6864 matches found
WordPress WPBookit 1.0.4 Arbitrary File Upload
WordPress WPBookit plugin versions 1.0.4 and below suffer from an arbitrary file upload vulnerability...
Questionnaire Mate 2.0
Questionnaire Mate is a cool script that lets you read in a list of questions and uses OpenAI to answer them based on a private knowledge base. Useful for a less informed individual to feed AI audit questions and extract proper answers...
Access Control for Information-Theoretically Secure Key-Document Stores
This paper presents a novel key-based access control technique for secure outsourcing key-value stores where values correspond to documents that are indexed and accessed using keys...
MalCodeAI: Autonomous Vulnerability Detection and Remediation Via Language Agnostic Code Reasoning
The growing complexity of cyber threats and the limitations of traditional vulnerability detection tools necessitate novel approaches for securing software systems. We introduce MalCodeAI, a language-agnostic, multi-stage AI pipeline for autonomous code security analysis and remediation. MalCodeA...
Differentially Private Federated Low Rank Adaptation beyond Fixed-Matrix
Large language models LLMs typically require fine-tuning for domain-specific tasks, and LoRA offers a computationally efficient approach by training low-rank adapters. LoRA is also communication-efficient for federated LLMs when multiple users collaboratively fine-tune a global LLM model without...
Secure and Efficient Quantum Signature Scheme Based on the Controlled Unitary Operations Encryption
Quantum digital signatures ensure unforgeable message authenticity and integrity using quantum principles, offering unconditional security against both classical and quantum attacks. They are crucial for secure communication in high-stakes environments, ensuring trust and long-term protection in...
Several New Classes of Self-Orthogonal Minimal Linear Codes Violating the Ashikhmin-Barg Condition
Whitepaper called Several New Classes Of Self-Orthogonal Minimal Linear Codes Violating The Ashikhmin-Barg Condition...
Efficient Private Inference Based on Helper-Assisted Malicious Security Dishonest Majority MPC
Private inference based on Secure Multi-Party Computation MPC addresses data privacy risks in Machine Learning as a Service MLaaS. However, existing MPC-based private inference frameworks focuses on semi-honest or honest majority models, whose threat models are overly idealistic, while malicious...
CAN-Trace Attack: Exploit CAN Messages to Uncover Driving Trajectories
Driving trajectory data remains vulnerable to privacy breaches despite existing mitigation measures. Traditional methods for detecting driving trajectories typically rely on map-matching the path using Global Positioning System GPS data, which is susceptible to GPS data outage. This paper...
Spectral Feature Extraction for Robust Network Intrusion Detection Using MFCCs
The rapid expansion of Internet of Things IoT networks has led to a surge in security vulnerabilities, emphasizing the critical need for robust anomaly detection and classification techniques. In this work, we propose a novel approach for identifying anomalies in IoT network traffic by leveraging...
A Mixture of Linear Corrections Generates Secure Code
Large language models LLMs have become proficient at sophisticated code-generation tasks, yet remain ineffective at reliably detecting or avoiding code vulnerabilities. Does this deficiency stem from insufficient learning about code vulnerabilities, or is it merely a result of ineffective...
Secure and Efficient UAV-Based Face Detection Via Homomorphic Encryption and Edge Computing
This paper aims to propose a novel machine learning ML approach incorporating Homomorphic Encryption HE to address privacy limitations in Unmanned Aerial Vehicles UAV-based face detection. Due to challenges related to distance, altitude, and face orientation, high-resolution imagery and...
AICrypto: a Comprehensive Benchmark for Evaluating Cryptography Capabilities of Large Language Models
Whitepaper called AICrypto: A Comprehensive Benchmark For Evaluating Cryptography Capabilities Of Large Language Models...
Game Theory Meets LLM and Agentic AI: Reimagining Cybersecurity for the Age of Intelligent Threats
Protecting cyberspace requires not only advanced tools but also a shift in how we reason about threats, trust, and autonomy. Traditional cybersecurity methods rely on manual responses and brittle heuristics. To build proactive and intelligent defense systems, we need integrated theoretical...
A Login Page Transparency and Visual Similarity Based Zero Day Phishing Defense Protocol
Phishing is a prevalent cyberattack that uses look-alike websites to deceive users into revealing sensitive information. Numerous efforts have been made by the Internet community and security organizations to detect, prevent, or train users to avoid falling victim to phishing attacks. Most of thi...
Endorsement-Driven Blockchain SSI Framework for Dynamic IoT Ecosystems
Self-Sovereign Identity SSI offers significant potential for managing identities in the Internet of Things IoT, enabling decentralized authentication and credential management without reliance on centralized entities. However, existing SSI frameworks often limit credential issuance and revocation...
AdvGrasp: Adversarial Attacks on Robotic Grasping from a Physical Perspective
Adversarial attacks on robotic grasping provide valuable insights into evaluating and improving the robustness of these systems. Unlike studies that focus solely on neural network predictions while overlooking the physical principles of grasping, this paper introduces AdvGrasp, a framework for...
EventHunter: Dynamic Clustering and Ranking of Security Events from Hacker Forum Discussions
Hacker forums provide critical early warning signals for emerging cybersecurity threats, but extracting actionable intelligence from their unstructured and noisy content remains a significant challenge. This paper presents an unsupervised framework that automatically detects, clusters, and...
PromptChain: a Decentralized Web3 Architecture for Managing AI Prompts As Digital Assets
We present PromptChain, a decentralized Web3 architecture that establishes AI prompts as first-class digital assets with verifiable ownership, version control, and monetization capabilities. Current centralized platforms lack mechanisms for proper attribution, quality assurance, or fair...
Interpreting Differential Privacy in Terms of Disclosure Risk
As the use of differential privacy DP becomes widespread, the development of effective tools for reasoning about the privacy guarantee becomes increasingly critical. In pursuit of this goal, we demonstrate novel relationships between DP and measures of statistical disclosure risk. We suggest how...
LaSM: Layer-Wise Scaling Mechanism for Defending Pop-Up Attack on GUI Agents
Graphical user interface GUI agents built on multimodal large language models MLLMs have recently demonstrated strong decision-making abilities in screen-based interaction tasks. However, they remain highly vulnerable to pop-up-based environmental injection attacks, where malicious visual element...
LLMalMorph: on the Feasibility of Generating Variant Malware Using Large-Language-Models
Large Language Models LLMs have transformed software development and automated code generation. Motivated by these advancements, this paper explores the feasibility of LLMs in modifying malware source code to generate variants. We introduce LLMalMorph, a semi-automated framework that leverages...
Implementing and Evaluating Post-Quantum DNSSEC in CoreDNS
The emergence of quantum computers poses a significant threat to current secure service, application and/or protocol implementations that rely on RSA and ECDSA algorithms, for instance DNSSEC, because public-key cryptography based on number factorization or discrete logarithm is vulnerable to...
User-To-PC Authentication through Confirmation on Mobile Devices: on Usability and Performance
Protecting personal computers PCs from unauthorized access typically relies on password authentication, which is know to suffer from cognitive burden and weak credentials. As many users nowadays carry mobile devices with advanced security features throughout their day, there is an opportunity to...
Backscatter Device-Aided Integrated Sensing and Communication: a Pareto Optimization Framework
Integrated sensing and communication ISAC systems potentially encounter significant performance degradation in densely obstructed urban and non-line-of-sight scenarios, thus limiting their effectiveness in practical deployments. To deal with these challenges, this paper proposes a backscatter...
Securing Transformer-Based AI Execution Via Unified TEEs and Crypto-Protected Accelerators
Recent advances in Transformer models, e.g., large language models LLMs, have brought tremendous breakthroughs in various artificial intelligence AI tasks, leading to their wide applications in many security-critical domains. Due to their unprecedented scale and prohibitively high development cos...
Hybrid Quantum Security for IPsec
Quantum Key Distribution QKD offers information-theoretic security against quantum computing threats, but integrating QKD into existing security protocols remains an unsolved challenge due to fundamental mismatches between pre-distributed quantum keys and computational key exchange paradigms. Thi...
CLIProv: a Contrastive Log-To-Intelligence Multimodal Approach for Threat Detection and Provenance Analysis
With the increasing complexity of cyberattacks, the proactive and forward-looking nature of threat intelligence has become more crucial for threat detection and provenance analysis. However, translating high-level attack patterns described in Tactics, Techniques, and Procedures TTP intelligence...
SmartphoneDemocracy: Privacy-Preserving E-Voting on Decentralized Infrastructure Using Novel European Identity
The digitization of democratic processes promises greater accessibility but presents challenges in terms of security, privacy, and verifiability. Existing electronic voting systems often rely on centralized architectures, creating single points of failure and forcing too much trust in authorities...
Confidential Wrapped Ethereum
Transparency is one of the key benefits of public blockchains. However, the public visibility of transactions potentially compromises users' privacy. The fundamental challenge is to balance the intrinsic benefits of blockchain openness with the vital need for individual confidentiality. The...
LLM-Stackelberg Games: Conjectural Reasoning Equilibria and Their Applications to Spearphishing
We introduce the framework of LLM-Stackelberg games, a class of sequential decision-making models that integrate large language models LLMs into strategic interactions between a leader and a follower. Departing from classical Stackelberg assumptions of complete information and rational agents, ou...
Demo: Secure Edge Server for Network Slicing and Resource Allocation in Open RAN
Next-Generation Radio Access Networks NGRAN aim to support diverse vertical applications with strict security, latency, and Service-Level Agreement SLA requirements. These demands introduce challenges in securing the infrastructure, allocating resources dynamically, and enabling real-time...
When Developer Aid Becomes Security Debt: a Systematic Analysis of Insecure Behaviors in LLM Coding Agents
LLM-based coding agents are rapidly being deployed in software development, yet their security implications remain poorly understood. These agents, while capable of accelerating software development, may inadvertently introduce insecure practices. We conducted the first systematic security...
Favicon Trojans: Executable Steganography Via Ico Alpha Channel Exploitation
This paper presents a novel method of executable steganography using the alpha transparency layer of ICO image files to embed and deliver self-decompressing JavaScript payloads within web browsers. By targeting the least significant bit LSB of non-transparent alpha layer image values, the propose...
Breaking a 5-Bit Elliptic Curve Key Using a 133-Qubit Quantum Computer
This experiment breaks a 5-bit elliptic curve cryptographic key using a Shor-style quantum attack. Executed on IBM's 133-qubit ibmtorino with Qiskit Runtime 2.0, a 15-qubit circuit, comprised of 10 logical qubits and 5 ancilla, interferes over an order-32 elliptic curve subgroup to extract the...
ARPaCCino: an Agentic-RAG for Policy As Code Compliance
Policy as Code PaC is a paradigm that encodes security and compliance policies into machine-readable formats, enabling automated enforcement in Infrastructure as Code IaC environments. However, its adoption is hindered by the complexity of policy languages and the risk of misconfigurations. In th...
When and Where Do Data Poisons Attack Textual Inversion?
Poisoning attacks pose significant challenges to the robustness of diffusion models DMs. In this paper, we systematically analyze when and where poisoning attacks textual inversion TI, a widely used personalization technique for DMs. We first introduce Semantic Sensitivity Maps, a novel method fo...
SSH-Passkeys: Leveraging Web Authentication for Passwordless SSH
We propose a method for using Web Authentication APIs for SSH authentication, enabling passwordless remote server login with passkeys. These are credentials that are managed throughout the key lifecycle by an authenticator on behalf of the user and offer strong security guarantees. Passwords rema...
FortiWeb SQL Injection / Remote Code Execution
This script attempts to detect if FortiWeb is vulnerable to CVE-2025-25257, a SQL injection vulnerability that can be leveraged for remote code execution...
Entangled Threats: a Unified Kill Chain Model for Quantum Machine Learning Security
Quantum Machine Learning QML systems inherit vulnerabilities from classical machine learning while introducing new attack surfaces rooted in the physical and algorithmic layers of quantum computing. Despite a growing body of research on individual attack vectors - ranging from adversarial poisoni...
ADAPT: a Pseudo-Labeling Approach to Combat Concept Drift in Malware Detection
Whitepaper called ADAPT: A Pseudo-Labeling Approach To Combat Concept Drift In Malware Detection...
Characterizing Security and Privacy Teaching Standards for Schools in the United States
Increasingly, students begin learning aspects of security and privacy during their primary and secondary education grades K-12 in the United States. Individual U.S. states and some national organizations publish teaching standards -- guidance that outlines expectations for what students should...
Qualcomm Trusted Application Emulation for Fuzzing Testing
In recent years, the increasing awareness of cybersecurity has led to a heightened focus on information security within hardware devices and products. Incorporating Trusted Execution Environments TEEs into product designs has become a standard practice for safeguarding sensitive user information...
Evaluating Post-Quantum Cryptographic Algorithms on Resource-Constrained Devices
Whitepaper called Evaluating Post-Quantum Cryptographic Algorithms On Resource-Constrained Devices...
CovertAuth: Joint Covert Communication and Authentication in MmWave Systems
Beam alignment BA is a crucial process in millimeter-wave mmWave communications, enabling precise directional transmission and efficient link establishment. However, due to characteristics like omnidirectional exposure and the broadcast nature of the BA phase, it is particularly vulnerable to...
MH-FSF: a Unified Framework for Overcoming Benchmarking and Reproducibility Limitations in Feature Selection Evaluation
Feature selection is vital for building effective predictive models, as it reduces dimensionality and emphasizes key features. However, current research often suffers from limited benchmarking and reliance on proprietary datasets. This severely hinders reproducibility and can negatively impact...
The Dark Side of LLMs Agent-Based Attacks for Complete Computer Takeover
The rapid adoption of Large Language Model LLM agents and multi-agent systems enables unprecedented capabilities in natural language processing and generation. However, these systems have introduced unprecedented security vulnerabilities that extend beyond traditional prompt injection attacks. Th...
Exploiting Leaderboards for Large-Scale Distribution of Malicious Models
While poisoning attacks on machine learning models have been extensively studied, the mechanisms by which adversaries can distribute poisoned models at scale remain largely unexplored. In this paper, we shed light on how model leaderboards -- ranked platforms for model discovery and evaluation --...
White-Basilisk: a Hybrid Model for Code Vulnerability Detection
The proliferation of software vulnerabilities presents a significant challenge to cybersecurity, necessitating more effective detection methodologies. We introduce White-Basilisk, a novel approach to vulnerability detection that demonstrates superior performance while challenging prevailing...
Quantum-Resilient Privacy Ledger (QRPL): a Sovereign Digital Currency for the Post-Quantum Era
The emergence of quantum computing presents profound challenges to existing cryptographic infrastructures, whilst the development of central bank digital currencies CBDCs has raised concerns regarding privacy preservation and excessive centralisation in digital payment systems. This paper propose...