6803 matches found
Lockbox -- a Zero Trust Architecture for Secure Processing of Sensitive Cloud Workloads
Enterprises increasingly rely on cloud-based applications to process highly sensitive data artifacts. Although cloud adoption improves agility and scalability, it also introduces new security challenges such as expanded attack surfaces, a wider radius of attack from credential compromise, and...
SCAFFOLD-CEGIS: Preventing Latent Security Degradation in LLM-Driven Iterative Code Refinement
The application of large language models to code generation has evolved from one-shot generation to iterative refinement, yet the evolution of security throughout iteration remains insufficiently understood. Through comparative experiments on three mainstream LLMs, this paper reveals the iterativ...
Artificial Noise Versus Artificial Noise Elimination: Redefining Scaling Laws of Physical Layer Security
Artificial noise AN is a key physical-layer security scheme for wireless communications over multiple-input multiple-output wiretap channels. Recently, artificial noise elimination ANE has emerged as a strategy to mitigate the impact of AN on eavesdroppers. However, the influence of ANE on the...
Security Considerations for Multi-Agent Systems
Multi-agent artificial intelligence systems or MAS are systems of autonomous agents that exercise delegated tool authority, share persistent memory, and coordinate via inter-agent communication. MAS introduces qualitatively distinct security vulnerabilities from those documented for singular AI...
RuView: WiFi Signal Analyzer
RuView: WiFi DensePose turns commodity WiFi signals into real-time human pose estimation, vital sign monitoring, and presence detection, all without a single pixel of video...
Coverage-Guided Multi-Agent Harness Generation for Java Library Fuzzing
Coverage-guided fuzzing has proven effective for software testing, but targeting library code requires specialized fuzz harnesses that translate fuzzer-generated inputs into valid API invocations. Manual harness creation is time-consuming and requires deep understanding of API semantics,...
OSS-CRS: Liberating AIxCC Cyber Reasoning Systems for Real-World Open-Source Security
DARPA's AI Cyber Challenge AIxCC showed that cyber reasoning systems CRSs can go beyond vulnerability discovery to autonomously confirm and patch bugs: seven teams built such systems and open-sourced them after the competition. Yet all seven open-sourced CRSs remain largely unusable outside their...
Broken Access: On the Challenges of Screen Reader Assisted Two-Factor and Passwordless Authentication
In today's technology-driven world, web services have opened up new opportunities for blind and visually impaired people to interact independently. Securing interactions with these services is crucial; however, currently deployed authentication mainly concentrate on sighted users, overlooking the...
VoiceSHIELD-Small: Real-Time Malicious Speech Detection and Transcription
Voice interfaces are quickly becoming a common way for people to interact with AI systems. This also brings new security risks, such as prompt injection, social engineering, and harmful voice commands. Traditional security methods rely on converting speech to text and then filtering that text,...
Energy-Time Attack on Detectors in Quantum Key Distribution
Quantum key distribution is unbreakable in theory but may be hacked via imperfections in its hardware implementations. While many imperfections have been mitigated by countermeasures and advanced security proofs, several remain unsolved. One of these is a superlinear behaviour in single-photon...
Learning the APT Kill Chain: Temporal Reasoning over Provenance Data for Attack Stage Estimation
Advanced Persistent Threats APTs evolve through multiple stages, each exhibiting distinct temporal and structural behaviors. Accurate stage estimation is critical for enabling adaptive cyber defense. This paper presents StageFinder, a temporal graph learning framework for multi-stage attack...
Post-Quantum Federated Learning: Secure and Scalable Threat Intelligence for Collaborative Cyber Defense
Collaborative threat intelligence via federated learning FL faces critical risks from quantum computing, which can compromise classical encryption methods. This study proposes a quantum-secure FL framework using post-quantum cryptography PQC to protect cross-organizational data sharing. We expose...
Exploring the Drivers of Information Security Policy Compliance among Contingent Employees: A Social, Deterrent, and Involvement-Based Approach
As institutions increasingly depend on Information Systems ISs, ensuring compliance with Information Systems Security Policies ISSPs is critical, especially among contingent employees, whose engagement differs from that of permanent staff. This study examines how Subjective Norm, Deterrence...
Reality Check for Tor Website Fingerprinting in the Open World
Website fingerprinting WF attacks on Tor can infer user destinations from encrypted traffic metadata. However, their real-world effectiveness remains debated due to laboratory settings that fail to capture network fluctuations, evaluate noise, and create a representative open world. In this work,...
Machine Learning Techniques for Enhancing Quantum Key Distribution
Quantum Key Distribution QKD offers theoretically unbreakable security by leveraging quantum mechanics. However, practical implementation is challenged by environmental vulnerabilities, noise, and hardware imperfections. Recently, Machine Learning ML has emerged as a powerful tool to address thes...
Radio-Frequency Side-Channel Analysis of a Trapped-Ion Quantum Computer
Analogously to classical computers, quantum processors exhibit side channels that may give attackers access to potentially proprietary algorithms. We identify and exploit a previously unexplored side channel in trapped-ion quantum processors that arises from the radio-frequency RF signals used to...
Evaluating Generalization Mechanisms in Autonomous Cyber Attack Agents
Autonomous offensive agents often fail to transfer beyond the networks on which they are trained. We isolate a minimal but fundamental shift -- unseen host/subnet IP reassignment in an otherwise fixed enterprise scenario -- and evaluate attacker generalization in the NetSecGame environment. Agent...
Supporting Artifact Evaluation with LLMs: A Study with Published Security Research Papers
Artifact Evaluation AE is essential for ensuring the transparency and reliability of research, closing the gap between exploratory work and real-world deployment is particularly important in cybersecurity, particularly in IoT and CPSs, where large-scale, heterogeneous, and privacy-sensitive data...
Improved Leakage Abuse Attacks in Searchable Symmetric Encryption with EBPF Monitoring
Searchable Symmetric Encryption SSE allows users to search over encrypted data stored on untrusted servers, like cloud providers. While SSE hides the content of queries and documents, it still leaks patterns, such as how often a query is made. These leakages have been shown to enable leakage abus...
Two Frames Matter: A Temporal Attack for Text-To-Video Model Jailbreaking
Recent text-to-video T2V models can synthesize complex videos from lightweight natural language prompts, raising urgent concerns about safety alignment in the event of misuse in the real world. Prior jailbreak attacks typically rewrite unsafe prompts into paraphrases that evade content filters...
Targeted Bit-Flip Attacks on LLM-Based Agents
Targeted bit-flip attacks BFAs exploit hardware faults to manipulate model parameters, posing a significant security threat. While prior work targets single-step inference models e.g., image classifiers, LLM-based agents with multi-stage pipelines and external tools present new attack surfaces,...
Statistical Analysis and Optimization of the MFA Protecting Private Keys
In the current information age, asymmetrical cryptography is widely used to protect information and financial transactions such as cryptocurrencies. The loss of private keys can have catastrophic consequences; therefore, effective MFA schemes are needed. In this paper, we focus on generating...
Alkaid: Resilience to Edit Errors in Provably Secure Steganography Via Distance-Constrained Encoding
While provably secure steganography provides strong concealment by ensuring stego carriers are indistinguishable from natural samples, such systems remain vulnerable to real-world edit errors e.g., insertions, deletions, substitutions because their decoding depends on perfect synchronization and...
SemFuzz: A Semantics-Aware Fuzzing Framework for Network Protocol Implementations
Network protocols are the foundation of modern communication, yet their implementations often contain semantic vulnerabilities stemming from inadequate understanding of specification semantics. Existing gray-box and black-box testing approaches lack semantic modeling of protocols, making it...
YARA-X 1.14.0
YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...
Secure In-Memory Execution with W^X Enforcement Using mprotect
This C program demonstrates how to dynamically control memory allocation with the W^X protection principle...
A LINDDUN-Based Privacy Threat Modeling Framework for GenAI
As generative AI GenAI systems become increasingly prevalent across various technological stacks, the question of how such systems handle sensitive and personal data flows becomes increasingly important. Specifically, both the ability to harness and process large swaths of information as well as...
PQC-LEO: An Evaluation Framework for Post-Quantum Cryptographic Algorithms
Advances in quantum computing threaten digital communication security by undermining the foundations of current public-key cryptography through Shor's quantum algorithm. This has driven the development of Post-Quantum Cryptography PQC, a new set of algorithms resistant to quantum attacks. While...
ESAA-Security: An Event-Sourced, Verifiable Architecture for Agent-Assisted Security Audits of AI-Generated Code
AI-assisted software generation has increased development speed, but it has also amplified a persistent engineering problem: systems that are functionally correct may still be structurally insecure. In practice, prompt-based security review with large language models often suffers from uneven...
Securing Cryptography in the Age of Quantum Computing and AI: Threats, Implementations, and Strategic Response
This review examines how quantum computing and artificial intelligence challenge current cryptographic systems. We analyze the literature to assess the resilience of algorithms against quantum attacks Shor's and Grover's algorithms and AI-enhanced cryptanalysis. RSA and elliptic curve cryptograph...
Before You Hand over the Wheel: Evaluating LLMs for Security Incident Analysis
Security incident analysis SIA poses a major challenge for security operations centers, which must manage overwhelming alert volumes, large and diverse data sources, complex toolchains, and limited analyst expertise. These difficulties intensify because incidents evolve dynamically and require...
OpenAnt LLM-Based Vulnerability Discovery
OpenAnt from Knostic is an open source LLM-based vulnerability discovery product that helps defenders proactively find verified security flaws while minimizing both false positives and false negatives. Stage 1 detects. Stage 2 attacks. What survives is real...
AirPlay RTSP Device Discovery Scanner
The AirPlay RTSP Device Discovery Scanner is a Metasploit auxiliary module designed to safely identify Apple AirPlay-compatible devices by sending a legitimate RTSP OPTIONS request to the default AirPlay service port 7000/TCP. The module performs non-intrusive service fingerprinting only and does...
AegisUI: Behavioral Anomaly Detection for Structured User Interface Protocols in AI Agent Systems
AI agents that build user interfaces on the fly assembling buttons, forms, and data displays from structured protocol payloads are becoming common in production systems. The trouble is that a payload can pass every schema check and still trick a user: a button might say "View invoice" while its...
Adobe SDK 1.7.1 2410 Robust DNG File Generator / Stress Tester
This Python script generates a structurally valid DNG Digital Negative file containing an embedded JPEG XL JXL codestream...
AirPlay RTSP Auditor
This Metasploit module is a hardened RTSP security auditing tool targeting Apple AirPlay services port 7000. It performs a structured authentication handshake using X25519 key exchange, derives shared secrets, and sends a dynamically constructed Apple Binary Property List bplist payload over RTSP...
Adobe SDK 1.7.1 2410 Overflow Analysis / Fuzzing Model
This Python script implements a comprehensive framework to model, detect, and analyze integer overflows in 32-bit arithmetic, particularly in the context of image memory allocation. The framework combines formal methods, stepwise arithmetic, symbolic execution, SMT-style constraint solving,...
Challenges and Design Considerations for Finding CUDA Bugs through GPU-Native Fuzzing
Modern computing is shifting from homogeneous CPU-centric systems to heterogeneous systems with closely integrated CPUs and GPUs. While the CPU software stack has benefited from decades of memory safety hardening, the GPU software stack remains dangerously immature. This discrepancy presents a...
Clam AntiVirus Toolkit 1.5.2
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs ar...
AirPlay Dual‑Mode Discovery Scanner for Flipper Zero ESP32 WiFi Dev Board
This project implements a dual‑mode AirPlay discovery scanner using an ESP32 WiFi Dev Board attached to a Flipper Zero. The tool is designed strictly for network discovery and visibility, not exploitation...
Deep Learning-Driven Friendly Jamming for Secure Multicarrier ISAC under Channel Uncertainty
Integrated sensing and communication ISAC systems promise efficient spectrum utilization by jointly supporting radar sensing and wireless communication. This paper presents a deep learning-driven framework for enhancing physical-layer security in multicarrier ISAC systems under imperfect channel...
Cyber Threat Intelligence for Artificial Intelligence Systems
As artificial intelligence AI becomes deeply embedded in critical services and everyday products, it is increasingly exposed to security threats which traditional cyber defenses were not designed to handle. In this paper, we investigate how cyber threat intelligence CTI may evolve to address...
SecureRAG-RTL: A Retrieval-Augmented, Multi-Agent, Zero-Shot LLM-Driven Framework for Hardware Vulnerability Detection
Large language models LLMs have shown remarkable capabilities in natural language processing tasks, yet their application in hardware security verification remains limited due to scarcity of publicly available hardware description language HDL datasets. This knowledge gap constrains LLM performan...
EVMbench: Evaluating AI Agents on Smart Contract Security
Smart contracts on public blockchains now manage large amounts of value, and vulnerabilities in these systems can lead to substantial losses. As AI agents become more capable at reading, writing, and running code, it is natural to ask how well they can already navigate this landscape, both in way...
Flipper Zero AirPlay mDNS Discovery Scanner
This project provides a safe and non-intrusive discovery tool for identifying AirPlay-enabled devices on a local network using Flipper Zero with the WiFi Dev Board ESP32. The scanner passively listens for mDNS Multicast DNS broadcast traffic on UDP port 5353...
Nuclei 3.7.1
Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...
Breaking Bad Email Habits: Bounding the Impact of Simulated Phishing Campaigns
Simulated phishing campaigns are widely deployed, yet the behavioral data they produce is endogenous: because training is triggered by clicking, the employees receiving intervention have already demonstrated susceptibility. This endogeneity, combined with the difficulty of separating genuine habi...
From Threat Intelligence to Firewall Rules: Semantic Relations in Hybrid AI Agent and Expert System Architectures
Web security demands rapid response capabilities to evolving cyber threats. Agentic Artificial Intelligence AI promises automation, but the need for trustworthy security responses is of the utmost importance. This work investigates the role of semantic relations in extracting information for...
CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts
Log data are essential for intrusion detection and forensic investigations. However, manual log analysis is tedious due to high data volumes, heterogeneous event formats, and unstructured messages. Even though many automated methods for log analysis exist, they usually still rely on domain-specif...
WordPress ACF 0.9.1.1 Vulnerability Scanner
WordPress ACF plugin version 0.9.1.1 non‑intrusive vulnerability scanner that performs version checks...