6850 matches found
Security Analysis of ChatGPT: Threats and Privacy Risks
As artificial intelligence technology continues to advance, chatbots are becoming increasingly powerful. Among them, ChatGPT, launched by OpenAI, has garnered widespread attention globally due to its powerful natural language processing capabilities based on the GPT model, which enables it to...
Enhance the Machine Learning Algorithm Performance in Phishing Detection with Keyword Features
Recently, we can observe a significant increase of the phishing attacks in the Internet. In a typical phishing attack, the attacker sets up a malicious website that looks similar to the legitimate website in order to obtain the end-users' information. This may cause the leakage of the sensitive...
Kigen eUICC Type Confusion
Security Explorations has further examined the security of Kigen eUICC cards with GSMA consumer certificates installed. This advisory is an update and expansion to the original research disclosed, however it does not disclose exact details. They do, however, state that the new issue seems more...
Secure Authentication Via Quantum Physical Unclonable Functions: a Review
Quantum Physical Unclonable Functions QPUFs offer a physically grounded approach to secure authentication, extending the capabilities of classical PUFs. This review covers their theoretical foundations and key implementation challenges - such as quantum memories and Haar-randomness -, and...
Securing Educational LLMs: a Generalised Taxonomy of Attacks on LLMs and DREAD Risk Assessment
Due to perceptions of efficiency and significant productivity gains, various organisations, including in education, are adopting Large Language Models LLMs into their workflows. Educator-facing, learner-facing, and institution-facing LLMs, collectively, Educational Large Language Models eLLMs,...
Microsoft PlayReady Activation Protocol Issues
This advisory builds on prior disclosed work in 2022 regarding Microsoft PlayReady protocol issues that can lead to leaf certificate generation using fake identities...
Image Selective Encryption Analysis Using Mutual Information in CNN Based Embedding Space
As digital data transmission continues to scale, concerns about privacy grow increasingly urgent - yet privacy remains a socially constructed and ambiguously defined concept, lacking a universally accepted quantitative measure. This work examines information leakage in image data, a domain where...
Shadow in the Cache: Unveiling and Mitigating Privacy Risks of KV-Cache in LLM Inference
The Key-Value KV cache, which stores intermediate attention computations Key and Value pairs to avoid redundant calculations, is a fundamental mechanism for accelerating Large Language Model LLM inference. However, this efficiency optimization introduces significant yet underexplored privacy risk...
Can AI Keep a Secret? Contextual Integrity Verification: a Provable Security Architecture for LLMs
Large language models LLMs remain acutely vulnerable to prompt injection and related jailbreak attacks; heuristic guardrails rules, filters, LLM judges are routinely bypassed. We present Contextual Integrity Verification CIV, an inference-time security architecture that attaches cryptographically...
Load-Altering Attacks against Power Grids: a Case Study Using the GB-36 Bus System Open Dataset
The growing digitalization and the rapid adoption of high-powered Internet-of-Things IoT-enabled devices e.g., EV charging stations have increased the vulnerability of power grids to cyber threats. In particular, the so-called Load Altering Attacks LAAs can trigger rapid frequency fluctuations an...
Deep Learning Models for Robust Facial Liveness Detection
In the rapidly evolving landscape of digital security, biometric authentication systems, particularly facial recognition, have emerged as integral components of various security protocols. However, the reliability of these systems is compromised by sophisticated spoofing attacks, where imposters...
Attacks and Defenses against LLM Fingerprinting
As large language models are increasingly deployed in sensitive environments, fingerprinting attacks pose significant privacy and security risks. We present a study of LLM fingerprinting from both offensive and defensive perspectives. Our attack methodology uses reinforcement learning to...
Surpassing the PLOB Bound in Continuous-Variable Quantum Secret Sharing Using a State-Discrimination Detector
Continuous-variable quantum secret sharing CVQSS is a promising approach to ensuring multi-party information security. While CVQSS offers practical ease of implementation, its present performance remains limited. In this paper, we propose a novel CVQSS protocol integrated with a...
Never Compromise to Vulnerabilities: a Comprehensive Survey on AI Governance
The rapid advancement of AI has expanded its capabilities across domains, yet introduced critical technical vulnerabilities, such as algorithmic bias and adversarial sensitivity, that pose significant societal risks, including misinformation, inequity, security breaches, physical harm, and eroded...
Omnissa Workspace ONE UEM Path Traversal / Server-Side Request Forgery
Omnissa Workspace ONE UEM suffers from path traversal and server-side request forgery vulnerabilities...
Securing Agentic AI: Threat Modeling and Risk Analysis for Network Monitoring Agentic AI System
When combining Large Language Models LLMs with autonomous agents, used in network monitoring and decision-making systems, this will create serious security issues. In this research, the MAESTRO framework consisting of the seven layers threat modeling architecture in the system was used to expose,...
Obfuscated Quantum and Post-Quantum Cryptography
In this work, we present an experimental deployment of a new design for combined quantum key distribution QKD and post-quantum cryptography PQC. Novel to our system is the dynamic obfuscation of the QKD-PQC sequence of operations, the number of operations, and parameters related to the operations...
Jetty 10.0.6 HTTP/2 Stream Exhaustion Denial of Service
Jetty version 10.0.6 is vulnerable to a denial of service condition via HTTP/2 stream exhaustion. By opening and maintaining a large number of idle HTTP/2 streams, an attacker can exhaust server resources and cause the service to become unresponsive. This archive includes a Ruby Metasploit...
Differential Privacy for Regulatory Compliance in Cyberattack Detection on Critical Infrastructure Systems
Industrial control systems are a fundamental component of critical infrastructure networks CIN such as gas, water and power. With the growing risk of cyberattacks, regulatory compliance requirements are also increasing for large scale critical infrastructure systems comprising multiple utility...
Belkin F9K1009 / F9K1010 Authentication Bypass
This repository contains a exploit for CVE‑2025‑8730, a critical Authentication Bypass vulnerability affecting the web interface of Belkin F9K1009 and F9K1010 routers. The flaw lies in the session validation logic of the /login.htm file, where improperly handled cookies or crafted requests allow...
Generative AI for Cybersecurity of Energy Management Systems: Methods, Challenges, and Future Directions
This paper elaborates on an extensive security framework specifically designed for energy management systems EMSs, which effectively tackles the dynamic environment of cybersecurity vulnerabilities and/or system problems SPs, accomplished through the incorporation of novel methodologies. A...
False Reality: Uncovering Sensor-Induced Human-VR Interaction Vulnerability
Virtual Reality VR techniques, serving as the bridge between the real and virtual worlds, have boomed and are widely used in manufacturing, remote healthcare, gaming, etc. Specifically, VR systems offer users immersive experiences that include both perceptions and actions. Various studies have...
Chimera: Harnessing Multi-Agent LLMs for Automatic Insider Threat Simulation
Insider threats, which can lead to severe losses, remain a major security concern. While machine learning-based insider threat detection ITD methods have shown promising results, their progress is hindered by the scarcity of high-quality data. Enterprise data is sensitive and rarely accessible,...
Generative AI for Critical Infrastructure in Smart Grids: a Unified Framework for Synthetic Data Generation and Anomaly Detection
In digital substations, security events pose significant challenges to the sustained operation of power systems. To mitigate these challenges, the implementation of robust defense strategies is critically important. A thorough process of anomaly identification and detection in information and...
VeriPHY: Physical Layer Signal Authentication for Wireless Communication in 5G Environments
Physical layer authentication PLA uses inherent characteristics of the communication medium to provide secure and efficient authentication in wireless networks, bypassing the need for traditional cryptographic methods. With advancements in deep learning, PLA has become a widely adopted technique...
A Comparative Analysis of Lightweight Hash Functions Using AVR ATXMega128 and ChipWhisperer
Lightweight hash functions have become important building blocks for security in embedded and IoT systems. A plethora of algorithms have been proposed and standardized, providing a wide range of performance trade-off options for developers to choose from. This paper presents a comparative analysi...
Selective KV-Cache Sharing to Mitigate Timing Side-Channels in LLM Inference
Global KV-cache sharing has emerged as a key optimization for accelerating large language model LLM inference. However, it exposes a new class of timing side-channel attacks, enabling adversaries to infer sensitive user inputs via shared cache entries. Existing defenses, such as per-user isolatio...
AI Security Map: Holistic Organization of AI Security Technologies and Impacts on Stakeholders
As the social implementation of AI has been steadily progressing, research and development related to AI security has also been increasing. However, existing studies have been limited to organizing related techniques, attacks, defenses, and risks in terms of specific domains or AI elements. Thus,...
EntraGoat - a Deliberately Vulnerable Entra ID Environment
EntraGoat is a deliberately vulnerable Microsoft Entra ID infrastructure designed to simulate real-world identity security misconfigurations and attack vectors. EntraGoat introduces intentional vulnerabilities in your environment to provide a realistic learning platform for security professionals...
BlindGuard: Safeguarding LLM-Based Multi-Agent Systems under Unknown Attacks
The security of LLM-based multi-agent systems MAS is critically threatened by propagation vulnerability, where malicious agents can distort collective decision-making through inter-agent message interactions. While existing supervised defense methods demonstrate promising performance, they may be...
Designing with Deception: ML- and Covert Gate-Enhanced Camouflaging to Thwart IC Reverse Engineering
Integrated circuits ICs are essential to modern electronic systems, yet they face significant risks from physical reverse engineering RE attacks that compromise intellectual property IP and overall system security. While IC camouflage techniques have emerged to mitigate these risks, existing...
Power Pwn 4.0.1
Power Pwn is a powerful open‑source toolset designed for red‑teaming and security testing within the Microsoft 365 environment, particularly around Copilot, Copilot Studio, and the Power Platform...
VOIDFace: a Privacy-Preserving Multi-Network Face Recognition with Enhanced Security
Advancement of machine learning techniques, combined with the availability of large-scale datasets, has significantly improved the accuracy and efficiency of facial recognition. Modern facial recognition systems are trained using large face datasets collected from diverse individuals or public...
Robust Anomaly Detection in O-RAN: Leveraging LLMs against Data Manipulation Attacks
The introduction of 5G and the Open Radio Access Network O-RAN architecture has enabled more flexible and intelligent network deployments. However, the increased complexity and openness of these architectures also introduce novel security challenges, such as data manipulation attacks on the...
TraceLens: Question-Driven Debugging for Taint Flow Understanding
Taint analysis is a security analysis technique used to track the flow of potentially dangerous data through an application and its dependent libraries. Investigating why certain unexpected flows appear and why expected flows are missing is an important sensemaking process during end-user taint...
Certifiably Robust Malware Detectors by Design
Malware analysis involves analyzing suspicious software to detect malicious payloads. Static malware analysis, which does not require software execution, relies increasingly on machine learning techniques to achieve scalability. Although such techniques obtain very high detection accuracy, they c...
Civil Servants As Builders: Enabling Non-IT Staff to Develop Secure Python and R Tools
Current digital government literature focuses on professional in-house IT teams, specialized digital service teams, vendor-developed systems, or proprietary low-code/no-code tools. Almost no scholarship addresses a growing middle ground: technically skilled civil servants outside formal IT roles...
Reversible Video Steganography Using Quick Response Codes and Modified ElGamal Cryptosystem
The rapid transmission of multimedia information has been achieved mainly by recent advancements in the Internet's speed and information technology. In spite of this, advancements in technology have resulted in breaches of privacy and data security. When it comes to protecting private information...
Enhancing Privacy in Decentralized Min-Max Optimization: a Differentially Private Approach
Decentralized min-max optimization allows multi-agent systems to collaboratively solve global min-max optimization problems by facilitating the exchange of model updates among neighboring agents, eliminating the need for a central server. However, sharing model updates in such systems carry a ris...
Who'S the Evil Twin? Differential Auditing for Undesired Behavior
Detecting hidden behaviors in neural networks poses a significant challenge due to minimal prior knowledge and potential adversarial obfuscation. We explore this problem by framing detection as an adversarial game between two teams: the red team trains two similar models, one trained solely on...
Neural Network-Based Detection and Multi-Class Classification of FDI Attacks in Smart Grid Home Energy Systems
False Data Injection Attacks FDIAs pose a significant threat to smart grid infrastructures, particularly Home Area Networks HANs, where real-time monitoring and control are highly adopted. Owing to the comparatively less stringent security controls and widespread availability of HANs, attackers...
A Real-Time, Self-Tuning Moderator Framework for Adversarial Prompt Detection
Ensuring LLM alignment is critical to information security as AI models become increasingly widespread and integrated in society. Unfortunately, many defenses against adversarial attacks and jailbreaking on LLMs cannot adapt quickly to new attacks, degrade model responses to benign prompts, or...
Balancing Privacy and Efficiency: Music Information Retrieval Via Additive Homomorphic Encryption
In the era of generative AI, ensuring the privacy of music data presents unique challenges: unlike static artworks such as images, music data is inherently temporal and multimodal, and it is sampled, transformed, and remixed at an unprecedented scale. These characteristics make its core vector...
Cognitive Cybersecurity for Artificial Intelligence: Guardrail Engineering with CCS-7
Language models exhibit human-like cognitive vulnerabilities, such as emotional framing, that escape traditional behavioral alignment. We present CCS-7 Cognitive Cybersecurity Suite, a taxonomy of seven vulnerabilities grounded in human cognitive security research. To establish a human benchmark,...
EU Digital Regulation and Guatemala: AI, 5G, and Cybersecurity
The paper examines how EU rules in AI, 5G, and cybersecurity operate as transnational governance and shape policy in Guatemala. It outlines the AI Act's risk approach, the 5G Action Plan and Security Toolbox, and the cybersecurity regime built on ENISA, NIS2, the Cybersecurity Act, and the Cyber...
ScamAgents: How AI Agents Can Simulate Human-Level Scam Calls
Large Language Models LLMs have demonstrated impressive fluency and reasoning capabilities, but their potential for misuse has raised growing concern. In this paper, we present ScamAgent, an autonomous multi-turn agent built on top of LLMs, capable of generating highly realistic scam call scripts...
Microsoft SharePoint Privilege Escalation
This script exploits a vulnerability in Microsoft SharePoint Server allowing remote attackers to escalate privileges on affected installations. While this script focuses on elevation of privilege, attackers with malicious intent might chain this vulnerability with a remote code execution...
Confluence Broken Access Control
This script is designed to exploit the CVE-2023-22515 vulnerability in Confluence, which allows for unauthorized access to Confluence Server and Confluence Data Center instances. The vulnerability is categorized as a broken access control issue and has a CVSS base score of 10.0...
Simulation in Cybersecurity: Understanding Techniques, Applications, and Goals
Modeling and simulation are widely used in cybersecurity research to assess cyber threats, evaluate defense mechanisms, and analyze vulnerabilities. However, the diversity of application areas, the variety of cyberattacks scenarios, and the differing objectives of these simulations makes it...
Symbolic Execution in Practice: a Survey of Applications in Vulnerability, Malware, Firmware, and Protocol Analysis
Symbolic execution is a powerful program analysis technique that allows for the systematic exploration of all program paths. Path explosion, where the number of states to track becomes unwieldy, is one of the biggest challenges hindering symbolic execution's practical application. To combat this,...