadata Uploader CVE-2025-31324 Scanner
This tool checks to see if the SAP NetWeaver Visual Composer Metadata Uploader component is vulnerable to CVE-2025-31324 and if there are known webshells in the system...
GenPTW: In-Generation Image Watermarking for Provenance Tracing and Tamper Localization
The rapid development of generative image models has brought tremendous opportunities to AI-generated content AIGC creation, while also introducing critical challenges in ensuring content authenticity and copyright ownership. Existing image watermarking methods, though partially effective, often...
AGATE: Stealthy Black-Box Watermarking for Multimodal Model Copyright Protection
Recent advancement in large-scale Artificial Intelligence AI models offering multimodal services have become foundational in AI systems, making them prime targets for model theft. Existing methods select Out-of-Distribution OoD data as backdoor watermarks and retrain the original model for...
On the Prevalence and Usage of Commit Signing on GitHub: a Longitudinal and Cross-Domain Study
GitHub is one of the most widely used public code development platform. However, the code hosted publicly on the platform is vulnerable to commit spoofing that allows an adversary to introduce malicious code or commits into the repository by spoofing the commit metadata to indicate that the code...
FCGHunter: Towards Evaluating Robustness of Graph-Based Android Malware Detection
Graph-based detection methods leveraging Function Call Graphs FCGs have shown promise for Android malware detection AMD due to their semantic insights. However, the deployment of malware detectors in dynamic and hostile environments raises significant concerns about their robustness. While recent...
SAGA: a Security Architecture for Governing AI Agentic Systems
Large Language Model LLM-based agents increasingly interact, collaborate, and delegate tasks to one another autonomously with minimal human interaction. Industry guidelines for agentic system governance emphasize the need for users to maintain comprehensive control over their agents, mitigating...
JailbreaksOverTime: Detecting Jailbreak Attacks under Distribution Shift
Safety and security remain critical concerns in AI deployment. Despite safety training through reinforcement learning with human feedback RLHF 32, language models remain vulnerable to jailbreak attacks that bypass safety guardrails. Universal jailbreaks - prefixes that can circumvent alignment fo...
Comparative Analysis of AI-Driven Security Approaches in DevSecOps: Challenges, Solutions, and Future Directions
The integration of security within DevOps, known as DevSecOps, has gained traction in modern software development to address security vulnerabilities while maintaining agility. Artificial Intelligence AI and Machine Learning ML have been increasingly leveraged to enhance security automation, thre...
GTSD: Generative Text Steganography Based on Diffusion Model
With the rapid development of deep learning, existing generative text steganography methods based on autoregressive models have achieved success. However, these autoregressive steganography approaches have certain limitations. Firstly, existing methods require encoding candidate words according t...
Detecting Speculative Data Flow Vulnerabilities Using Weakest Precondition Reasoning
Speculative execution is a hardware optimisation technique where a processor, while waiting on the completion of a computation required for an instruction, continues to execute later instructions based on a predicted value of the pending computation. It came to the forefront of security research ...
Rational Points and Zeta Functions of Humbert Surfaces with Square Discriminant
Whitepaper called Rational Points And Zeta Functions Of Humbert Surfaces With Square Discriminant...
Provably Secure Public-Key Steganography Based on Admissible Encoding
The technique of hiding secret messages within seemingly harmless covertext to evade examination by censors with rigorous security proofs is known as provably secure steganography PSS. PSS evolves from symmetric key steganography to public-key steganography, functioning without the requirement of...
ChipletQuake: On-Die Digital Impedance Sensing for Chiplet and Interposer Verification
Whitepaper called ChipletQuake: On-Die Digital Impedance Sensing For Chiplet And Interposer Verification...
Evaluating Organization Security: User Stories of European Union NIS2 Directive
The NIS2 directive requires EU Member States to ensure a consistently high level of cybersecurity by setting risk-management measures for essential and important entities. Evaluations are necessary to assess whether the required security level is met. This involves understanding the needs and goa...
Redefining Hybrid Blockchains: a Balanced Architecture
Blockchain technology has completely revolutionized the field of decentralized finance with the emergence of a variety of cryptocurrencies and digital assets. However, widespread adoption of this technology by governments and enterprises has been limited by concerns regarding the technology's...
SONNI: Secure Oblivious Neural Network Inference
In the standard privacy-preserving Machine learning as-a-service MLaaS model, the client encrypts data using homomorphic encryption and uploads it to a server for computation. The result is then sent back to the client for decryption. It has become more and more common for the computation to be...
CipherBank: Exploring the Boundary of LLM Reasoning Capabilities through Cryptography Challenges
Large language models LLMs have demonstrated remarkable capabilities, especially the recent advancements in reasoning, such as o1 and o3, pushing the boundaries of AI. Despite these impressive achievements in mathematics and coding, the reasoning abilities of LLMs in domains requiring cryptograph...
Differentially Private Quasi-Concave Optimization: Bypassing the Lower Bound and Application to Geometric Problems
Whitepaper called Differentially Private Quasi-Concave Optimization: Bypassing The Lower Bound And Application To Geometric Problems...
Graph of Attacks: Improved Black-Box and Interpretable Jailbreaks for LLMs
The challenge of ensuring Large Language Models LLMs align with societal standards is of increasing interest, as these models are still prone to adversarial jailbreaks that bypass their safety mechanisms. Identifying these vulnerabilities is crucial for enhancing the robustness of LLMs against su...
Security Vulnerabilities in Quantum Cloud Systems: a Survey on Emerging Threats
Quantum computing is becoming increasingly widespread due to the potential and capabilities to solve complex problems beyond the scope of classical computers. As Quantum Cloud services are adopted by businesses and research groups, they allow for greater progress and application in many fields...
The Dark Side of the Web: Towards Understanding Various Data Sources in Cyber Threat Intelligence
Cyber threats have become increasingly prevalent and sophisticated. Prior work has extracted actionable cyber threat intelligence CTI, such as indicators of compromise, tactics, techniques, and procedures TTPs, or threat feeds from various sources: open source data e.g., social networks, internal...
Steering the CensorShip: Uncovering Representation Vectors for LLM "Thought" Control
Large language models LLMs have transformed the way we access information. These models are often tuned to refuse to comply with requests that are considered harmful and to produce responses that better align with the preferences of those who control the models. To understand how this "censorship...
T2VShield: Model-Agnostic Jailbreak Defense for Text-To-Video Models
The rapid development of generative artificial intelligence has made text to video models essential for building future multimodal world simulators. However, these models remain vulnerable to jailbreak attacks, where specially crafted prompts bypass safety mechanisms and lead to the generation of...
A Study on Mixup-Inspired Augmentation Methods for Software Vulnerability Detection
Various deep learning DL methods have recently been utilized to detect software vulnerabilities. Real-world software vulnerability datasets are rare and hard to acquire, as there is no simple metric for classifying vulnerability. Such datasets are heavily imbalanced, and none of the current...
Bandit on the Hunt: Dynamic Crawling for Cyber Threat Intelligence
Public information contains valuable Cyber Threat Intelligence CTI that is used to prevent future attacks. While standards exist for sharing this information, much appears in non-standardized news articles or blogs. Monitoring online sources for threats is time-consuming and source selection is...
Heavy-Tailed Privacy: the Symmetric Alpha-Stable Privacy Mechanism
With the rapid growth of digital platforms, there is increasing apprehension about how personal data is collected, stored, and used by various entities. These concerns arise from the increasing frequency of data breaches, cyber-attacks, and misuse of personal information for targeted advertising...
ECG Identity Authentication in Open-Set with Multi-Model Pretraining and Self-Constraint Center and Irrelevant Sample Repulsion Learning
Electrocardiogram ECG signal exhibits inherent uniqueness, making it a promising biometric modality for identity authentication. As a result, ECG authentication has gained increasing attention in recent years. However, most existing methods focus primarily on improving authentication accuracy...
SoK: Timeline Based Event Reconstruction for Digital Forensics: Terminology, Methodology, and Current Challenges
Event reconstruction is a technique that examiners can use to attempt to infer past activities by analyzing digital artifacts. Despite its significance, the field suffers from fragmented research, with studies often focusing narrowly on aspects like timeline creation or tampering detection. This...
Performance of Machine Learning Classifiers for Anomaly Detection in Cyber Security Applications
This work empirically evaluates machine learning models on two imbalanced public datasets KDDCUP99 and Credit Card Fraud 2013. The method includes data preparation, model training, and evaluation, using an 80/20 train/test split. Models tested include eXtreme Gradient Boosting XGB, Multi Layer...
DeSIA: Attribute Inference Attacks against Limited Fixed Aggregate Statistics
Empirical inference attacks are a popular approach for evaluating the privacy risk of data release mechanisms in practice. While an active attack literature exists to evaluate machine learning models or synthetic data release, we currently lack comparable methods for fixed aggregate statistics, i...
Faraday 5.13.0
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...
Quantum Lifting for Invertible Permutations and Ideal Ciphers
In this work, we derive the first lifting theorems for establishing security in the quantum random permutation and ideal cipher models. These theorems relate the success probability of an arbitrary quantum adversary to that of a classical algorithm making only a small number of classical queries...
LLMpatronous: Harnessing the Power of LLMs for Vulnerability Detection
Despite the transformative impact of Artificial Intelligence AI across various sectors, cyber security continues to rely on traditional static and dynamic analysis tools, hampered by high false positive rates and superficial code comprehension. While generative AI offers promising automation...
TSCL:Multi-Party Loss Balancing Scheme for Deep Learning Image Steganography Based on Curriculum Learning
For deep learning-based image steganography frameworks, in order to ensure the invisibility and recoverability of the information embedding, the loss function usually contains several losses such as embedding loss, recovery loss and steganalysis loss. In previous research works, fixed loss weight...
LightDSA: a Python-Based Hybrid Digital Signature Library and Performance Analysis of RSA, DSA, ECDSA and EdDSA in Variable Configurations, Elliptic Curve Forms and Curves
Digital signature algorithms DSAs are fundamental to cryptographic security, ensuring data integrity and authentication. While RSA, DSA, ECDSA, and EdDSA are widely used, their performance varies significantly depending on key sizes, hash functions, and elliptic curve configurations. In this pape...
Adversarial Attacks on LLM-As-A-Judge Systems: Insights from Prompt Injections
LLM as judge systems used to assess text quality code correctness and argument strength are vulnerable to prompt injection attacks. We introduce a framework that separates content author attacks from system prompt attacks and evaluate five models Gemma 3.27B Gemma 3.4B Llama 3.2 3B GPT 4 and Clau...
NoEsis: Differentially Private Knowledge Transfer in Modular LLM Adaptation
Large Language Models LLM are typically trained on vast amounts of data from various sources. Even when designed modularly e.g., Mixture-of-Experts, LLMs can leak privacy on their sources. Conversely, training such models in isolation arguably prohibits generalization. To this end, we propose a...
ThreMoLIA: Threat Modeling of Large Language Model-Integrated Applications
Large Language Models LLMs are currently being integrated into industrial software applications to help users perform more complex tasks in less time. However, these LLM-Integrated Applications LIA expand the attack surface and introduce new kinds of threats. Threat modeling is commonly used to...
PICO: Secure Transformers Via Robust Prompt Isolation and Cybersecurity Oversight
We propose a robust transformer architecture designed to prevent prompt injection attacks and ensure secure, reliable response generation. Our PICO Prompt Isolation and Cybersecurity Oversight framework structurally separates trusted system instructions from untrusted user inputs through dual...
issabel-pbx 4.0.0-6 Cross Site Request Forgery
issabel-pbx version 4.0.0-6 proof of concept cross site request forgery exploit that creates a new user...
Automating Function-Level TARA for Automotive Full-Lifecycle Security
As modern vehicles evolve into intelligent and connected systems, their growing complexity introduces significant cybersecurity risks. Threat Analysis and Risk Assessment TARA has therefore become essential for managing these risks under mandatory regulations. However, existing TARA automation...
Revisiting Data Auditing in Large Vision-Language Models
With the surge of large language models LLMs, Large Vision-Language Models VLMs--which integrate vision encoders with LLMs for accurate visual grounding--have shown great potential in tasks like generalist agents and robotic control. However, VLMs are typically trained on massive web-scraped...
A Gradient-Optimized TSK Fuzzy Framework for Explainable Phishing Detection
Phishing attacks represent an increasingly sophisticated and pervasive threat to individuals and organizations, causing significant financial losses, identity theft, and severe damage to institutional reputations. Existing phishing detection methods often struggle to simultaneously achieve high...
Biting the CHERI Bullet: Blockers, Enablers and Security Implications of CHERI in Defence
There is growing interest in securing the hardware foundations software stacks build upon. However, before making any investment decision, software and hardware supply chain stakeholders require evidence from realistic, multiple long-term studies of adoption. We present results from a 12 month...
User Profiles: the Achilles' Heel of Web Browsers
Web browsers provide the security foundation for our online experiences. Significant research has been done into the security of browsers themselves, but relatively little investigation has been done into how they interact with the operating system or the file system. In this work, we provide the...
A Comment on "E-PoS: Making PoS Decentralized and Fair"
Proof-of-Stake PoS is a prominent Sybil control mechanism for blockchain-based systems. In "e-PoS: Making PoS Decentralized and Fair," Saad et al. TPDS'21 introduced a new Proof-of-Stake protocol, e-PoS, to enhance PoS applications' decentralization and fairness. In this comment paper, we address...
Semantic-Aware Contrastive Fine-Tuning: Boosting Multimodal Malware Classification with Discriminative Embeddings
The rapid evolution of malware variants requires robust classification methods to enhance cybersecurity. While Large Language Models LLMs offer potential for generating malware descriptions to aid family classification, their utility is limited by semantic embedding overlaps and misalignment with...
STCL: Curriculum Learning Strategies for Deep Learning Image Steganography Models
Whitepaper called STCL: Curriculum Learning Strategies For Deep Learning Image Steganography Models...
Quantum Autoencoder for Multivariate Time Series Anomaly Detection
Anomaly Detection AD defines the task of identifying observations or events that deviate from typical - or normal - patterns, a critical capability in IT security for recognizing incidents such as system misconfigurations, malware infections, or cyberattacks. In enterprise environments like SAP...
Cluster-Aware Attacks on Graph Watermarks
Data from domains such as social networks, healthcare, finance, and cybersecurity can be represented as graph-structured information. Given the sensitive nature of this data and their frequent distribution among collaborators, ensuring secure and attributable sharing is essential. Graph...