6803 matches found
FreeBSD Security Advisory - FreeBSD-SA-26:08.rpcsec_gss
FreeBSD Security Advisory - Each RPCSECGSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow...
FreeBSD Security Advisory - FreeBSD-SA-26:06.tcp
FreeBSD Security Advisory - When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf...
Unveiling the Resilience of LLM-Enhanced Search Engines against Black-Hat SEO Manipulation
The emergence of Large Language Model-enhanced Search Engines LLMSEs has revolutionized information retrieval by integrating web-scale search capabilities with AI-powered summarization. While these systems demonstrate improved efficiency over traditional search engines, their security implication...
Shape and Substance: Dual-Layer Side-Channel Attacks on Local Vision-Language Models
On-device Vision-Language Models VLMs promise data privacy via local execution. However, we show that the architectural shift toward Dynamic High-Resolution preprocessing e.g., AnyRes introduces an inherent algorithmic side-channel. Unlike static models, dynamic preprocessing decomposes images in...
On the Vulnerability of Deep Automatic Modulation Classifiers to Explainable Backdoor Threats
Deep learning DL has been widely studied for assisting applications of modern wireless communications. One of the applications is automatic modulation classification AMC. However, DL models are found to be vulnerable to adversarial machine learning AML threats. One of the most persistent and...
The System Prompt Is the Attack Surface: How LLM Agent Configuration Shapes Security and Creates Exploitable Vulnerabilities
System prompt configuration can make the difference between near-total phishing blindness and near-perfect detection in LLM email agents. We present PhishNChips, a study of 11 models under 10 prompt strategies, showing that prompt-model interaction is a first-order security variable: a single...
Understanding AI Methods for Intrusion Detection and Cryptographic Leakage
We investigate the role of artificial intelligence in cybersecurity by evaluating how machine learning techniques can detect malicious network activity and identify potential information leakage in cryptographic implementations. We conduct a series of experiments using the NSL-KDD and CIC-IDS...
Toward a Multi-Layer ML-Based Security Framework for Industrial IoT
The Industrial Internet of Things IIoT introduces significant security challenges as resource-constrained devices become increasingly integrated into critical industrial processes. Existing security approaches typically address threats at a single network layer, often relying on expensive hardwar...
Walma: Learning to See Memory Corruption in WebAssembly
WebAssembly's Wasm monolithic linear memory model facilitates memory corruption attacks that can escalate to cross-site scripting in browsers or go undetected when a malicious host tampers with a module's state. Existing defenses rely on invasive binary instrumentation or custom runtimes, and do...
Software Supply Chain Smells: Lightweight Analysis for Secure Dependency Management
Modern software systems heavily rely on third-party dependencies, making software supply chain security a critical concern. We introduce the concept of software supply chain smells as structural indicators that signal potential security risks. We design and evaluate Dirty-Waters, a novel tool for...
ClawKeeper: Comprehensive Safety Protection for OpenClaw Agents through Skills, Plugins, and Watchers
Whitepaper called ClawKeeper: Comprehensive Safety Protection For OpenClaw Agents Through Skills, Plugins, And Watchers...
XSStrike 3.1.6
XSStrike is a cross site scripting detection suite equipped with four hand written parsers, an intelligent payload generator, a powerful fuzzing engine and an incredibly fast crawler. Instead of injecting payloads and checking it works like all the other tools do, XSStrike analyses the response...
Environment-Grounded Multi-Agent Workflow for Autonomous Penetration Testing
The increasing complexity and interconnectivity of digital infrastructures make scalable and reliable security assessment methods essential. Robotic systems represent a particularly important class of operational technology, as modern robots are highly networked cyber-physical systems deployed in...
FreeBSD Security Advisory - FreeBSD-SA-26:09.pf
FreeBSD Security Advisory - pf silently ignores certain rules. A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is...
Towards Remote Attestation of Microarchitectural Attacks: The Case of Rowhammer
Microarchitectural vulnerabilities increasingly undermine the assumption that hardware can be treated as a reliable root of trust. Prevention mechanisms often lag behind evolving attack techniques, leaving deployed systems unable to assume continued trustworthiness. We propose a shift from...
Policy-Guided Threat Hunting: An LLM Enabled Framework with Splunk SOC Triage
With frequently evolving Advanced Persistent Threats APTs in cyberspace, traditional security solutions approaches have become inadequate for threat hunting for organizations. Moreover, SOC Security Operation Centers analysts are often overwhelmed and struggle to analyze the huge volume of logs...
WPProbe Plugin Enumeration Tool 0.11.2
A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...
Multi-User Multi-Key Image Steganography with Key Isolation
Steganography conceals secret information within innocuous carriers while preserving visual fidelity and enabling reliable recovery. Recent unified networks operate normally under untriggered conditions but switch to hidden steganographic tasks when triggered. PUSNet follows this paradigm by...
SoK: The Attack Surface of Agentic AI -- Tools, and Autonomy
Recent AI systems combine large language models with tools, external knowledge via retrieval-augmented generation RAG, and even autonomous multi-agent decision loops. This agentic AI paradigm greatly expands capabilities - but also vastly enlarges the attack surface. In this systematization, we m...
TreeTeaming: Autonomous Red-Teaming of Vision-Language Models Via Hierarchical Strategy Exploration
The rapid advancement of Vision-Language Models VLMs has brought their safety vulnerabilities into sharp focus. However, existing red teaming methods are fundamentally constrained by an inherent linear exploration paradigm, confining them to optimizing within a predefined strategy set and...
Not All Tokens Are Created Equal: Query-Efficient Jailbreak Fuzzing for LLMs
Large Language ModelsLLMs are widely deployed, yet are vulnerable to jailbreak prompts that elicit policy-violating outputs. Although prior studies have uncovered these risks, they typically treat all tokens as equally important during prompt mutation, overlooking the varying contributions of...
CSTS: A Canonical Security Telemetry Substrate for AI-Native Cyber Detection
AI-driven cybersecurity systems often fail under cross-environment deployment due to fragmented, event-centric telemetry representations. We introduce the Canonical Security Telemetry Substrate CSTS, an entity-relational abstraction that enforces identity persistence, typed relationships, and...
Towards Leveraging LLMs to Generate Abstract Penetration Test Cases from Software Architecture
Software architecture models capture early design decisions that strongly influence system quality attributes, including security. However, architecture-level security assessment and feedback are often absent in practice, allowing security weaknesses to propagate into later phases of the software...
Terrapack HTTP Module Helpers
This is a Metasploit module that is intended to automate interaction with Terrapack web services. It does not exploit any actual issue but is meant for facilitation of testing...
Security Barriers to Trustworthy AI-Driven Cyber Threat Intelligence in Finance: Evidence from Practitioners
Financial institutions face increasing cyber risk while operating under strict regulatory oversight. To manage this risk, they rely heavily on Cyber Threat Intelligence CTI to inform detection, response, and strategic security decisions. Artificial intelligence AI is widely suggested as a means t...
Targeted Adversarial Traffic Generation : Black-Box Approach to Evade Intrusion Detection Systems in IoT Networks
The integration of machine learning ML algorithms into Internet of Things IoT applications has introduced significant advantages alongside vulnerabilities to adversarial attacks, especially within IoT-based intrusion detection systems IDS. While theoretical adversarial attacks have been extensive...
Leveraging Large Language Models for Trustworthiness Assessment of Web Applications
The widespread adoption of web applications has made their security a critical concern and has increased the need for systematic ways to assess whether they can be considered trustworthy. However, "trust" assessment remains an open problem as existing techniques primarily focus on detecting known...
Agent Audit: A Security Analysis System for LLM Agent Applications
What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted...
What a Mesh: Formal Security Analysis of WPA3 SAE Wireless Authentication
The latest Wi-Fi security standard, IEEE 802.11, includes a secure authentication protocol called SAE, whose use is mandatory for WPA3-Personal networks. The protocol is specified at two separate but linked levels: a traditional cryptographic description of the communication logic between network...
AgentRFC: Security Design Principles and Conformance Testing for Agent Protocols
AI agent protocols -- including MCP, A2A, ANP, and ACP -- enable autonomous agents to discover capabilities, delegate tasks, and compose services across trust boundaries. Despite massive deployment MCP alone has 97M+ monthly SDK downloads, no systematic security framework for these protocols...
OrgForge-IT: A Verifiable Synthetic Benchmark for LLM-Based Insider Threat Detection
Synthetic insider threat benchmarks face a consistency problem: corpora generated without an external factual constraint cannot rule out cross-artifact contradictions. The CERT dataset -- the field's canonical benchmark -- is also static, lacks cross-surface correlation scenarios, and predates th...
ProHunter APT Hunting Tool / Paper
Advanced Persistent Threats APTs remain difficult to detect due to their stealthy nature and long-term persistence. To tackle this challenge, provenance-based threat hunting has gained traction as a proactive defense mechanism. This technique models audit logs as a whole-system provenance graph a...
TLS Certificate and Domain Feature Analysis of Phishing Domains in the Danish .Dk Namespace
Phishing attacks remain a persistent cybersecurity threat, and the widespread adoption of TLS certificates has unintentionally enabled malicious websites to appear trustworthy to users. This study examines whether certificate metadata and domain characteristics can help distinguish phishing domai...
DSpace 9.2 REST API Automated Document Discovery and Download
This is a framework for collecting data from DSpace systems. Built using Selenium, it is designed to automatically discover and download documents from web repositories and public portals...
DNS Rebinding Detection Sensor
This Python script implements a lightweight DNS Rebinding detection sensor designed to identify suspicious DNS resolution behavior in real time...
Auditing MCP Servers for Over-Privileged Tool Capabilities
The Model Context Protocol MCP has emerged as a standard for connecting Large Language Models LLMs to external tools and data. However, MCP servers often expose privileged capabilities, such as file system access, network requests, and command execution that can be exploited if not properly...
DNS Monitoring System with HTTP Dashboard
This Python script implements a small Security Operations Center Mini SOC that focuses on DNS traffic monitoring...
Numerical Security Framework for Quantum Key Distribution with Bypass Channels
Satellite based quantum key distribution QKD aims to establish secure key exchange over long distances despite significant technological challenges. To alleviate some of these challenges, Ghalaii et al. PRX Quantum 4, 040320 2023 proposed that any airborne eavesdropper up to a certain size can be...
CTF As a Service: A Reproducible and Scalable Infrastructure for Cybersecurity Training
Capture The Flag CTF competitions have established themselves as a highly effective pedagogical tool in cybersecurity education, offering students hands-on experience in realistic attack and defense scenarios. However, organizing and hosting these events requires considerable infrastructure effor...
Cybersecurity Guidance for Smart Homes: A Cross-National Review of Government Sources
Smart homes are increasingly targeted by cyberattacks, yet residents often lack guidance when incidents occur. Since affected residents are likely to seek help from trustworthy sources, this paper asks: What actionable cybersecurity guidance do governments provide to smart home users whose system...
Model Context Protocol Threat Modeling and Analyzing Vulnerabilities to Prompt Injection with Tool Poisoning
The Model Context Protocol MCP has rapidly emerged as a universal standard for connecting AI assistants to external tools and data sources. While MCP simplifies integration between AI applications and various services, it introduces significant security vulnerabilities, particularly on the client...
A Survey of Web Application Security Tutorials
Developers rely on online tutorials to learn web application security, but tutorial quality varies. We reviewed 132 free security tutorials to examine topic coverage, authorship, and technical depth. Our analysis shows that most tutorials come from vendors and emphasize high-level explanations ov...
STRIATUM-CTF: A Protocol-Driven Agentic Framework for General-Purpose CTF Solving
Large Language Models LLMs have demonstrated potential in code generation, yet they struggle with the multi-step, stateful reasoning required for offensive cybersecurity operations. Existing research often relies on static benchmarks that fail to capture the dynamic nature of real-world...
Towards Secure Retrieval-Augmented Generation: A Comprehensive Review of Threats, Defenses and Benchmarks
Retrieval-Augmented Generation RAG significantly mitigates the hallucinations and domain knowledge deficiency in large language models by incorporating external knowledge bases. However, the multi-module architecture of RAG introduces complex system-level security vulnerabilities. Guided by the R...
Framework for Risk-Based IoT Cybersecurity Audit Engagements
The use of Internet of Things IoT devices is growing at a rapid rate. While much of this growth is consumer devices, IoT devices are also commonly found in corporate and industrial environments, as well. These devices can be organization-owned and managed by an information technology unit, deploy...
AI in Cybersecurity Education -- Scalable Agentic CTF Design Principles and Educational Outcomes
Large language models are rapidly changing how learners acquire and demonstrate cybersecurity skills. However, when human--AI collaboration is allowed, educators still lack validated competition designs and evaluation practices that remain fair and evidence-based. This paper presents a...
When the Abyss Looks Back: Unveiling Evolving Dark Patterns in Cookie Consent Banners
To comply with data protection regulations such as the EU General Data Protection Regulation GDPR and the California Consumer Privacy Act CCPA, websites widely deploy cookie consent banners to collect users' privacy preferences. In practice, however, these interfaces often embed dark patterns tha...
Hardening Confidential Federated Compute against Side-Channel Attacks
In this work, we identify a set of side-channels in our Confidential Federated Compute platform that a hypothetical insider could exploit to circumvent differential privacy DP guarantees. We show how DP can mitigate two of the side-channels, one of which has been implemented in our open-source...
DeepXplain: XAI-Guided Autonomous Defense against Multi-Stage APT Campaigns
Advanced Persistent Threats APTs are stealthy, multi-stage attacks that require adaptive and timely defense. While deep reinforcement learning DRL enables autonomous cyber defense, its decisions are often opaque and difficult to trust in operational environments. This paper presents DeepXplain, a...
Security and Privacy in O-RAN for 6G: A Comprehensive Review of Threats and Mitigation Approaches
Open Radio Access Network O-RAN is a major advancement in the telecommunications field, providing standardized interfaces that promote interoperability between different vendors' technologies, thereby enhancing network flexibility and reducing operational expenses. By leveraging cutting-edge...