6825 matches found
Towards a Blockchain-Based CI/CD Framework to Enhance Security in Cloud Environments
Security is becoming a pivotal point in cloud platforms. Several divisions, such as business organisations, health care, government, etc., have experienced cyber-attacks on their infrastructures. This research focuses on security issues within Continuous Integration and Deployment CI/CD pipelines...
Active Honeypot Guardrail System: Probing and Confirming Multi-Turn LLM Jailbreaks
Large language models LLMs are increasingly vulnerable to multi-turn jailbreak attacks, where adversaries iteratively elicit harmful behaviors that bypass single-turn safety filters. Existing defenses predominantly rely on passive rejection, which either fails against adaptive attackers or overly...
Leveraging Code Cohesion Analysis to Identify Source Code Supply Chain Attacks
Supply chain attacks significantly threaten software security with malicious code injections within legitimate projects. Such attacks are very rare but may have a devastating impact. Detecting spurious code injections using automated tools is further complicated as it often requires deciphering t...
Beyond a Single Perspective: Towards a Realistic Evaluation of Website Fingerprinting Attacks
Website Fingerprinting WF attacks exploit patterns in encrypted traffic to infer the websites visited by users, posing a serious threat to anonymous communication systems. Although recent WF techniques achieve over 90% accuracy in controlled experimental settings, most studies remain confined to...
PoTS: Proof-Of-Training-Steps for Backdoor Detection in Large Language Models
As Large Language Models LLMs gain traction across critical domains, ensuring secure and trustworthy training processes has become a major concern. Backdoor attacks, where malicious actors inject hidden triggers into training data, are particularly insidious and difficult to detect. Existing...
Improving Cybercrime Detection and Digital Forensics Investigations with Artificial Intelligence
According to a recent EUROPOL report, cybercrime is still recurrent in Europe, and different activities and countermeasures must be taken to limit, prevent, detect, analyze, and fight it. Cybercrime must be prevented with specific measures, tools, and techniques, for example through automated...
LLM Agents for Automated Web Vulnerability Reproduction: Are We There Yet?
Large language model LLM agents have demonstrated remarkable capabilities in software engineering and cybersecurity tasks, including code generation, vulnerability discovery, and automated testing. One critical but underexplored application is automated web vulnerability reproduction, which...
Zeek 8.0.3
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
Clam AntiVirus Toolkit 1.5.1
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs ar...
A Novel GPT-Based Framework for Anomaly Detection in System Logs
Identification of anomalous events within system logs constitutes a pivotal element within the frame- work of cybersecurity defense strategies. However, this process faces numerous challenges, including the management of substantial data volumes, the distribution of anomalies, and the precision o...
Intermittent File Encryption in Ransomware: Measurement, Modeling, and Detection
File encrypting ransomware increasingly employs intermittent encryption techniques, encrypting only parts of files to evade classical detection methods. These strategies, exemplified by ransomware families like BlackCat, complicate file structure based detection techniques due to diverse file...
A Hard-Label Black-Box Evasion Attack against ML-Based Malicious Traffic Detection Systems
Machine Learning ML-based malicious traffic detection is a promising security paradigm. It outperforms rule-based traditional detection by identifying various advanced attacks. However, the robustness of these ML models is largely unexplored, thereby allowing attackers to craft adversarial traffi...
TITAN: Graph-Executable Reasoning for Cyber Threat Intelligence
TITAN Threat Intelligence Through Automated Navigation is a framework that connects natural-language cyber threat queries with executable reasoning over a structured knowledge graph. It integrates a path planner model, which predicts logical relation chains from text, and a graph executor that...
AEX-NStep: Probabilistic Interrupt Counting Attacks on Intel SGX
To mitigate interrupt-based stepping attacks notably using SGX-Step, Intel introduced AEX-Notify, an ISA extension to Intel SGX that aims to prevent deterministic single-stepping. In this work, we introduce AEX-NStep, the first interrupt counting attack on AEX-Notify-enabled Enclaves. We show tha...
How Blind and Low-Vision Users Manage Their Passwords
Managing passwords securely and conveniently is still an open problem for many users. Existing research has examined users' password management strategies and identified pain points, such as security concerns, leading to insecure practices. We investigate how Blind and Low-Vision BLV users tackle...
Injection, Attack and Erasure: Revocable Backdoor Attacks Via Machine Unlearning
Backdoor attacks pose a persistent security risk to deep neural networks DNNs due to their stealth and durability. While recent research has explored leveraging model unlearning mechanisms to enhance backdoor concealment, existing attack strategies still leave persistent traces that may be detect...
Power Grid Cybersecurity: Policy Analysis White Paper
The U.S. power grid underpins national security, public safety, and economic stability, but faces growing cyber risks from vulnerabilities in industrial control systems, remote access, and poor cyber hygiene. Despite its critical importance, current policy remains fragmented and reactive. This...
In-Browser LLM-Guided Fuzzing for Real-Time Prompt Injection Testing in Agentic AI Browsers
Large Language Model LLM based agents integrated into web browsers often called agentic AI browsers offer powerful automation of web tasks. However, they are vulnerable to indirect prompt injection attacks, where malicious instructions hidden in a webpage deceive the agent into unwanted actions...
Securing U.S. Critical Infrastructure: Lessons from Stuxnet and the Ukraine Power Grid Attacks
Industrial Control Systems ICS underpin the United States' critical infrastructure, managing essential services such as power, water, and transportation that are vital to national security and public safety. However, increasing digital integration has exposed these systems to escalating cyber...
Toward Cybersecurity-Expert Small Language Models
Large language models LLMs are transforming everyday applications, yet deployment in cybersecurity lags due to a lack of high-quality, domain-specific models and training datasets. To address this gap, we present CyberPal 2.0, a family of cybersecurity-expert small language models SLMs ranging fr...
RoBCtrl: Attacking GNN-Based Social Bot Detectors Via Reinforced Manipulation of Bots Control Interaction
Social networks have become a crucial source of real-time information for individuals. The influence of social bots within these platforms has garnered considerable attention from researchers, leading to the development of numerous detection technologies. However, the vulnerability and robustness...
GRIDAI: Generating and Repairing Intrusion Detection Rules Via Collaboration among Multiple LLM-Based Agents
Rule-based network intrusion detection systems play a crucial role in the real-time detection of Web attacks. However, most existing works primarily focus on automatically generating detection rules for new attacks, often overlooking the relationships between new attacks and existing rules, which...
Infrastructure Patterns in Toll Scam Domains: A Comprehensive Analysis of Cybercriminal Registration and Hosting Strategies
Toll scams involve criminals registering fake domains that pretend to be legitimate transportation agencies to trick users into making fraudulent payments. Although these scams are rapidly increasing and causing significant harm, they have not been extensively studied. We present the first...
Targeted Pooled Latent-Space Steganalysis Applied to Generative Steganography, with a Fix
Steganographic schemes dedicated to generated images modify the seed vector in the latent space to embed a message, whereas most steganalysis methods attempt to detect the embedding in the image space. This paper proposes to perform steganalysis in the latent space by modeling the statistical...
ShuffleV: A Microarchitectural Defense Strategy against Electromagnetic Side-Channel Attacks in Microprocessors
The run-time electromagnetic EM emanation of microprocessors presents a side-channel that leaks the confidentiality of the applications running on them. Many recent works have demonstrated successful attacks leveraging such side-channels to extract the confidentiality of diverse applications, suc...
Clutch Control: An Attention-Based Combinatorial Bandit for Efficient Mutation in JavaScript Engine Fuzzing
JavaScript engines are widely used in web browsers, PDF readers, and server-side applications. The rise in concern over their security has led to the development of several targeted fuzzing techniques. However, existing approaches use random selection to determine where to perform mutations in...
Zeek 8.0.2
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
Multi-Copy Security in Unclonable Cryptography
Unclonable cryptography leverages the quantum no-cloning principle to copy-protect cryptographic functionalities. While most existing works address the basic single-copy security, the stronger notion of multi-copy security remains largely unexplored. We introduce a generic compiler that upgrades...
Hash Chaining Degrades Security at Facebook
Modern web and digital application password storage relies on password hashing for storage and security. Ad-hoc upgrade of password storage to keep up with hash algorithm norms may be used to save costs but can introduce unforeseen vulnerabilities. This is the case in the password storage scheme...
PromptLocate: Localizing Prompt Injection Attacks
Prompt injection attacks deceive a large language model into completing an attacker-specified task instead of its intended task by contaminating its input data with an injected prompt, which consists of injected instructions and data. Localizing the injected prompt within contaminated data is...
Wapiti Web Application Vulnerability Scanner 3.2.7 Source Code
Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...
HackWorld: Evaluating Computer-Use Agents on Exploiting Web Application Vulnerabilities
Web applications are prime targets for cyberattacks as gateways to critical services and sensitive data. Traditional penetration testing is costly and expertise-intensive, making it difficult to scale with the growing web ecosystem. While language model agents show promise in cybersecurity, moder...
Attack-Specialized Deep Learning with Ensemble Fusion for Network Anomaly Detection
The growing scale and sophistication of cyberattacks pose critical challenges to network security, particularly in detecting diverse intrusion types within imbalanced datasets. Traditional intrusion detection systems IDS often struggle to maintain high accuracy across both frequent and rare...
DeepTrust: Multi-Step Classification through Dissimilar Adversarial Representations for Robust Android Malware Detection
Over the last decade, machine learning has been extensively applied to identify malicious Android applications. However, such approaches remain vulnerable against adversarial examples, i.e., examples that are subtly manipulated to fool a machine learning model into making incorrect predictions...
Noisy Neighbor: Exploiting RDMA for Resource Exhaustion Attacks in Containerized Clouds
In modern containerized cloud environments, the adoption of RDMA Remote Direct Memory Access has expanded to reduce CPU overhead and enable high-performance data exchange. Achieving this requires strong performance isolation to ensure that one container's RDMA workload does not degrade the...
PromoGuardian: Detecting Promotion Abuse Fraud with Multi-Relation Fused Graph Neural Networks
As e-commerce platforms develop, fraudulent activities are increasingly emerging, posing significant threats to the security and stability of these platforms. Promotion abuse is one of the fastest-growing types of fraud in recent years and is characterized by users exploiting promotional activiti...
Wapiti Web Application Vulnerability Scanner 3.2.7
Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the binary release...
Breaking Guardrails, Facing Walls: Insights on Adversarial AI for Defenders and Researchers
Analyzing 500 CTF participants, this paper shows that while participants readily bypassed simple AI guardrails using common techniques, layered multi-step defenses still posed significant challenges, offering concrete insights for building safer AI systems...
From Misinformation to Climate Crisis: Navigating Vulnerabilities in the Cyber-Physical-Social Systems
Within the cyber-physical-social-climate nexus, all systems are deeply interdependent: cyber infrastructure facilitates communication, data processing, and automation across physical systems such as power grids and networks, while social infrastructure provides the human capital and societal norm...
Pixnapping: Bringing Pixel Stealing out of the Stone Age
Pixel stealing attacks enable malicious websites to leak sensitive content displayed in victim websites. The idea, introduced by Stone in 2013, is to embed victim websites in iframes and use SVG filters to compute on, and create side channels as a function of, those websites' pixels. Fortunately,...
(Dis)Proving Spectre Security with Speculation-Passing Style
Constant-time CT verification tools are commonly used for detecting potential side-channel vulnerabilities in cryptographic libraries. Recently, a new class of tools, called speculative constant-time SCT tools, has also been used for detecting potential Spectre vulnerabilities. In many cases, the...
Navigating the Dual-Use Nature and Security Implications of Reconfigurable Intelligent Surfaces in Next-Generation Wireless Systems
Reconfigurable intelligent surface RIS technology offers significant promise in enhancing wireless communication systems, but its dual-use potential also introduces substantial security risks. This survey explores the security implications of RIS in next-generation wireless networks. We first...
Attacks by Content: Automated Fact-Checking Is an AI Security Issue
When AI agents retrieve and reason over external documents, adversaries can manipulate the data they receive to subvert their behaviour. Previous research has studied indirect prompt injection, where the attacker injects malicious instructions. We argue that injection of instructions is not...
CTIArena: Benchmarking LLM Knowledge and Reasoning across Heterogeneous Cyber Threat Intelligence
Cyber threat intelligence CTI is central to modern cybersecurity, providing critical insights for detecting and mitigating evolving threats. With the natural language understanding and reasoning capabilities of large language models LLMs, there is increasing interest in applying them to CTI, whic...
PACEbench: A Framework for Evaluating Practical AI Cyber-Exploitation Capabilities
The increasing autonomy of Large Language Models LLMs necessitates a rigorous evaluation of their potential to aid in cyber offense. Existing benchmarks often lack real-world complexity and are thus unable to accurately assess LLMs' cybersecurity capabilities. To address this gap, we introduce...
A Comprehensive Survey of Website Fingerprinting Attacks and Defenses in Tor: Advances and Open Challenges
The Tor network provides users with strong anonymity by routing their internet traffic through multiple relays. While Tor encrypts traffic and hides IP addresses, it remains vulnerable to traffic analysis attacks such as the website fingerprinting WF attack, achieving increasingly high...
Lightweight CNN-Based Wi-Fi Intrusion Detection Using 2D Traffic Representations
Wi-Fi networks are ubiquitous in both home and enterprise environments, serving as a primary medium for Internet access and forming the backbone of modern IoT ecosystems. However, their inherent vulnerabilities, combined with widespread adoption, create opportunities for malicious actors to gain...
RMPocalypse: How a Catch-22 Breaks AMD SEV-SNP
This paper presents RMPocalypse, a novel attack that shows a critical gap in the security of RMP initialization, wherein the x86 cores maliciously control parts of the initial RMP state. The analysis shows that the vulnerability arises due to the complex, but insufficient, interplay of multiple...
Countermind: A Multi-Layered Security Architecture for Large Language Models
The security of Large Language Model LLM applications is fundamentally challenged by "form-first" attacks like prompt injection and jailbreaking, where malicious instructions are embedded within user inputs. Conventional defenses, which rely on post hoc output filtering, are often brittle and fai...
DITTO: A Spoofing Attack Framework on Watermarked LLMs Via Knowledge Distillation
The promise of LLM watermarking rests on a core assumption that a specific watermark proves authorship by a specific model. We demonstrate that this assumption is dangerously flawed. We introduce the threat of watermark spoofing, a sophisticated attack that allows a malicious model to generate te...