6803 matches found
Honeypot Protocol
Trusted monitoring, the standard defense in AI control, is vulnerable to adaptive attacks, collusion, and strategic attack selection. All of these exploit the fact that monitoring is passive: it observes model behavior but never probes whether the model would behave differently under different...
Quantum-Safe IPsec in the Banking Industry
The emergence of Cryptographically Relevant Quantum Computers CRQCs presents a critical threat to classical cryptographic systems, particularly widely adopted protocols such as RSA, Diffie-Hellman DH, and Elliptic Curve Cryptography ECC. Given their extensive use in the financial sector, the adve...
LogicEval: A Systematic Framework for Evaluating Automated Repair Techniques for Logical Vulnerabilities in Real-World Software
Logical vulnerabilities in software stem from flaws in program logic rather than memory safety, which can lead to critical security failures. Although existing automated program repair techniques primarily focus on repairing memory corruption vulnerabilities, they struggle with logical...
Totara LMS 19.1.5 Missing Rate Limiting
Totara LMS versions 19.1.5 and below have a forgot password flow that's missing rate limiting...
DeepGuard Secure Code Generation
Large Language Models LLMs for code generation can replicate insecure patterns from their training data. To mitigate this, a common strategy for security hardening is to fine-tune models using supervision derived from the final transformer layer. However, this design may suffer from a final-layer...
Optimizing IoT Intrusion Detection with Tabular Foundation Models for Smart City Forensics
Security operations in smart cities demand detection systems that balance accuracy with response time. While ensemble methods like Random Forest achieve high accuracy, their computational overhead impedes real-time forensic triage. We present the first systematic evaluation of TabPFNv2.5, a...
A Synthetic Conversational Smishing Dataset for Social Engineering Detection
Smishing SMS phishing has become a serious cybersecurity threat, especially for elderly and cyber-unaware individuals, causing financial loss and undermining user trust. Although prior work has focused on detecting smishing at the level of individual messages, real-world attackers often rely on...
Conflict-Aware Robust Design for Covert Wireless Communications
Covert wireless communication aims to establish a reliable link while hiding the transmission from an adversary. In wireless settings, uncertainty plays a central role in this tradeoff: it can help mask the signal from a warden, but it also complicates robust system design. This raises a basic...
Security Implications of 5G Communication in Industrial Systems
Traditionally, industrial control systems ICS were designed without security in mind, prioritizing availability and real-time communication. As these systems increasingly become targets of powerful adversaries, security can no longer be neglected. Driven by flexibility and automation needs, ICS a...
Saleor Cross Site Scripting
Saleor suffers from a persistent cross site scripting vulnerability via an unrestricted file upload functionality. This issue has been patched in versions 3.22.27, 3.21.43, and 3.20.108...
Byte-Level Generative Predictions for Forensics Multimedia Carving
Digital forensic investigations often face significant challenges when recovering fragmented multimedia files that lack file system metadata. While traditional file carving relies on signatures and discriminative deep learning models for fragment classification, these methods cannot reconstruct o...
YARA-X 1.15.0
YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...
Beyond RAG for Cyber Threat Intelligence: A Systematic Evaluation of Graph-Based and Agentic Retrieval
Cyber threat intelligence CTI analysts must answer complex questions over large collections of narrative security reports. Retrieval-augmented generation RAG systems help language models access external knowledge, but traditional vector retrieval often struggles with queries that require reasonin...
WPProbe Plugin Enumeration Tool 0.11.8
A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...
Wazuh 4.14.2 Code Execution / Insecure Deserialization
A critical vulnerability in Wazuh cluster mode allows an attacker with access to a worker node to send malicious serialized payloads that are processed by the master node, resulting in remote code execution with root privileges. Versions 4.0.0 through 4.14.2 are affected...
TEMPLATEFUZZ: Fine-Grained Chat Template Fuzzing for Jailbreaking and Red Teaming LLMs
Large Language Models LLMs are increasingly deployed across diverse domains, yet their vulnerability to jailbreak attacks, where adversarial inputs bypass safety mechanisms to elicit harmful outputs, poses significant security risks. While prior work has primarily focused on prompt injection...
Hardware-Efficient Compound IC Protection with Lightweight Cryptography
Over the years, many techniques have been introduced to protect integrated circuits ICs from hardware security threats that emerged in the globalized IC manufacturing supply chain, such as overproduction and piracy. However, most of these techniques have been rendered inefficient since they do no...
Towards Automated Pentesting with Large Language Models
Large Language Models LLMs are redefining offensive cybersecurity by allowing the generation of harmful machine code with minimal human intervention. While attackers take advantage of dark LLMs such as XXXGPT and WolfGPT to produce malicious code, ethical hackers can follow similar approaches to...
Short Message Service (SMS) Phishing Attacks and Defenses: A Systematic Review
SMS Phishing also known as 'smishing' is a growing deceptive social engineering SE attack that leverages mobile SMS to conduct cybercrimes such as stealing sensitive information or spreading malware by tricking users into interacting with attackers' messages e.g., responding to or clicking URLs...
SIR-Bench: Evaluating Investigation Depth in Security Incident Response Agents
We present SIR-Bench, a benchmark of 794 test cases for evaluating autonomous security incident response agents that distinguishes genuine forensic investigation from alert parroting. Derived from 129 anonymized incident patterns with expert-validated ground truth, SIR-Bench measures not only...
Faraday 5.20.0
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...
RedShell: A Generative AI-Based Approach to Ethical Hacking
The application of Machine Learning techniques in code generation is now a common practice for most developers. Tools such as ChatGPT from OpenAI leverage the natural language processing capabilities of Large Language Models to generate machine code from natural language descriptions. In the...
Marimo Vulnerable Version Scanner
Marimo versions prior to 0.23.0 suffer from a remote code execution vulnerability. This tool scans the version to see if your installation is susceptible but does not provide any exploitation functionality...
Saleor Cross Site Scripting
Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malicious actors to perform persistent cross site scripting attacks on dashboards and storefronts. This issue has been patched in versions 3.22.27, 3.21.43, and 3.20.108...
Totara LMS 19.1.5 Brute Force
Totara LMS versions 19.1.5 suffer from bypass and missing rate limiting in the login flow and due to this, is easily affected by brute forcing attacks...
AnyPoC: Universal Proof-Of-Concept Test Generation for Scalable LLM-Based Bug Detection
While recent LLM-based agents can identify many candidate bugs in source code, their reports remain static hypotheses that require manual validation, limiting the practicality of automated bug detection. We frame this challenge as a test generation task: given a candidate report, synthesizing an...
The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution
Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language...
Machine Learning-Based Detection of MCP Attacks
The Model Context Protocol MCP is a new and emerging technology that extends the functionality of large language models, improving workflows but also exposing users to a new attack surface. Several studies have highlighted related security flaws, but MCP attack detection remains underexplored. To...
Beyond Static Sandboxing: Learned Capability Governance for Autonomous AI Agents
Autonomous AI agents built on open-source runtimes such as OpenClaw expose every available tool to every session by default, regardless of the task. A summarization task receives the same shell execution, subagent spawning, and credential access capabilities as a code deployment task, a 15x...
Jailbreaking the Matrix: Nullspace Steering for Controlled Model Subversion
Large language models remain vulnerable to jailbreak attacks -- inputs designed to bypass safety mechanisms and elicit harmful responses -- despite advances in alignment and instruction tuning. We propose Head-Masked Nullspace Steering HMNS, a circuit-level intervention that i identifies attentio...
A Relay a Day Keeps the AirTag Away: Practical Relay Attacks on Apple's AirTags
Apple AirTags use Apple's Find My network: when nearby iDevices detect a lost tag, they anonymously forward an encrypted location report to Apple, which the tag's owner can then fetch to locate the item. That encryption protects privacy -- neither the finder nor Apple learns the owner's identity ...
Organizational Security Resource Estimation Via Vulnerability Queueing
We provide an approach that closely estimates an organization's cyber resources directly from vulnerability timestamps, using a non-stationary queueing framework. Traditional attack-surface metrics operate on static snapshots, ignoring the core attack-defense dynamics within information systems,...
Automatic Teller Machines for Offline E-Cash
Electronic cash e-cash is a digital alternative to physical currency that allows anonymous transactions between users and merchants. Typically, coins in an e-cash scheme are only dispensed through a central bank. A drawback of this approach is that the bank is always on the critical path during...
Maestro 0.15.3
Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...
Falco 0.43.1
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...
DSpace 7.x / 8.x XMLUI Data Extraction
This Python script sends an HTTP request to a DSpace XMLUI "discover" endpoint using specific query parameters and session cookies. It attempts to retrieve up to 100 records in XML format and saves the response locally as a raw XML dump file. After downloading the data, it performs a basic text...
Like a Hammer, It Can Build, It Can Break: Large Language Model Uses, Perceptions, and Adoption in Cybersecurity Operations on Reddit
Large language models LLMs have recently emerged as promising tools for augmenting Security Operations Center SOC workflows, with vendors increasingly marketing autonomous AI solutions for SOCs. However, there remains a limited empirical understanding of how such tools are used, perceived, and...
ADAM: A Systematic Data Extraction Attack on Agent Memory Via Adaptive Querying
Large Language Model LLM agents have achieved rapid adoption and demonstrated remarkable capabilities across a wide range of applications. To improve reasoning and task execution, modern LLM agents would incorporate memory modules or retrieval-augmented generation RAG mechanisms, enabling them to...
Event-Driven Temporal Graph Networks for Asynchronous Multi-Agent Cyber Defense in NetForge_RL
The transition of Multi-Agent Reinforcement Learning MARL policies from simulated cyber wargames to operational Security Operations Centers SOCs is fundamentally bottlenecked by the Sim2Real gap. Legacy simulators abstract away network protocol physics, rely on synchronous ticks, and provide clea...
CLIP-Inspector: Model-Level Backdoor Detection for Prompt-Tuned CLIP Via OOD Trigger Inversion
Organisations with limited data and computational resources increasingly outsource model training to Machine Learning as a Service MLaaS providers, who adapt vision-language models VLMs such as CLIP to downstream tasks via prompt tuning rather than training from scratch. This semi-honest setting...
BadSkill: Backdoor Attacks on Agent Skills Via Model-In-Skill Poisoning
Agent ecosystems increasingly rely on installable skills to extend functionality, and some skills bundle learned model artifacts as part of their execution logic. This creates a supply-chain risk that is not captured by prompt injection or ordinary plugin misuse: a third-party skill may appear...
S3CDM: A Secret-Sharing-Scheme-Based Cyberattack Detection Model and Its Simulation Implementation
We design and develop a secret-sharing-scheme-based cyberattack detection modelS3CDMthat can detect unauthorized or illegal activities especially insider attacks and protect sensitive information within complex network infrastructures of large organizations. The model splits a secret among a grou...
Personal AI Infrastructure 4.0.3
PAI is a Personalized AI Platform designed to magnify your capabilities. It's designed for humans most of all, but can be used by teams, companies, or Federations of Planets desiring to be better versions of themselves. The goal of the project is to get people working with AI and lower the bar...
ChatGPT, Is This Real? the Influence of Generative AI on Writing Style in Top-Tier Cybersecurity Papers
With the release of ChatGPT in 2022, generative AI has significantly lowered the cost of polishing and rewriting text. Due to its widespread usage, conference organizers instated specific requirements researchers need to adhere to when using GenAI. When asked to rewrite text, GenAI can introduce...
RRC Steganography
This is a proof of concept tool called Rotation Range-Coding RRC Steganography - an efficient and provably secure linguistic steganographic method that embeds secret messages into natural-language text generated by large language models. Included is the whitepaper discussing this tool called...
DSpace 5.x / 6.x Full Repository Extractor
This Python script is an automated extraction tool targeting a DSpace-based repository. It leverages an open Solr search query to enumerate repository item handles, then audits each item to discover and download associated bitstream files typically PDFs. The script also attempts sequence-based...
Lodash 4.17.12 Prototype Pollution Scanner
This tool is a multi-threaded CLI scanner designed to detect potential Prototype Pollution vulnerabilities in web applications using Lodash. It targets endpoints that may improperly handle user-supplied JSON input and perform unsafe object merging operations e.g., via defaultsDeep. The scanner...
WPProbe Plugin Enumeration Tool 0.11.6
A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...
Securing Retrieval-Augmented Generation: A Taxonomy of Attacks, Defenses, and Future Directions
Retrieval-augmented generation RAG significantly enhances large language models LLMs but introduces novel security risks through external knowledge access. While existing studies cover various RAG vulnerabilities, they often conflate inherent LLM risks with those specifically introduced by RAG. I...
OpenSCAP Libraries 1.3.14
The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...