6803 matches found
PJPROJECT 2.16 Buffer Overflow
PJPROJECT versions 2.16 and below suffer from a heap buffer overflow vulnerability...
Hidden in Memory: Sleeper Memory Poisoning in LLM Agents
Large language models are increasingly augmented with persistent memory, allowing assistants to store user-specific information across sessions for personalization and continuity. This statefulness introduces a new security risk: adversarial content can corrupt what an assistant remembers and...
The End of Trust: How Agentic AI Breaks Security Assumptions
For decades, the security of digital interaction has rested on an unacknowledged economic constraint. Attackers faced a tradeoff between the fidelity of a deception and the scale at which it could be deployed. Convincing impersonation required sustained human effort and was confined to a narrow s...
Exim 4.99.2 Memory Corruption
A remotely reachable memory corruption issue was discovered in Exim's GnuTLS backend. The vulnerability is triggered during BDAT message body handling when a client sends a TLS closenotify alert before the body transfer is complete, and then follows up with a final byte in cleartext on the same T...
angr 9.2.215
angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...
DCVD: Dual-Channel Cross-Modal Fusion for Joint Vulnerability Detection and Localization
Software vulnerability detection plays a critical role in ensuring system security, where real-world auditing requires not only determining whether a function is vulnerable but also pinpointing the specific lines responsible. However, existing approaches either rely on a single information source...
Zeek 8.0.8
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
Joern 4.0.538
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
Empowering IoT Security: On-Device Intrusion Detection in Resource Constrained Devices
IoT devices particularly microcontrollers are challenged by their inherent limitations in processing capabilities, memory capacity, and energy conservation. Securing communication within IoT networks is further complicated by the heterogeneity of devices and the myriad of potential security...
Backdoor Threats in Variational Quantum Circuits: Taxonomy, Attacks, and Defenses
Variational quantum algorithms VQAs are a central paradigm for noisy intermediate-scale NISQ quantum computing, yet their reliance on predesigned and pretrained variational quantum circuits VQCs introduces critical security vulnerabilities, particularly backdoor attacks. These attacks embed hidde...
Insecure Despite Proven Updated: Extracting the Root VCEK Seed on EPYC Milan Via a Software-Only Attack
In the official whitepaper of Secure Encrypted Virtualization with Secure Nested Paging SEV-SNP, AMD explicitly emphasizes the capability to prevent Trusted Computing Base TCB rollback attacks. Cryptographically, this is realized by signing attestation reports with the Versioned Chip Endorsement...
On the (Non-)Resilience of Encrypted Controllers to Covert Attacks
The security of networked control systems NCS is receiving increasing attention from both cyber-security and system-theoretic perspectives. The former focuses on classical IT security goals such as confidentiality, integrity, and availability of process data, while the latter investigates tailore...
GNU Privacy Guard 2.5.20
GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...
No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills
LLM-powered agents can silently delete documents, leak credentials, or transfer funds on a routine user request, not because the agent was attacked, but because the skill it invoked broke its own declared safety rules. We call these specification violations: benign inputs cause a skill to breach...
Memory Forensics Techniques for Automated Detection and Analysis of Go Malware
The Go programming language has become increasingly popular among malware developers due to its ability to produce statically linked, cross-platform executables that challenge traditional analysis techniques. These binaries embed a substantial runtime and compiler-generated metadata and are...
ExploitBench: A Capability Ladder Benchmark for LLM Cybersecurity Agents
Exploitation is not a binary event. It is a ladder of acquiring progressive capabilities, from executing a single buggy line of code to taking full control of the target. However, existing LLM security benchmarks treat a crash as exploitation success. That single binary outcome collapses the hard...
Security Incentivization: An Empirical Study of How Micropayments Impact Code Security
Security often receives insufficient developer attention because it does not directly generate visible value, leading to underinvestment in practice. We evaluate a countermeasure by team-level incentives tied to measurable security improvements over time. Our semi-automated mechanism aggregates...
Characterizing AI-Assisted Bot Traffic in Darknet Data: Implications for ICS and IIoT Security
The rise of automated scanning tools and AI assisted reconnaissance agents has significantly altered internet background traffic patterns, threatening the baseline assumptions underlying intrusion detection systems IDS deployed in critical infrastructure networks. This paper characterizes the...
Red-Teaming Agent Execution Contexts: Open-World Security Evaluation on OpenClaw
Agentic language-model systems increasingly rely on mutable execution contexts, including files, memory, tools, skills, and auxiliary artifacts, creating security risks beyond explicit user prompts. This paper presents DeepTrap, an automated framework for discovering contextual vulnerabilities in...
Security-Aware Planning and Control of Multi-Agent Systems with LTL Tasks
This paper presents a secure-by-construction planning and control framework for multi-agent systems subject to linear temporal logic LTL specifications. The framework protects sensitive information from a passive intruder with partial observations of the agents' motion. Security in multi-agent...
Backdoor Channels Hidden in Latent Space: Cryptographic Undetectability in Modern Neural Networks
Recent cryptographic results establish that neural networks can be backdoored such that no efficient algorithm can distinguish them from a clean model. These guarantees, however, have been confined to stylised architectures of limited practical relevance, leaving open whether comparable...
Identifying AI Web Scrapers Using Canary Tokens
From pre-training to query-time augmentation, web-scraped data helps to improve the quality and contextual relevancy of content generated by large language models LLMs. However, large-scale web scraping to feed LLMs can affect site stability and raise legal, privacy, or ethics concerns. If websit...
Code-Centric Detection of Vulnerability-Fixing Commits: A Unified Benchmark and Empirical Study
Automated detection of vulnerability-fixing commits VFCs is critical for timely security patch deployment, as advisory databases lag patch releases by a median of 25 days and many fixes never receive advisories. We present a comprehensive evaluation of code language model based VFC detection...
Numerical Security Analysis for Practical Quantum Key Distribution
Quantum key distribution QKD promises information-theoretic security based on quantum mechanics and idealized device models. Practical implementations, however, deviate from these models due to unavoidable device imperfections, and existing security proofs fall short of capturing the complexity o...
Context-Aware Web Attack Detection in Open-Source SIEM Systems Via MITRE ATT&CK-Enriched Behavioral Profiling
Security Information and Event Management SIEM systems aggregate log data from heterogeneous sources to detect coordinated attacks. Traditional rule-based correlation engines struggle to classify multi-step web application attacks because they examine each event without reference to the behaviour...
Five Attacks on X402 Agentic Payment Protocol
The x402 protocol revives the HTTP 402 Payment Required status code to enable web-native micropayments across APIs, content, and agents. It combines synchronous HTTP authorization with asynchronous blockchain settlement and introduces a cross-layer attack surface absent from conventional web and...
Do Androids Dream of Breaking the Game? Systematically Auditing AI Agent Benchmarks with BenchJack
Agent benchmarks have become the de facto measure of frontier AI competence, guiding model selection, investment, and deployment. However, reward hacking, where agents maximize a score without performing the intended task, emerges spontaneously in frontier models without overfitting. We argue tha...
SkillSafetyBench: Evaluating Agent Safety under Skill-Facing Attack Surfaces
Reusable skills are becoming a common interface for extending large language model agents, packaging procedural guidance with access to files, tools, memory, and execution environments. However, this modularity introduces attack surfaces that are largely missed by existing safety evaluations: eve...
From Controlled to the Wild: Evaluation of Pentesting Agents for the Real-World
AI pentesting agents are increasingly credible as offensive security systems, but current benchmarks still provide limited guidance on which will perform best in real-world targets. Existing evaluation protocols assess and optimize for predefined goals such as capture-the-flag, remote code...
Attacks and Mitigations for Distributed Governance of Agentic AI under Byzantine Adversaries
Agentic AI governance is a critical component of agentic AI infrastructure ensuring that agents follow their owner's communication and interaction policies, and providing protection against attacks from malicious agents. The state-of-the-art solution, SAGA, assumes a logically centralized point o...
When LLMs Team Up: A Coordinated Attack Framework for Automated Cyber Intrusions
Automated intrusion-style workflows require LLM agents to reason over partial observations, tool outputs, and executable artifacts under bounded budgets. A single LLM instance often compresses evidence extraction, planning, execution, and validation into one context, which increases the risk of...
Do Skill Descriptions Tell the Truth? Detecting Undisclosed Security Behaviors in Code-Backed LLM Skills
Programmatic skills in LLM ecosystems consist of a natural-language description and executable implementation files. Users and LLMs rely on the description to understand the skill's scope. However, the implementation may perform security-relevant operations, such as credential access, network...
CTFusion: A CTF-Based Benchmark for LLM Agent Evaluation
Recent advances in Large Language Models LLMs have enabled agentic systems for complex, multi-step tasks; cybersecurity is emerging as a prominent application. To evaluate such agents, researchers widely adopt Capture The Flag CTF benchmarks. However, current CTF benchmarks reuse existing...
Still Camouflage, Moving Illusion: View-Induced Trajectory Manipulation in Autonomous Driving
Existing physical adversarial attacks on vision-based autonomous driving induce time-evolving perception errors, including biased object tracking or trajectory prediction, through i sophisticated physical patch inducing detection box drift when entering the view distance, or ii dynamically changi...
VulTriage: Triple-Path Context Augmentation for LLM-Based Vulnerability Detection
Automated vulnerability detection is a fundamental task in software security, yet existing learning-based methods still struggle to capture the structural dependencies, domain-specific vulnerability knowledge, and complex program semantics required for accurate detection. Recent Large Language...
Proteus: A Self-Evolving Red Team for Agent Skill Ecosystems
Agent skills extend LLM agents with reusable instructions, tool interfaces, and executable code, and users increasingly install third-party skills from marketplaces, repositories, and community channels. Because a skill exposes both executable behavior and context-setting documentation, its...
Joern 4.0.537
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
Convolutional-Neural-Networks for Deanonymisation of I2P Traffic
This study investigates the potential for deanonymizing services within the Invisible Internet Project I2P network through passive traffic analysis and machine learning techniques. The primary objective is to identify distinctive patterns in I2P traffic despite the encryption of its payload. To...
Iterative Audit Convergence in LLM-Managed Multi-Agent Systems: A Case Study in Prompt Engineering Quality Assurance
Prompt specifications for multi-agent large language model LLM systems carry data contracts and integration logic across many interdependent files but are rarely subjected to structured-inspection rigor. This paper reports a single-system empirical case study of iterative, agent-driven auditing...
Secure (Multiple) Key-Cast over Networks: Multiple Eavesdropping Nodes
We study the secure multiple key-cast problem over noiseless networks under node-based eavesdroppers, where one or more source nodes participate in the generation of distinct secret keys to be shared among designated terminal subsets, while an eavesdropper observing up to $\ell$ nodes, including...
Security of Decoy-State Quantum Key Distribution with Correlated Bit-And-Basis Encoders
Practical quantum key distribution QKD modulators inevitably introduce correlations, causing the state emitted in a given round to depend on the setting choices made in previous rounds. These correlations break the round-by-round independence structure on which many widely used security proof...
Behavioral Integrity Verification for AI Agent Skills
Agent skills extend LLM agents with privileged third-party capabilities such as filesystem access, credentials, network calls, and shell execution. Existing safety work catches malicious prompts and risky runtime actions, but the skill artifact itself goes unverified. We formalize this as the...
IPI-Proxy: An Intercepting Proxy for Red-Teaming Web-Browsing AI Agents against Indirect Prompt Injection
Web-browsing AI agents are increasingly deployed in enterprise settings under strict whitelists of approved domains, yet adversaries can still influence them by embedding hidden instructions in the HTML pages those domains serve. Existing red-teaming resources fall short of this scenario:...
Reconstruction of Personally Identifiable Information from Supervised Finetuned Models
Supervised Finetuning SFT has become one of the primary methods for adapting a large language model LLM with extensive pre-trained knowledge to domain-specific, instruction-following tasks. SFT datasets, composed of instruction-response pairs, often include user-provided information that may...
FreeMOCA: Memory-Free Continual Learning for Malicious Code Analysis
As over 200 million new malware samples are identified each year, antivirus systems must continuously adapt to the evolving threat landscape. However, retraining solely on new samples leads to catastrophic forgetting and exploitable blind spots, while retraining on the entire dataset incurs...
Faraday 5.20.1
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...
MATRA: Modeling the Attack Surface of Agentic AI Systems -- OpenClaw Case Study
LLMs are increasingly deployed as autonomous agents with access to tools, databases, and external services, yet practitioners across different sectors lack systematic methods to assess how known threat classes translate into concrete risks within a specific agentic deployment. We present MATRA, a...
PRISM: Generation-Time Detection and Mitigation of Secret Leakage in Multi-Agent LLM Pipelines
Multi-agent LLM systems introduce a security risk in which sensitive information accessed by one agent can propagate through shared context and reappear in downstream outputs, even without explicit adversarial intent. We formalise this phenomenon as propagation amplification, where leakage risk...
LLMs for Secure Hardware Design and Related Problems: Opportunities and Challenges
The integration of Large Language Models LLMs into Electronic Design Automation EDA and hardware security is rapidly reshaping the semiconductor industry. While LLMs offer unprecedented capabilities in generating Register Transfer Level RTL code, automating testbenches, and bridging the semantic...
Continuous Discovery of Vulnerabilities in LLM Serving Systems with Fuzzing
LLM inference and serving systems have become security-critical infrastructure; however, many of their most concerning failures arise from the serving layer rather than from model behavior alone. Modern inference engines combine KV cache, batching, prefix sharing, speculative decoding, adapters,...