6825 matches found
PIDSMaker: Building and Evaluating Provenance-Based Intrusion Detection Systems
Recent provenance-based intrusion detection systems PIDSs have demonstrated strong potential for detecting advanced persistent threats APTs by applying machine learning to system provenance graphs. However, evaluating and comparing PIDSs remains difficult: prior work uses inconsistent preprocessi...
From Similarity to Vulnerability: Key Collision Attack on LLM Semantic Caching
Semantic caching has emerged as a pivotal technique for scaling LLM applications, widely adopted by major providers including AWS and Microsoft. By utilizing semantic embedding vectors as cache keys, this mechanism effectively minimizes latency and redundant computation for semantically similar...
CERT.pl Energy Sector Incident 29 December
This is the official report from CERT.pl on the coordinated attacks against Poland's energy sector. These events affected both information systems IT and physical industrial equipment OT, which is rarely observed in attacks reported publicly to date...
Optimal Transport-Guided Adversarial Attacks on Graph Neural Network-Based Bot Detection
The rise of bot accounts on social media poses significant risks to public discourse. To address this threat, modern bot detectors increasingly rely on Graph Neural Networks GNNs. However, the effectiveness of these GNN-based detectors in real-world settings remains poorly understood. In practice...
Sifting the Noise: A Comparative Study of LLM Agents in Vulnerability False Positive Filtering
Static Application Security Testing SAST tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives FPs, imposing a substantial manual triage burden on developers. Recent advances in Large Language Model LLM agents offer a promising...
Okara: Detection and Attribution of TLS Man-In-The-Middle Vulnerabilities in Android Apps with Foundation Models
Transport Layer Security TLS is fundamental to secure online communication, yet vulnerabilities in certificate validation that enable Man-in-the-Middle MitM attacks remain a pervasive threat in Android apps. Existing detection tools are hampered by low-coverage UI interaction, costly...
Uncovering Hidden Inclusions of Vulnerable Dependencies in Real-World Java Projects
Open-source software OSS dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on open-source software also introduces significant security...
Beyond the Finite Variant Property: Extending Symbolic Diffie-Hellman Group Models (Extended Version)
Diffie-Hellman groups are commonly used in cryptographic protocols. While most state-of-the-art, symbolic protocol verifiers support them to some degree, they do not support all mathematical operations possible in these groups. In particular, they lack support for exponent addition, as these tool...
Notepad++ 8.9 Persistence Module
This Metasploit post-exploitation module abuses a legitimate Notepad++ feature by modifying the shortcuts.xml configuration file to register a custom external tool. The added tool appears in the Notepad++ Run menu and executes a user-defined command when manually selected by the user. This...
ReasoningBomb: A Stealthy Denial-Of-Service Attack by Inducing Pathologically Long Reasoning in Large Reasoning Models
Large reasoning models LRMs extend large language models with explicit multi-step reasoning traces, but this capability introduces a new class of prompt-induced inference-time denial-of-service PI-DoS attacks that exploit the high computational cost of reasoning. We first formalize inference cost...
QCL-IDS: Quantum Continual Learning for Intrusion Detection with Fidelity-Anchored Stability and Generative Replay
Continual intrusion detection must absorb newly emerging attack stages while retaining legacy detection capability under strict operational constraints, including bounded compute and qubit budgets and privacy rules that preclude long-term storage of raw telemetry. We propose QCL-IDS, a...
SecIC3: Customizing IC3 for Hardware Security Verification
Recent years have seen significant advances in using formal verification to check hardware security properties. Of particular practical interest are checking confidentiality and integrity of secrets, by checking that there is no information flow between the secrets and observable outputs. A...
Libgcrypt 1.12.0
Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers AES, DES, Blowfish, CAST5, Twofish, and Arcfour, hash algorithms MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192, MACs HMAC for all hash...
A Systematic Literature Review on LLM Defenses against Prompt Injection and Jailbreaking: Expanding NIST Taxonomy
The rapid advancement and widespread adoption of generative artificial intelligence GenAI and large language models LLMs has been accompanied by the emergence of new security vulnerabilities and challenges, such as jailbreaking and other prompt injection attacks. These maliciously crafted inputs...
TOR Virtual Network Tunneling Tool 0.4.8.22
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...
Hardware-Triggered Backdoors
Machine learning models are routinely deployed on a wide range of computing hardware. Although such hardware is typically expected to produce identical results, differences in its design can lead to small numerical variations during inference. In this work, we show that these variations can be...
Secure Group Key Agreement on Cyber-Physical System Buses
Cyber-Physical Systems CPSs rely on distributed embedded devices that often must communicate securely over buses. Ensuring message integrity and authenticity on these buses typically requires group-shared keys for Message Authentication Codes MACs. To avoid insecure fixed pre-shared keys and...
Stealthy Poisoning Attacks Bypass Defenses in Regression Settings
Regression models are widely used in industrial processes, engineering and in natural and physical sciences, yet their robustness to poisoning has received less attention. When it has, studies often assume unrealistic threat models and are thus less useful in practice. In this paper, we propose a...
RedSage: A Cybersecurity Generalist LLM
Cybersecurity operations demand assistant LLMs that support diverse workflows without exposing sensitive data. Existing solutions either rely on proprietary APIs with privacy risks or on open models lacking domain adaptation. To bridge this gap, we curate 11.8B tokens of cybersecurity-focused...
Chasing Elusive Memory Bugs in GPU Programs
Memory safety bugs, such as out-of-bound accesses OOB in GPU programs, can compromise the security and reliability of GPU-accelerated software. We report the existence of input-dependent OOBs in the wild that manifest only under specific inputs. All existing tools to detect OOBs in GPU programs...
InvisibleJS Detection and Analysis Scanner
InvisibleJS is an obfuscation technique that hides JavaScript source code using zero‑width Unicode characters, making files appear empty while still executing at runtime via eval or dynamic import with data: URIs. Although visually deceptive, this method provides no real cryptographic protection...
osTicket 1.18.3 Intelligence and Security Analysis Module
This Metasploit auxiliary module is designed for intelligence gathering, security analysis, and vulnerability discovery in osTicket installations. It performs passive and active reconnaissance without direct exploitation and stores results in the Metasploit database for reporting...
Microsoft Windows Script Host 5.812 File Generator
Microsoft Windows Script Host version 5.812 .vbs file generation tool that can be used to establish persistence on Windows systems...
User-Centric Phishing Detection: A RAG and LLM-Based Approach
The escalating sophistication of phishing emails necessitates a shift beyond traditional rule-based and conventional machine-learning-based detectors. Although large language models LLMs offer strong natural language understanding, using them as standalone classifiers often yields elevated...
Burp Global Match and Replace Extension 2.0.0
This archive provides a system-wide match and replace table that applies to all Burp tools including Burp AI. This goes beyond Proxy Match and Replace, which only affects Proxy...
Unicornscan 0.4.51
Unicornscan is an information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL...
ShellForge: Adversarial Co-Evolution of Webshell Generation and Multi-View Detection for Robust Webshell Defense
Webshells remain a primary foothold for attackers to compromise servers, particularly within PHP ecosystems. However, existing detection mechanisms often struggle to keep pace with rapid variant evolution and sophisticated obfuscation techniques that camouflage malicious intent. Furthermore, many...
Llama-3.1-FoundationAI-SecurityLLM-Reasoning-8B Technical Report
We present Foundation-Sec-8B-Reasoning, the first open-source native reasoning model for cybersecurity. Built upon our previously released Foundation-Sec-8B base model derived from Llama-3.1-8B-Base, the model is trained through a two-stage process combining supervised fine-tuning SFT and...
A High-Performance Fractal Encryption Framework and Modern Innovations for Secure Image Transmission
The current digital era, driven by growing threats to data security, requires a robust image encryption technique. Classical encryption algorithms suffer from a trade-off among security, image fidelity, and computational efficiency. This paper aims to enhance the performance and efficiency of ima...
Supply Chain Insecurity: Exposing Vulnerabilities in IOS Dependency Management Systems
Dependency management systems are a critical component in software development, enabling projects to incorporate existing functionality efficiently. However, misconfigurations and malicious actors in these systems pose severe security risks, leading to supply chain attacks. Despite the widespread...
Nuclei 3.7.0
Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...
Falco 0.43.0
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...
YARA-X 1.12.0
YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...
Helper-Assisted Coding for Gaussian Wiretap Channels: Deep Learning Meets PhySec
Consider the Gaussian wiretap channel, where a transmitter wishes to send a confidential message to a legitimate receiver in the presence of an eavesdropper. It is well known that if the eavesdropper experiences less channel noise than the legitimate receiver, then it is impossible for the...
What Are Brands Telling You about Smishing? A Cross-Industry Evaluation of Customer Guidance
Phishing attacks through text, also known as smishing, are a prevalent type of social engineering tactic in which attackers impersonate brands to deceive victims into providing personal information and/or money. While smishing awareness and cyber education are a key method by which organizations...
OATH Toolkit 2.6.14
OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit...
Context-Aware Offensive Intelligence (CAOI)
This research introduces a new class of post-exploitation intelligence modules for the Metasploit Framework. Unlike traditional modules, these components do not exploit vulnerabilities, escalate privileges, or modify target systems. The modules operate as a contextual intelligence layer that...
Faraday 5.19.0
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...
AI-Driven Intrusion Detection for UAV in Smart Urban Ecosystems: A Comprehensive Survey
UAVs have the potential to revolutionize urban management and provide valuable services to citizens. They can be deployed across diverse applications, including traffic monitoring, disaster response, environmental monitoring, and numerous other domains. However, this integration introduces novel...
SSH Key Persistence
This Metasploit module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. No payload is required for this module to work. If an SSH key is not provided, a new 4096 bit RSA keypair will be generated. The private key will be stored as loot for later use...
RvB: Automating AI System Hardening Via Iterative Red-Blue Games
The dual offensive and defensive utility of Large Language Models LLMs highlights a critical gap in AI security: the lack of unified frameworks for dynamic, iterative adversarial adaptation hardening. To bridge this gap, we propose the Red Team vs. Blue Team RvB framework, formulated as a...
FreeBSD Security Advisory - FreeBSD-SA-26:02.jail
FreeBSD Security Advisory - By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of th...
Who Said CVE? How Vulnerability Identifiers Are Mentioned by Humans, Bots, and Agents in Pull Requests
Vulnerability identifiers such as CVE, CWE, and GHSA are standardised references to known software security issues, yet their use in practice is not well understood. This paper compares vulnerability ID use in GitHub pull requests authored by autonomous agents, bots, and human developers. Using t...
OpenSSL Toolkit 3.6.1
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.6 release...
Cascaded Vulnerability Attacks in Software Supply Chains
Most of the current software security analysis tools assess vulnerabilities in isolation. However, sophisticated software supply chain security threats often stem from cascaded vulnerability and security weakness chains that span dependent components. Moreover, although the adoption of Software...
Putting Privacy to the Test: Introducing Red Teaming for Research Data Anonymization
Recently, the data protection practices of researchers in human-computer interaction and elsewhere have gained attention. Initial results suggest that researchers struggle with anonymization, partly due to a lack of clear, actionable guidance. In this work, we propose simulating re-identification...
GNU Privacy Guard 2.5.17
GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...
Burp Suite 2025.12.4 Extension Advanced ReDoS Detector
This Burp Suite Java extension integrates an advanced timing-based ReDoS detection engine into Burp's Active Scanner. It automatically tests HTTP parameters using crafted payloads to identify exponential regex backtracking vulnerabilities. The extension performs warm-up requests, collects baselin...
MalURLBench: A Benchmark Evaluating Agents' Vulnerabilities When Processing Web URLs
LLM-based web agents have become increasingly popular for their utility in daily life and work. However, they exhibit critical vulnerabilities when processing malicious URLs: accepting a disguised malicious URL enables subsequent access to unsafe webpages, which can cause severe damage to service...
JavaScript Sensitive Information Disclosure Scanner
This tool performs automated crawling and heuristic scanning of JavaScript files linked within a target website. It identifies exposed secrets such as API keys, access tokens, cloud credentials, private keys, and database passwords that may be unintentionally published within frontend resources. ...