6850 matches found
Multilingual Source Tracing of Speech Deepfakes: a First Benchmark
Recent progress in generative AI has made it increasingly easy to create natural-sounding deepfake speech from just a few seconds of audio. While these tools support helpful applications, they also raise serious concerns by making it possible to generate convincing fake speech in many languages...
SenseCrypt: Sensitivity-Guided Selective Homomorphic Encryption for Joint Federated Learning in Cross-Device Scenarios
Homomorphic Encryption HE prevails in securing Federated Learning FL, but suffers from high overhead and adaptation cost. Selective HE methods, which partially encrypt model parameters by a global mask, are expected to protect privacy with reduced overhead and easy adaptation. However, in...
Eavesdropping Risk in Terahertz Channels by Covered Wavy Surfaces
Terahertz communications offer unprecedented data rates for next-generation wireless networks but suffer blockage susceptibility that restrict coverage and introduce physical-layer security vulnerabilities. Non-line-of-sight relay schemes using metallic wavy surfaces MWS address coverage...
Large Language Models Versus Static Code Analysis Tools: a Systematic Benchmark for Vulnerability Detection
Modern software relies on a multitude of automated testing and quality assurance tools to prevent errors, bugs and potential vulnerabilities. This study sets out to provide a head-to-head, quantitative and qualitative evaluation of six automated approaches: three industry-standard rule-based stat...
Policy Design in Zero-Trust Distributed Networks: Challenges and Solutions
Traditional security architectures are becoming more vulnerable to distributed attacks due to significant dependence on trust. This will further escalate when implementing agentic AI within the systems, as more components must be secured over a similar distributed space. These scenarios can be...
Cybersecurity of Quantum Key Distribution Implementations
Practical implementations of Quantum Key Distribution QKD often deviate from the theoretical protocols, exposing the implementations to various attacks even when the underlying ideal protocol is proven secure. We present new analysis tools and methodologies for quantum cybersecurity, adapting the...
Writebot AI Content Generator SaaS React Template 4.0.0 Shell Upload
Writebot AI Content Generator SaaS React Template versions 4.0.0 and below suffer from a remote shell upload vulnerability...
Anti-Tamper Protection for Unauthorized Individual Image Generation
With the advancement of personalized image generation technologies, concerns about forgery attacks that infringe on portrait rights and privacy are growing. To address these concerns, protection perturbation algorithms have been developed to disrupt forgery generation. However, the protection...
Botan C++ Crypto Algorithms Library 3.9.0
Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...
Bidirectional TLS Handshake Caching for Constrained Industrial IoT Scenarios
While TLS has become the de-facto standard for end-to-end security, its use to secure critical communication in evolving industrial IoT scenarios is severely limited by prevalent resource constraints of devices and networks. Most notably, the TLS handshake to establish secure connections incurs...
WiFinger: Fingerprinting Noisy IoT Event Traffic Using Packet-Level Sequence Matching
IoT environments such as smart homes are susceptible to privacy inference attacks, where attackers can analyze patterns of encrypted network traffic to infer the state of devices and even the activities of people. While most existing attacks exploit ML techniques for discovering such traffic...
From Legacy to Standard: LLM-Assisted Transformation of Cybersecurity Playbooks into CACAO Format
Existing cybersecurity playbooks are often written in heterogeneous, non-machine-readable formats, which limits their automation and interoperability across Security Orchestration, Automation, and Response platforms. This paper explores the suitability of Large Language Models, combined with Prom...
Simulating Cyberattacks through a Breach Attack Simulation (BAS) Platform Empowered by Security Chaos Engineering (SCE)
In today digital landscape, organizations face constantly evolving cyber threats, making it essential to discover slippery attack vectors through novel techniques like Security Chaos Engineering SCE, which allows teams to test defenses and identify vulnerabilities effectively. This paper proposes...
Selection-Based Vulnerabilities: Clean-Label Backdoor Attacks in Active Learning
Active learningAL, which serves as the representative label-efficient learning paradigm, has been widely applied in resource-constrained scenarios. The achievement of AL is attributed to acquisition functions, which are designed for identifying the most important data to label. Despite this...
MalFlows: Context-Aware Fusion of Heterogeneous Flow Semantics for Android Malware Detection
Static analysis, a fundamental technique in Android app examination, enables the extraction of control flows, data flows, and inter-component communications ICCs, all of which are essential for malware detection. However, existing methods struggle to leverage the semantic complementarity across...
Intrusion Detection in Heterogeneous Networks with Domain-Adaptive Multi-Modal Learning
Network Intrusion Detection Systems NIDS play a crucial role in safeguarding network infrastructure against cyberattacks. As the prevalence and sophistication of these attacks increase, machine learning and deep neural network approaches have emerged as effective tools for enhancing NIDS...
BadBlocks: Low-Cost and Stealthy Backdoor Attacks Tailored for Text-To-Image Diffusion Models
In recent years,Diffusion models have achieved remarkable progress in the field of image generation.However,recent studies have shown that diffusion models are susceptible to backdoor attacks,in which attackers can manipulate the output by injecting covert triggers such as specific visual pattern...
Attack the Messages, Not the Agents: a Multi-Round Adaptive Stealthy Tampering Framework for LLM-MAS
Large language model-based multi-agent systems LLM-MAS effectively accomplish complex and dynamic tasks through inter-agent communication, but this reliance introduces substantial safety vulnerabilities. Existing attack methods targeting LLM-MAS either compromise agent internals or rely on direct...
Smart Car Privacy: Survey of Attacks and Privacy Issues
Automobiles are becoming increasingly important in our day to day life. Modern automobiles are highly computerized and hence potentially vulnerable to attack. Providing many wireless connectivity for vehicles enables a bridge between vehicles and their external environments. Such a connected...
BDFirewall: Towards Effective and Expeditiously Black-Box Backdoor Defense in MLaaS
In this paper, we endeavor to address the challenges of backdoor attacks countermeasures in black-box scenarios, thereby fortifying the security of inference under MLaaS. We first categorize backdoor triggers from a new perspective, i.e., their impact on the patched area, and divide them into:...
Reputation-Based Partition Scheme for IoT Security
With the popularity of smart terminals, such as the Internet of Things, crowdsensing is an emerging data aggregation paradigm, which plays a pivotal role in data-driven applications. There are some key issues in the development of crowdsensing such as platform security and privacy protection. As...
Lightweight Fault Detection Architecture for NTT on FPGA
Post-Quantum Cryptographic PQC algorithms are mathematically secure and resistant to quantum attacks but can still leak sensitive information in hardware implementations due to natural faults or intentional fault injections. The intent fault injection in side-channel attacks reduces the reliabili...
ASTRA: Autonomous Spatial-Temporal Red-Teaming for AI Software Assistants
AI coding assistants like GitHub Copilot are rapidly transforming software development, but their safety remains deeply uncertain-especially in high-stakes domains like cybersecurity. Current red-teaming tools often rely on fixed benchmarks or unrealistic prompts, missing many real-world...
FlashVault: Versatile In-NAND Self-Encryption with Zero Area Overhead
We present FlashVault, an in-NAND self-encryption architecture that embeds a reconfigurable cryptographic engine into the unused silicon area of a state-of-the-art 4D V-NAND structure. FlashVault supports not only block ciphers for data encryption but also public-key and post-quantum algorithms f...
Evaluating Software Supply Chain Security in Research Software
The security of research software is essential for ensuring the integrity and reproducibility of scientific results. However, research software security is still largely unexplored. Due to its dependence on open source components and distributed development practices, research software is...
libxslt Key Data Storage Use-After-Free
libxslt suffers from a use-after-free vulnerability with key data stored cross-RVT...
When Good Sounds Go Adversarial: Jailbreaking Audio-Language Models with Benign Inputs
As large language models become increasingly integrated into daily life, audio has emerged as a key interface for human-AI interaction. However, this convenience also introduces new vulnerabilities, making audio a potential attack surface for adversaries. Our research introduces WhisperInject, a...
RX-INT: a Kernel Engine for Real-Time Detection and Analysis of In-Memory Threats
Malware and cheat developers use fileless execution techniques to evade traditional, signature-based security products. These methods include various types of manual mapping, module stomping, and threadless injection which work entirely within the address space of a legitimate process, presenting...
Linux 6.9 AF_UNIX MSG_OOB Handling Use-After-Free
Linux versions starting at 6.9 have a security bug in the handling of MSGOOB, which causes use-after-free read+write when a sequence of syscalls is executed...
WordPress Sala Theme 1.1.4 Privilege Escalation
WordPress Sala Theme versions 1.1.4 and below are vulnerable to an unauthenticated privilege escalation vulnerability. This flaw allows unauthenticated attackers to reset passwords of arbitrary users — including administrators — by directly invoking an exposed AJAX endpoint without verifying the...
Copyparty 1.18.6 Cross Site Scripting
Copyparty versions 1.18.6 and below suffer from a cross site scripting vulnerability...
Hashcat Advanced Password Recovery 7.0.0 Binary Release
Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary...
PentestJudge: Judging Agent Behavior against Operational Requirements
We introduce PentestJudge, a system for evaluating the operations of penetration testing agents. PentestJudge is a large language model LLM-as-judge with access to tools that allow it to consume arbitrary trajectories of agent states and tool call history to determine whether a security agent's...
Experimental Evaluation of Post-Quantum Homomorphic Encryption for Privacy-Preserving V2X Communication
Intelligent Transportation Systems ITS fundamentally rely on vehicle-generated data for applications such as congestion monitoring and route optimization, making the preservation of user privacy a critical challenge. Homomorphic Encryption HE offers a promising solution by enabling computation on...
SUAD: Solid-Channel Ultrasound Injection Attack and Defense to Voice Assistants
As a versatile AI application, voice assistants VAs have become increasingly popular, but are vulnerable to security threats. Attackers have proposed various inaudible attacks, but are limited by cost, distance, or LoS. Therefore, we propose \nameAttack, a long-range, cross-barrier, and...
Microsoft Edge Information Disclosure
Microsoft Edge Chromium-based suffers from an information disclosure vulnerability...
Secure MmWave Beamforming with Proactive-ISAC Defense against Beam-Stealing Attacks
Millimeter-wave mmWave communication systems face increasing susceptibility to advanced beam-stealing attacks, posing a significant physical layer security threat. This paper introduces a novel framework employing an advanced Deep Reinforcement Learning DRL agent for proactive and adaptive defens...
Real-World Evaluation of Protocol-Compliant Denial-Of-Service Attacks on C-V2X-Based Forward Collision Warning Systems
Cellular Vehicle-to-Everything C-V2X technology enables low-latency, reliable communications essential for safety applications such as a Forward Collision Warning FCW system. C-V2X deployments operate under strict protocol compliance with the 3rd Generation Partnership Project 3GPP and the Societ...
Thwart Me If You Can: an Empirical Analysis of Android Platform Armoring against Stalkerware
Stalkerware is a serious threat to individuals' privacy that is receiving increased attention from the security and privacy research communities. Existing works have largely focused on studying leading stalkerware apps, dual-purpose apps, monetization of stalkerware, or the experience of survivor...
The Dark Side of Upgrades: Uncovering Security Risks in Smart Contract Upgrades
Smart contract upgrades are increasingly common due to their flexibility in modifying deployed contracts, such as fixing bugs or adding new functionalities. Meanwhile, upgrades compromise the immutability of contracts, introducing significant security concerns. While existing research has explore...
Large Reasoning Models Are Autonomous Jailbreak Agents
Jailbreaking -- bypassing built-in safety mechanisms in AI models -- has traditionally required complex technical procedures or specialized human expertise. In this study, we show that the persuasive capabilities of large reasoning models LRMs simplify and scale jailbreaking, converting it into a...
Coward: toward Practical Proactive Federated Backdoor Defense Via Collision-Based Watermark
Backdoor detection is currently the mainstream defense against backdoor attacks in federated learning FL, where malicious clients upload poisoned updates that compromise the global model and undermine the reliability of FL deployments. Existing backdoor detection techniques fall into two...
WordPress Alone Theme 7.8.3 Arbitrary Plugin Upload / Code Execution
WordPress Alone Theme versions 7.8.3 and below are vulnerable to an unauthenticated arbitrary file upload vulnerability. This flaw allows unauthenticated attackers to upload and install arbitrary plugin ZIP files from remote URLs via an unprotected AJAX endpoint — resulting in remote code executi...
WordPress Alone Theme 7.8.3 Arbitrary Plugin Upload
WordPress Alone Theme versions 7.8.3 and below suffer from an arbitrary plugin upload vulnerability...
Attractive Metadata Attack: Inducing LLM Agents to Invoke Malicious Tools
Large language model LLM agents have demonstrated remarkable capabilities in complex reasoning and decision-making by leveraging external tools. However, this tool-centric paradigm introduces a previously underexplored attack surface: adversaries can manipulate tool metadata -- such as names,...
Towards Effective Offensive Security LLM Agents: Hyperparameter Tuning, LLM As a Judge, and a Lightweight CTF Benchmark
Recent advances in LLM agentic systems have improved the automation of offensive security tasks, particularly for Capture the Flag CTF challenges. We systematically investigate the key factors that drive agent success and provide a detailed recipe for building effective LLM-based offensive securi...
DINA: a Dual Defense Framework against Internal Noise and External Attacks in Natural Language Processing
As large language models LLMs and generative AI become increasingly integrated into customer service and moderation applications, adversarial threats emerge from both external manipulations and internal label corruption. In this work, we identify and systematically address these dual adversarial...
Whispering Agents: an Event-Driven Covert Communication Protocol for the Internet of Agents
The emergence of the Internet of Agents IoA introduces critical challenges for communication privacy in sensitive, high-stakes domains. While standard Agent-to-Agent A2A protocols secure message content, they are not designed to protect the act of communication itself, leaving agents vulnerable t...
Can LLMs Effectively Provide Game-Theoretic-Based Scenarios for Cybersecurity?
Game theory has long served as a foundational tool in cybersecurity to test, predict, and design strategic interactions between attackers and defenders. The recent advent of Large Language Models LLMs offers new tools and challenges for the security of computer systems; In this work, we investiga...
A Survey on Data Security in Large Language Models
Large Language Models LLMs, now a foundation in advancing natural language processing, power applications such as text generation, machine translation, and conversational systems. Despite their transformative potential, these models inherently rely on massive amounts of training data, often...