6803 matches found
RAID: an In-Training Defense against Attribute Inference Attacks in Recommender Systems
In various networks and mobile applications, users are highly susceptible to attribute inference attacks, with particularly prevalent occurrences in recommender systems. Attackers exploit partially exposed user profiles in recommendation models, such as user embeddings, to infer private attribute...
How to Enhance Downstream Adversarial Robustness (Almost) without Touching the Pre-Trained Foundation Model?
With the rise of powerful foundation models, a pre-training-fine-tuning paradigm becomes increasingly popular these days: A foundation model is pre-trained using a huge amount of data from various sources, and then the downstream users only need to fine-tune and adapt it to specific downstream...
X-Teaming: Multi-Turn Jailbreaks and Defenses with Adaptive Multi-Agents
Multi-turn interactions with language models LMs pose critical safety risks, as harmful intent can be strategically spread across exchanges. Yet, the vast majority of prior work has focused on single-turn safety, while adaptability and diversity remain among the key challenges of multi-turn...
A Unified Hardware Accelerator for Fast Fourier Transform and Number Theoretic Transform
The Number Theoretic Transform NTT is an indispensable tool for computing efficient polynomial multiplications in post-quantum lattice-based cryptography. It has strong resemblance with the Fast Fourier Transform FFT, which is the most widely used algorithm in digital signal processing. In this...
KubeFence: Security Hardening of the Kubernetes Attack Surface
Kubernetes K8s is widely used to orchestrate containerized applications, including critical services in domains such as finance, healthcare, and government. However, its extensive and feature-rich API interface exposes a broad attack surface, making K8s vulnerable to exploits of software...
The Obvious Invisible Threat: LLM-Powered GUI Agents' Vulnerability to Fine-Print Injections
A Large Language Model LLM powered GUI agent is a specialized autonomous system that performs tasks on the user's behalf according to high-level instructions. It does so by perceiving and interpreting the graphical user interfaces GUIs of relevant apps, often visually, inferring necessary sequenc...
Blockchain Application in Metaverse: a Review
In recent years, the term Metaverse emerged as one of the most compelling concepts, captivating the interest of international companies such as Tencent, ByteDance, Microsoft, and Facebook. These company recognized the Metaverse as a pivotal element for future success and have since made significa...
Progent: Programmable Privilege Control for LLM Agents
LLM agents are an emerging form of AI systems where large language models LLMs serve as the central component, utilizing a diverse set of tools to complete user-assigned tasks. Despite their great potential, LLM agents pose significant security risks. When interacting with the external world, the...
On-Device Watermarking: a Socio-Technical Imperative for Authenticity in the Age of Generative AI
As generative AI models produce increasingly realistic output, both academia and industry are focusing on the ability to detect whether an output was generated by an AI model or not. Many of the research efforts and policy discourse are centered around robust watermarking of AI outputs. While...
MULTI-LF: a Unified Continuous Learning Framework for Real-Time DDoS Detection in Multi-Environment Networks
Detecting Distributed Denial of Service DDoS attacks in Multi-Environment M-En networks presents significant challenges due to diverse malicious traffic patterns and the evolving nature of cyber threats. Existing AI-based detection systems struggle to adapt to new attack strategies and lack...
Improving Statistical Privacy by Subsampling
Differential privacy DP considers a scenario, where an adversary has almost complete information about the entries of a database This worst-case assumption is likely to overestimate the privacy thread for an individual in real life. Statistical privacy SP denotes a setting where only the...
WordPress SoftClever Limited Sync Posts 1.0 Shell Upload
WordPress SoftClever Limited Sync Posts plugin version 1.0 suffers from a remote shell upload vulnerability...
Making Acoustic Side-Channel Attacks on Noisy Keyboards Viable with LLM-Assisted Spectrograms' "Typo" Correction
The large integration of microphones into devices increases the opportunities for Acoustic Side-Channel Attacks ASCAs, as these can be used to capture keystrokes' audio signals that might reveal sensitive information. However, the current State-Of-The-Art SOTA models for ASCAs, including...
Exploring Backdoor Attack and Defense for LLM-Empowered Recommendations
The fusion of Large Language Models LLMs with recommender systems RecSys has dramatically advanced personalized recommendations and drawn extensive attention. Despite the impressive progress, the safety of LLM-based RecSys against backdoor attacks remains largely under-explored. In this paper, we...
Can LLMs Handle WebShell Detection? Overcoming Detection Challenges with Behavioral Function-Aware Framework
WebShell attacks, in which malicious scripts are injected into web servers, are a major cybersecurity threat. Traditional machine learning and deep learning methods are hampered by issues such as the need for extensive training data, catastrophic forgetting, and poor generalization. Recently, Lar...
Encryption Scheme Based on Automorphism Group of Hermitian Function Field with Homomorphic Encryption
This article proposes a comprehensive approach to implementing encryption schemes based on the automorphism group of the Hermitian function field. We utilize a three-parameter group with logarithmic representations outside the group's center. In this work, we enhance the Hermitian function...
Designing AI-Enabled Countermeasures to Cognitive Warfare
Foreign information operations on social media platforms pose significant risks to democratic societies. With the rise of Artificial Intelligence AI, this threat is likely to intensify, potentially overwhelming human defenders. To achieve the necessary scale and tempo to defend against these...
The Voynich Codex Decoded: Statistical Symbolism and Scroll-Wide Logic
This paper introduces a structured decoding framework for the Voynich Manuscript, based on mathematical rhythm, symbolic transformation, and glyph-level recursion. Rather than interpret symbols phonetically, this method decodes them by structural roles and spatial pacing. Using scroll-wide...
OX App Suite Cross Site Scripting / Third Party Vulnerabilities
OX App Suite has addressed multiple cross site scripting vulnerabilities as well as third party vulnerabilities. Last affected versions include 7.10.6 with various revisions...
WordPress SureTriggers All-in-One Automation Platform 1.0.78 Authentication Bypass
WordPress SureTriggers All-in-One Automation Platform plugin versions 1.0.78 and below suffer from an authentication bypass vulnerability that allows for privilege escalation...
Superintelligence Strategy: Expert Version
Rapid advances in AI are beginning to reshape national security. Destabilizing AI developments could rupture the balance of power and raise the odds of great-power conflict, while widespread proliferation of capable AI hackers and virologists would lower barriers for rogue actors to cause...
Concept Enhancement Engineering: a Lightweight and Efficient Robust Defense against Jailbreak Attacks in Embodied AI
Embodied Intelligence EI systems integrated with large language models LLMs face significant security risks, particularly from jailbreak attacks that manipulate models into generating harmful outputs or executing unsafe physical actions. Traditional defense strategies, such as input filtering and...
Overcoming Bottlenecks in Homomorphic Encryption for the 2024 Mexican Federal Election
On June 2, 2024, Mexico held its federal elections. The majority of Mexican citizens voted in person at the polls in this historic election. For the first time though, Mexican citizens living outside their country were able to vote online via a web app, either on a personal device or using an...
FlexiContracts: a Novel and Efficient Scheme for Upgrading Smart Contracts in Ethereum Blockchain
Blockchain technology has revolutionized contractual processes, enhancing efficiency and trust through smart contracts. Ethereum, as a pioneer in this domain, offers a platform for decentralized applications but is challenged by the immutability of smart contracts, which makes upgrades cumbersome...
Investigating Cybersecurity Incidents Using Large Language Models in Latest-Generation Wireless Networks
The purpose of research: Detection of cybersecurity incidents and analysis of decision support and assessment of the effectiveness of measures to counter information security threats based on modern generative models. The methods of research: Emulation of signal propagation data in MIMO systems,...
Research on CNN-BiLSTM Network Traffic Anomaly Detection Model Based on MindSpore
With the widespread adoption of the Internet of Things IoT and Industrial IoT IIoT technologies, network architectures have become increasingly complex, and the volume of traffic has grown substantially. This evolution poses significant challenges to traditional security mechanisms, particularly ...
WordPress Processing Projects 1.0.2 Shell Upload
WordPress Processing Projects plugin versions 1.0.2 and below suffer from a remote shell upload vulnerability...
Ivanti Connect Secure / Policy Secure / ZTA Gateways Remote Code Execution
Proof of concept exploit that demonstrates a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2...
Centreon API 19.04 Bruteforcer
Centreon version 19.04 login password bruteforcing tool...
OpenSSH 10.0
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...
Wapiti Web Application Vulnerability Scanner 3.2.4
Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities...
WordPress Simple Dashboard 2.0 Privilege Escalation
WordPress Simple Dashboard plugin versions 2.0 and below suffer from an unauthenticated privilege escalation vulnerability...
OpenSSH 10.0p1
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...
The Riskiest Connected Devices of 2025
Since 2020, Forescout Research - Vedere Labs has been monitoring the riskiest devices in organizational networks, leveraging data sourced directly from the devices themselves. This marks their fifth report in six years...
Multi-Party Private Set Operations from Predicative Zero-Sharing
Typical protocols in the multi-party private set operations MPSO setting enable m 2 parties to perform certain secure computation on the intersection or union of their private sets, realizing a very limited range of MPSO functionalities. Most works in this field focus on just one or two specific...
CrushFTP 10 / 11 Authentication Bypass
This proof of concept will exploit the authentication bypass vulnerability in CrushFTP versions 10 before 10.8.4 and 11 before 11.3.1. It will create a new user account with administrative level permissions. It requires the username of an existing user as the target and the default is set to...
FASTRPC_ATTR_KEEP_MAP Use-After-Free
A FASTRPCATTRKEEPMAP logic bug allows fastrpcinternalmunmapfd to concurrently free in-use mappings leading to a use-after-free condition...
WordPress Bricks Builder 1.9.6 Remote Code Execution
WordPress Bricks Builder plugin versions 1.9.6 and below unauthenticated remote code execution exploit...
WordPress Motors 1.4.64 Arbitrary Plugin Installation
WordPress Motors plugin versions 1.4.64 and below suffer from an arbitrary plugin installation vulnerability...
Next.js Middleware 15.2.2 Authorization Bypass
Next.js Middleware authorization bypass proof of concept exploit. Versions affected include 13.0.0 through 13.5.8, 14.0.0 through 14.2.24, 15.0.0 through 15.2.2, and 11.1.4 through 12.3...
AIDE 0.19
AIDE Advanced Intrusion Detection Environment is a free replacement for Tripwiretm. It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms ...
OpenSCAP Libraries 1.3.12
The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...
WordPress RomethemeKit for Elementor 1.5.4 Arbitrary Plugin Installation
WordPress RomethemeKit For Elementor plugin versions 1.5.4 and below suffer from an authenticated arbitrary plugin installation and activation vulnerability that can lead to remote code execution...
Firefox xslt/txNodeSorter Out-Of-Bounds Access
An inconsistent comparator in xslt/txNodeSorter leads to out-of-bounds access in Firefox...
Apple Security Advisory 03-31-2025-6
Apple Security Advisory 03-31-2025-6 - iOS 15.8.4 and iPadOS 15.8.4 addresses an out of bounds write vulnerabilities...
Apple Security Advisory 03-31-2025-2
Apple Security Advisory 03-31-2025-2 - Xcode 16.3 addresses issues where a malicious app could access private information or overwrite arbitrary files...
Apple Security Advisory 03-31-2025-5
Apple Security Advisory 03-31-2025-5 - iOS 16.7.11 and iPadOS 16.7.11 addresses an out of bounds write vulnerability...
Apple Security Advisory 03-31-2025-4
Apple Security Advisory 03-31-2025-4 - iPadOS 17.7.6 addresses buffer overflow, out of bounds read, spoofing, and use-after-free vulnerabilities...
Apple Security Advisory 03-31-2025-9
Apple Security Advisory 03-31-2025-9 - macOS Ventura 13.7.5 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities...
Apple Security Advisory 03-31-2025-11
Apple Security Advisory 03-31-2025-11 - visionOS 2.4 addresses buffer overflow, bypass, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...