6864 matches found
TopicAttack: an Indirect Prompt Injection Attack Via Topic Transition
Large language models LLMs have shown remarkable performance across a range of NLP tasks. However, their strong instruction-following capabilities and inability to distinguish instructions from data content make them vulnerable to indirect prompt injection attacks. In such attacks, instructions...
The CryptoNeo Threat Modelling Framework (CNTMF): Securing Neobanks and Fintech in Integrated Blockchain Ecosystems
The rapid integration of blockchain, cryptocurrency, and Web3 technologies into digital banks and fintech operations has created an integrated environment blending traditional financial systems with decentralised elements. This paper introduces the CryptoNeo Threat Modelling Framework CNTMF, a...
Kintsugi: Decentralized E2EE Key Recovery
Kintsugi is a protocol for key recovery, allowing a user to regain access to end-to-end encrypted data after they have lost their device, but still have their potentially low-entropy password. Existing E2EE key recovery methods, such as those deployed by Signal and WhatsApp, centralize trust by...
Breaking the Illusion of Security Via Interpretation: Interpretable Vision Transformer Systems under Attack
Vision transformer ViT models, when coupled with interpretation models, are regarded as secure and challenging to deceive, making them well-suited for security-critical domains such as medical applications, autonomous vehicles, drones, and robotics. However, successful attacks on these systems ca...
Wireshark Analyzer 4.4.8
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...
Quantum Blockchain Survey: Foundations, Trends, and Gaps
Quantum computing poses fundamental risks to classical blockchain systems by undermining widely used cryptographic primitives. In response, two major research directions have emerged: post-quantum blockchains, which integrate quantum-resistant algorithms, and quantum blockchains, which leverage...
An Adversarial-Driven Experimental Study on Deep Learning for RF Fingerprinting
Radio frequency RF fingerprinting, which extracts unique hardware imperfections of radio devices, has emerged as a promising physical-layer device identification mechanism in zero trust architectures and beyond 5G networks. In particular, deep learning DL methods have demonstrated state-of-the-ar...
Stablecoins: Fundamentals, Emerging Issues, and Open Challenges
Stablecoins, with a capitalization exceeding 200 billion USD as of January 2025, have shown significant growth, with annual transaction volumes exceeding 10 trillion dollars in 2023 and nearly doubling that figure in 2024. This exceptional success has attracted the attention of traditional...
Faraday 5.15.1
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...
Chain Table: Protecting Table-Level Data Integrity by Digital Ledger Technology
The rise of blockchain and Digital Ledger Technology DLT has gained wide traction. Instead of relying on a traditional centralized data authority, a blockchain system consists of digitally entangled block data shared across a distributed network. The specially designed chain data structure and it...
Developers Insight on Manifest V3 Privacy and Security Webextensions
Webextensions can improve web browser privacy, security, and user experience. The APIs offered by the browser to webextensions affect possible functionality. Currently, Chrome transitions to a modified set of APIs called Manifest v3. This paper studies the challenges and opportunities of Manifest...
Adversarial Attacks to Image Classification Systems Using Evolutionary Algorithms
Image classification currently faces significant security challenges due to adversarial attacks, which consist of intentional alterations designed to deceive classification models based on artificial intelligence. This article explores an approach to generate adversarial attacks against image...
IDFace: Face Template Protection for Efficient and Secure Identification
As face recognition systems FRS become more widely used, user privacy becomes more important. A key privacy issue in FRS is protecting the user's face template, as the characteristics of the user's face image can be recovered from the template. Although recent advances in cryptographic tools such...
An Investigation of Ear-EEG Signals for a Novel Biometric Authentication System
This work explores the feasibility of biometric authentication using EEG signals acquired through in-ear devices, commonly referred to as ear-EEG. Traditional EEG-based biometric systems, while secure, often suffer from low usability due to cumbersome scalp-based electrode setups. In this study, ...
A Bayesian Incentive Mechanism for Poison-Resilient Federated Learning
Federated learning FL enables collaborative model training across decentralized clients while preserving data privacy. However, its open-participation nature exposes it to data-poisoning attacks, in which malicious actors submit corrupted model updates to degrade the global model. Existing defens...
Evasion under Blockchain Sanctions
Sanctioning blockchain addresses has become a common regulatory response to malicious activities. However, enforcement on permissionless blockchains remains challenging due to complex transaction flows and sophisticated fund-obfuscation techniques. Using cryptocurrency mixing tool Tornado Cash as...
A Crowdsensing Intrusion Detection Dataset for Decentralized Federated Learning Models
This paper introduces a dataset and experimental study for decentralized federated learning DFL applied to IoT crowdsensing malware detection. The dataset comprises behavioral records from benign and eight malware families. A total of 21,582,484 original records were collected from system calls,...
Learning-Based Cost-Aware Defense of Parallel Server Systems against Malicious Attacks
We consider the cyber-physical security of parallel server systems, which is relevant for a variety of engineering applications such as networking, manufacturing, and transportation. These systems rely on feedback control and may thus be vulnerable to malicious attacks such as denial-of-service,...
Faraday 5.15.0
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...
Expanding ML-Documentation Standards for Better Security
This article presents the current state of ML-security and of the documentation of ML-based systems, models and datasets in research and practice based on an extensive review of the existing literature. It shows a generally low awareness of security aspects among ML-practitioners and organization...
Unveiling Usability Challenges in Web Privacy Controls
With the increasing concerns around privacy and the enforcement of data privacy laws, many websites now provide users with privacy controls. However, locating these controls can be challenging, as they are frequently hidden within multiple settings and layers. Moreover, the lack of standardizatio...
Jailbreak-Tuning: Models Efficiently Learn Jailbreak Susceptibility
AI systems are rapidly advancing in capability, and frontier model developers broadly acknowledge the need for safeguards against serious misuse. However, this paper demonstrates that fine-tuning, whether via open weights or closed fine-tuning APIs, can produce helpful-only models. In contrast to...
A Privacy-Preserving Framework for Advertising Personalization Incorporating Federated Learning and Differential Privacy
To mitigate privacy leakage and performance issues in personalized advertising, this paper proposes a framework that integrates federated learning and differential privacy. The system combines distributed feature extraction, dynamic privacy budget allocation, and robust model aggregation to balan...
Toward an Intent-Based and Ontology-Driven Autonomic Security Response in Security Orchestration Automation and Response
Modern Security Orchestration, Automation, and Response SOAR platforms must rapidly adapt to continuously evolving cyber attacks. Intent-Based Networking has emerged as a promising paradigm for cyber attack mitigation through high-level declarative intents, which offer greater flexibility and...
Non-Adaptive Adversarial Face Generation
Adversarial attacks on face recognition systems FRSs pose serious security and privacy threats, especially when these systems are used for identity verification. In this paper, we propose a novel method for generating adversarial faces-synthetic facial images that are visually distinct yet...
Enterprise Security Incident Analysis and Countermeasures Based on the T-Mobile Data Breach
This paper presents a comprehensive analysis of T-Mobile's critical data breaches in 2021 and 2023, alongside a full-spectrum security audit targeting its systems, infrastructure, and publicly exposed endpoints. By combining case-based vulnerability assessments with active ethical hacking...
PHASE: Passive Human Activity Simulation Evaluation
Cybersecurity simulation environments, such as cyber ranges, honeypots, and sandboxes, require realistic human behavior to be effective, yet no quantitative method exists to assess the behavioral fidelity of synthetic user personas. This paper presents PHASE Passive Human Activity Simulation...
Backscattering-Based Security in Wireless Power Transfer Applied to Battery-Free BLE Sensors
The integration of security and energy efficiency in Internet of Things systems remains a critical challenge, particularly for battery-free and resource-constrained devices. This paper explores the scalability and protocol-agnostic nature of a backscattering-based security mechanism by integratin...
Space Cybersecurity Testbed: Fidelity Framework, Example Implementation, and Characterization
Cyber threats against space infrastructures, including satellites and systems on the ground, have not been adequately understood. Testbeds are important to deepen our understanding and validate space cybersecurity studies. The state of the art is that there are very few studies on building...
MAD-Spear: a Conformity-Driven Prompt Injection Attack on Multi-Agent Debate Systems
Multi-agent debate MAD systems leverage collaborative interactions among large language models LLMs agents to improve reasoning capabilities. While recent studies have focused on increasing the accuracy and scalability of MAD systems, their security vulnerabilities have received limited attention...
Challenges in GenAI and Authentication: a Scoping Review
Authentication and authenticity have been a security challenge since the beginning of information sharing, especially in the context of digital information. With the advancement of generative artificial intelligence, these challenges have evolved, demanding a more up-to-date analysis of their...
Prompt Injection 2.0: Hybrid AI Threats
Prompt injection attacks, where malicious input is designed to manipulate AI systems into ignoring their original instructions and following unauthorized commands instead, were first discovered by Preamble, Inc. in May 2022 and responsibly disclosed to OpenAI. Over the last three years, these...
Large Language Models in Cybersecurity: Applications, Vulnerabilities, and Defense Techniques
Large Language Models LLMs are transforming cybersecurity by enabling intelligent, adaptive, and automated approaches to threat detection, vulnerability assessment, and incident response. With their advanced language understanding and contextual reasoning, LLMs surpass traditional methods in...
SHIELD: a Secure and Highly Enhanced Integrated Learning for Robust Deepfake Detection against Adversarial Attacks
Audio plays a crucial role in applications like speaker verification, voice-enabled smart devices, and audio conferencing. However, audio manipulations, such as deepfakes, pose significant risks by enabling the spread of misinformation. Our empirical analysis reveals that existing methods for...
Exploiting Jailbreaking Vulnerabilities in Generative AI to Bypass Ethical Safeguards for Facilitating Phishing Attacks
The advent of advanced Generative AI GenAI models such as DeepSeek and ChatGPT has significantly reshaped the cybersecurity landscape, introducing both promising opportunities and critical risks. This study investigates how GenAI powered chatbot services can be exploited via jailbreaking techniqu...
Using Modular Arithmetic Optimized Neural Networks to Crack Affine Cryptographic Schemes Efficiently
We investigate the cryptanalysis of affine ciphers using a hybrid neural network architecture that combines modular arithmetic-aware and statistical feature-based learning. Inspired by recent advances in interpretable neural networks for modular arithmetic and neural cryptanalysis of classical...
libxml2 xmlRegEpxFromParse Integer Overflow / Heap Buffer Overflow
libxml2 suffers from an integer overflow that leads to a heap buffer overflow in xmlRegEpxFromParse...
How to Mitigate and Defend against DDoS Attacks in IoT Devices
Distributed Denial of Service DDoS attacks have become increasingly prevalent and dangerous in the context of Internet of Things IoT networks, primarily due to the low-security configurations of many connected devices. This paper analyzes the nature and impact of DDoS attacks such as those launch...
A Distributed Generative AI Approach for Heterogeneous Multi-Domain Environments under Data Sharing Constraints
Federated Learning has gained increasing attention for its ability to enable multiple nodes to collaboratively train machine learning models without sharing their raw data. At the same time, Generative AI -- particularly Generative Adversarial Networks GANs -- have achieved remarkable success...
From Paranoia to Compliance: the Bumpy Road of System Hardening Practices on Stack Exchange
Hardening computer systems against cyberattacks is crucial for security. However, past incidents illustrated, that many system operators struggle with effective system hardening. Hence, many computer systems and applications remain insecure. So far, the research community lacks an in-depth...
Manipulation Attacks by Misaligned AI: Risk Analysis and Safety Case Framework
Frontier AI systems are rapidly advancing in their capabilities to persuade, deceive, and influence human behaviour, with current models already demonstrating human-level persuasion and strategic deception in specific contexts. Humans are often the weakest link in cybersecurity systems, and a...
Thought Purity: Defense Paradigm for Chain-Of-Thought Attack
While reinforcement learning-trained Large Reasoning Models LRMs, e.g., Deepseek-R1 demonstrate advanced reasoning capabilities in the evolving Large Language Models LLMs domain, their susceptibility to security threats remains a critical vulnerability. This weakness is particularly evident in...
Architectural Backdoors in Deep Learning: a Survey of Vulnerabilities, Detection, and Defense
Architectural backdoors pose an under-examined but critical threat to deep neural networks, embedding malicious logic directly into a model's computational graph. Unlike traditional data poisoning or parameter manipulation, architectural backdoors evade standard mitigation techniques and persist...
gimmePATz - GitHub Personal Access Token (PAT) Recon Tool 1.0.0
gimmePatz is a recon tool for GitHub PATs. Designed for bug bounty hunters, pentesters and red teams. gimmePatz will tell you what scopes a PAT has, and it will tell you what repositories or GitHub Organizations the PAT is attached to as well...
On the Consideration of Vanity Address Generation Via Identity-Based Signatures
An address is indicated as an identifier of the user on the blockchain, and is defined by a hash value of the ECDSA verification key. A vanity address is an address that embeds custom characters such as a name. To generate a vanity address, a classical try-and-error method is employed, and thus t...
NodeJS 24.x Path Traversal
Proof of concept exploit for CVE-2025-27210, a precise path traversal vulnerability affecting Node.js applications running on Microsoft Windows. This vulnerability leverages the specific way Windows handles reserved device file names e.g., AUX, CON, NUL when combined with directory traversal...
GPU-Accelerated Interpretable Generalization for Rapid Cyberattack Detection and Forensics
The Interpretable Generalization IG mechanism recently published in IEEE Transactions on Information Forensics and Security delivers state-of-the-art, evidence-based intrusion detection by discovering coherent normal and attack patterns through exhaustive intersect-and-subset operations-yet its...
Multi-Granular Discretization for Interpretable Generalization in Precise Cyberattack Identification
Explainable intrusion detection systems IDS are now recognized as essential for mission-critical networks, yet most "XAI" pipelines still bolt an approximate explainer onto an opaque classifier, leaving analysts with partial and sometimes misleading insights. The Interpretable Generalization IG...
HyDRA: a Hybrid Dual-Mode Network for Closed- and Open-Set RFFI with Optimized VMD
Device recognition is vital for security in wireless communication systems, particularly for applications like access control. Radio Frequency Fingerprint Identification RFFI offers a non-cryptographic solution by exploiting hardware-induced signal distortions. This paper proposes HyDRA, a Hybrid...
Safeguarding Federated Learning-Based Road Condition Classification
Federated Learning FL has emerged as a promising solution for privacy-preserving autonomous driving, specifically camera-based Road Condition Classification RCC systems, harnessing distributed sensing, computing, and communication resources on board vehicles without sharing sensitive image data...