6803 matches found
Wireshark Analyzer 4.6.4
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...
Cryptographic Fragility of Standard Quantum Repeater Protocols
The security of the proposed quantum Internet relies on repeater protocols designed under the assumption of stochastic, characterizable noise. We demonstrate that in adversarial environments this assumption induces performance vulnerabilities for computationally bounded repeater nodes. We show th...
Cybersecurity of Teleoperated Quadruped Robots: A Systematic Survey of Vulnerabilities, Threats, and Open Defense Gaps
Teleoperated quadruped robots are increasingly deployed in safety-critical missions -- industrial inspection, military reconnaissance, and emergency response -- yet the security of their communication and control infrastructure remains insufficiently characterized. Quadrupeds present distinct...
A High-Throughput AES-GCM Implementation on GPUs for Secure, Policy-Based Access to Massive Astronomical Catalogs
The era of large astronomical surveys generates massive image catalogs requiring efficient and secure access, particularly during pre-publication periods where data confidentiality and integrity are paramount. While Findable, Accessible, Interoperable, and Reusable FAIR principles guide the...
RandSet: Randomized Corpus Reduction for Fuzzing Seed Scheduling
Seed explosion is a fundamental problem in fuzzing seed scheduling, where a fuzzer maintains a huge corpus and fails to choose promising seeds. Existing works focus on seed prioritization but still suffer from seed explosion since corpus size remains huge. We tackle this from a new perspective:...
Eve'S Forgery Probability from Her False Acceptance Probability: Interactive Authentication, Holevo Information and the Min-Entropy
We obtain estimates for Eve's forgery probability, namely the probability that she is able to forge a message which Alice or Bob mistakenly accept over a noisy Quantum channel for generating a shared Quantum secret key. This probability is related to Eve's success probability obtained in a previo...
Lifecycle-Integrated Security for AI-Cloud Convergence in Cyber-Physical Infrastructure
The convergence of Artificial Intelligence AI inference pipelines with cloud infrastructure creates a dual attack surface where cloud security standards and AI governance frameworks intersect without unified enforcement mechanisms. AI governance, cloud security, and industrial control system...
Reverse CAPTCHA: Evaluating LLM Susceptibility to Invisible Unicode Instruction Injection
We introduce Reverse CAPTCHA, an evaluation framework that tests whether large language models follow invisible Unicode-encoded instructions embedded in otherwise normal-looking text. Unlike traditional CAPTCHAs that distinguish humans from machines, our benchmark exploits a capability gap: model...
OpenAI - Disrupting Malicious Uses of Our Models
This is the February, 2026 report from OpenAI that discusses their work in disrupting malicious use of their models...
Strengthening Security and Noise Resistance in One-Way Quantum Key Distribution Protocols through Hypercube-Based Quantum Walks
Quantum Key Distribution QKD is a foundational cryptographic protocol that ensures information-theoretic security. However, classical protocols such as BB84, though favored for their simplicity, offer limited resistance to eavesdropping, and perform poorly under realistic noise conditions. Recent...
RTSP Unauthenticated Stream Exposure Checker
This Python script uses the OpenCV library cv2 to test whether an IP camera exposes its RTSP stream without authentication. It attempts to connect to the default RTSP endpoint rtsp://:554/default and checks if the stream can be opened and a video frame retrieved successfully. If the connection...
Blockchain-Enabled Routing for Zero-Trust Low-Altitude Intelligent Networks
Due to the scalability and portability, low-altitude intelligent networks LAINs are essential in various fields such as surveillance and disaster rescue. However, in LAINs, unmanned aerial vehicles UAVs are characterized by the distributed topology and high mobility, thus vulnerable to security...
Splunk Enterprise 8.2.9 / 9.0.2 Vulnerability Scanner
This is a scanner that checks if a Splunk Enterprise system is susceptible to CVE‑2022‑43571, an authenticated remote code execution vulnerability. The vulnerability exists due to insufficient input sanitization in SimpleXML dashboard style parameters such as lineColor or fillColor. When a...
APFuzz: Towards Automatic Greybox Protocol Fuzzing
Greybox protocol fuzzing is a random testing approach for stateful protocol implementations, where the input is protocol messages generated from mutations of seeds, and the search in the input space is driven by the feedback on coverage of both code and state. State model and message model are th...
Predicting Known Vulnerabilities from Attack Descriptions Using Sentence Transformers
Modern infrastructures rely on software systems that remain vulnerable to cyberattacks. These attacks frequently exploit vulnerabilities documented in repositories such as MITRE's Common Vulnerabilities and Exposures CVE. However, Cyber Threat Intelligence resources, including MITRE ATT&CK and CV...
Implementation and Transition to Post-Quantum Cryptography of the Minimal IKE Protocol
This paper concerns the Minimal Internet Key Exchange IKE protocol, which has received little attention to date, despite its potential to make the best-known IKE protocol sufficiently lightweight to be also applied in contexts where it is currently prohibitive, due to its large footprint. First, ...
Explainability-Aware Evaluation of Transfer Learning Models for IoT DDoS Detection under Resource Constraints
Distributed denial-of-service DDoS attacks threaten the availability of Internet of Things IoT infrastructures, particularly under resource-constrained deployment conditions. Although transfer learning models have shown promising detection accuracy, their reliability, computational feasibility, a...
ChaCha20‑Poly1305 AEAD Production Decryptor
This C implementation provides a secure ChaCha20‑Poly1305 decryption function fully compliant with RFC 8439...
MulCovFuzz: A Multi-Component Coverage-Guided Greybox Fuzzer for 5G Protocol Testing
As mobile networks transition to 5G infrastructure, ensuring robust security becomes more important due to the complex architecture and expanded attack surface. Traditional security testing approaches for 5G networks rely on black-box fuzzing techniques, which are limited by their inability to...
HDF5 Plugin 2.17.0 Path Audit
This script demonstrates a controlled security audit scenario targeting the HDF5 dynamic plugin loading mechanism. It compiles a shared C library that mimics a legitimate HDF5 filter plugin by implementing the required H5Zclass2t structure and registration functions H5PLgetplugintype,...
Google Chrome 145.0.7632.75 Cross-Platform Version Scanner
This Python script is a defensive security utility designed to detect whether the installed version of Google Chrome is vulnerable to CVE-2026-2441, a high-severity use-after-free flaw affecting versions prior to 145.0.7632.75...
The Silent Spill: Measuring Sensitive Data Leaks across Public URL Repositories
A large number of URLs are made public by various platforms for security analysis, archiving, and paste sharing -- such as VirusTotal, URLScan.io, Hybrid Analysis, the Wayback Machine, and RedHunt. These services may unintentionally expose links containing sensitive information, as reported in so...
GNU Privacy Guard 2.5.18
GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...
Analysis of LLMs against Prompt Injection and Jailbreak Attacks
Large Language Models LLMs are widely deployed in real-world systems. Given their broader applicability, prompt engineering has become an efficient tool for resource-scarce organizations to adopt LLMs for their own purposes. At the same time, LLMs are vulnerable to prompt-based attacks. Thus,...
ICSSPulse: A Modular LLM-Assisted Platform for Industrial Control System Penetration Testing
It is well established that industrial control systems comprise the operational backbone of modern critical infrastructures, yet their increasing connectivity exposes them to cyber threats that are difficult to study and remedy safely under real-time operational conditions. In this paper, we...
Self-Purification Mitigates Backdoors in Multimodal Diffusion Language Models
Multimodal Diffusion Language Models MDLMs have recently emerged as a competitive alternative to their autoregressive counterparts. Yet their vulnerability to backdoor attacks remains largely unexplored. In this work, we show that well-established data-poisoning pipelines can successfully implant...
A Systematic Review of Algorithmic Red Teaming Methodologies for Assurance and Security of AI Applications
Cybersecurity threats are becoming increasingly sophisticated, making traditional defense mechanisms and manual red teaming approaches insufficient for modern organizations. While red teaming has long been recognized as an effective method to identify vulnerabilities by simulating real-world...
Linux Kernel 7.x Safe Verification of XFS Scrub ioctl Support
This tool provides a safe and non-exploitative way to verify whether a mount point uses the XFS file system and whether the system kernel supports the ioctl interface for XFS metadata cleanup XFSIOCSCRUBMETADATA. The tool performs verification of the file system type to confirm it is XFS, safely...
A Lightweight Defense Mechanism against Next Generation of Phishing Emails Using Distilled Attention-Augmented BiLSTM
The current generation of large language models produces sophisticated social-engineering content that bypasses standard text screening systems in business communication platforms. Our proposed solution for mail gateway and endpoint deception detection operates in a privacy-protective manner whil...
AdapTools: Adaptive Tool-Based Indirect Prompt Injection Attacks on Agentic LLMs
The integration of external data services e.g., Model Context Protocol, MCP has made large language model-based agents increasingly powerful for complex task execution. However, this advancement introduces critical security vulnerabilities, particularly indirect prompt injection IPI attacks...
SPIP Ultimate Auditor – Comprehensive Security Assessment Script
SPIP Ultimate Auditor is a Python-based security assessment script designed to perform a multi-phase audit against a SPIP CMS installation. The tool automates reconnaissance and misconfiguration detection tasks to identify potential security weaknesses in a target deployment...
MemoPhishAgent: Memory-Augmented Multi-Modal LLM Agent for Phishing URL Detection
Traditional phishing website detection relies on static heuristics or reference lists, which lag behind rapidly evolving attacks. While recent systems incorporate large language models LLMs, they are still prompt-based, deterministic pipelines that underutilize reasoning capability. We present...
FreeBSD Security Advisory - FreeBSD-SA-26:05.route
FreeBSD Security Advisory - The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not...
FreeBSD Security Advisory - FreeBSD-SA-26:04.jail
FreeBSD Security Advisory - If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator h...
Regular Expression Denial of Service Induced by Backreferences
This paper presents the first systematic study of denial-of-service vulnerabilities in Regular Expressions with Backreferences REwB. We introduce the Two-Phase Memory Automaton 2PMFA, an automaton model that precisely captures REwB semantics. Using this model, we derive necessary conditions under...
Mass FortiGate Symlink Bypass Scanner
FortiGate mass symlink bypass scanner that adds structured validation, impact assessment, and reporting logic. It first verifies whether the target actually appears to be a FortiGate device from Fortinet using fingerprinting heuristics, which reduces false positives. Instead of testing a single...
Agents of Chaos
We report an exploratory red-teaming study of autonomous language-model-powered agents deployed in a live laboratory environment with persistent memory, email accounts, Discord access, file systems, and shell execution. Over a two-week period, twenty AI researchers interacted with the agents unde...
An Explainable Memory Forensics Approach for Malware Analysis
Memory forensics is an effective methodology for analyzing living-off-the-land malware, including threats that employ evasion, obfuscation, anti-analysis, and steganographic techniques. By capturing volatile system state, memory analysis enables the recovery of transient artifacts such as decrypt...
Agentic AI As a Cybersecurity Attack Surface: Threats, Exploits, and Defenses in Runtime Supply Chains
Agentic systems built on large language models LLMs extend beyond text generation to autonomously retrieve information and invoke tools. This runtime execution model shifts the attack surface from build-time artifacts to inference-time dependencies, exposing agents to manipulation through untrust...
Understanding Human-AI Collaboration in Cybersecurity Competitions
Capture-the-Flag CTF competitions are increasingly becoming a testbed for evaluating AI capabilities at solving security tasks, due to the controlled environments and objective success criteria. Existing evaluations have focused on how successful AI is at solving CTF challenges in isolation from...
CodeHacker: Automated Test Case Generation for Detecting Vulnerabilities in Competitive Programming Solutions
The evaluation of Large Language Models LLMs for code generation relies heavily on the quality and robustness of test cases. However, existing benchmarks often lack coverage for subtle corner cases, allowing incorrect solutions to pass. To bridge this gap, we propose CodeHacker, an automated agen...
Predicting Known Vulnerabilities from Attack News: A Transformer-Based Approach
Identifying the vulnerabilities exploited during cyberattacks is essential for enabling timely responses and effective mitigation in software security. This paper directly examines the process of predicting software vulnerabilities, specifically Common Vulnerabilities and Exposures CVEs, from...
OWASP Smart Contract Top 10
The OWASP Smart Contract Top 10: 2026 is a standard awareness document that aims to provide Web3 developers and security teams with insights into the top 10 vulnerabilities found in smart contracts. It is a sub‑project of the broader OWASP Smart Contract Security OWASP SCS initiative. It serves a...
SmarterMail 100.0.9413 Vulnerability Scanner
This PHP class implements a non-intrusive vulnerability scanner designed to assess the exposure of a SmarterMail instance to a file upload–related security flaw without executing any commands or payloads. The scanner follows a safe, read-only validation approach that focuses on detecting improper...
SafePickle: Robust and Generic ML Detection of Malicious Pickle-Based ML Models
Model repositories such as Hugging Face increasingly distribute machine learning artifacts serialized with Python's pickle format, exposing users to remote code execution RCE risks during model loading. Recent defenses, such as PickleBall, rely on per-library policy synthesis that requires comple...
Can You Tell It'S AI? Human Perception of Synthetic Voices in Vishing Scenarios
Large Language Models and commercial speech synthesis systems now enable highly realistic AI-generated voice scams vishing, raising urgent concerns about deception at scale. Yet it remains unclear whether individuals can reliably distinguish AI-generated speech from human-recorded voices in...
OpenClaw, Moltbook, and ClawdLab: From Agent-Only Social Networks to Autonomous Scientific Research
In January 2026, the open-source agent framework OpenClaw and the agent-only social network Moltbook produced a large-scale dataset of autonomous AI-to-AI interaction, attracting six academic publications within fourteen days. This study conducts a multivocal literature review of that ecosystem a...
FortiGate Exposure Audit Tool / Double Slash Path Validation Scanner
The FortiGate Exposure Audit Tool is a defensive security auditing script designed to identify potential path validation inconsistencies in devices that appear to be running FortiGate by Fortinet. This tool does not attempt exploitation, file extraction, or configuration access...
Evolution Cyber Intelligence
This is a book written by indoushka that covers the evolution of cyber intelligence from historical methodologies to modern day attacks. Written in Arabic...
RobPI: Robust Private Inference against Malicious Client
The increased deployment of machine learning inference in various applications has sparked privacy concerns. In response, private inference PI protocols have been created to allow parties to perform inference without revealing their sensitive data. Despite recent advances in the efficiency of PI,...