6864 matches found
Kernel Live Patch Security Notice LSN-0113-1
Several security issues were fixed in the kernel relating to out of bounds access and use-after-free vulnerabilities...
Never Trust the Manufacturer, Never Trust the Client: a Novel Method for Streaming STL Files for Secure Additive Manufacturing
While additive manufacturing has opened interesting avenues to reimagine manufacturing as a service MaaS platform, transmission of design files from client to manufacturer over networks opens up many cybersecurity challenges. Securing client's intellectual property IP especially from cyber-attack...
Microsoft Windows 11 CVE-2025-49744 Checker
This archive contains a PowerShell script to validate whether a Microsoft Windows 11 system is vulnerable to CVE-2025-49744, a critical local privilege escalation vulnerability involving the gdi32.dll and win32kfull.sys system components. It does not actively exploit anything...
Hedge Funds on a Swamp: Analyzing Patterns, Vulnerabilities, and Defense Measures in Blockchain Bridges [Experiment, Analysis and Benchmark]
Blockchain bridges have become essential infrastructure for enabling interoperability across different blockchain networks, with more than $24B monthly bridge transaction volume. However, their growing adoption has been accompanied by a disproportionate rise in security breaches, making them the...
Temporal Unlearnable Examples: Preventing Personal Video Data from Unauthorized Exploitation by Object Tracking
With the rise of social media, vast amounts of user-uploaded videos e.g., YouTube are utilized as training data for Visual Object Tracking VOT. However, the VOT community has largely overlooked video data-privacy issues, as many private videos have been collected and used for training commercial...
Mitigating Watermark Stealing Attacks in Generative Models Via Multi-Key Watermarking
Watermarking offers a promising solution for GenAI providers to establish the provenance of their generated content. A watermark is a hidden signal embedded in the generated content, whose presence can later be verified using a secret watermarking key. A threat to GenAI providers are \emphwaterma...
May I Have Your Attention? Breaking Fine-Tuning Based Prompt Injection Defenses Using Architecture-Aware Attacks
A popular class of defenses against prompt injection attacks on large language models LLMs relies on fine-tuning the model to separate instructions and data, so that the LLM does not follow instructions that might be present with data. There are several academic systems and production-level...
Rainbow Artifacts from Electromagnetic Signal Injection Attacks on Image Sensors
Image sensors are integral to a wide range of safety- and security-critical systems, including surveillance infrastructure, autonomous vehicles, and industrial automation. These systems rely on the integrity of visual data to make decisions. In this work, we investigate a novel class of...
libxslt xmlNode.psvi Type Confusion
libxslt suffers from a type confusion vulnerability in xmlNode.psvi between stylesheet and source nodes...
WinRAR Directory Traversal
WinRAR suffers from a directory traversal vulnerability that allows an attacker to place files outside the intended extraction directory when a user extracts a specially crafted .rar archive. Versions prior to 7.12 are affected...
Supporting Intel(R) SGX on Multi-Package Platforms
Intelr Software Guard Extensions SGX was originally released on client platforms and later extended to single socket server platforms. As developers have become familiar with the capabilities of the technology, the applicability of this capability in the cloud has been tested. Various Cloud Servi...
GuardVal: Dynamic Large Language Model Jailbreak Evaluation for Comprehensive Safety Testing
Jailbreak attacks reveal critical vulnerabilities in Large Language Models LLMs by causing them to generate harmful or unethical content. Evaluating these threats is particularly challenging due to the evolving nature of LLMs and the sophistication required in effectively probing their...
Quantum Properties Trojans (QuPTs) for Attacking Quantum Neural Networks
Quantum neural networks QNN hold immense potential for the future of quantum machine learning QML. However, QNN security and robustness remain largely unexplored. In this work, we proposed novel Trojan attacks based on the quantum computing properties in a QNN-based binary classifier. Our propose...
TruChain: a Multi-Layer Architecture for Trusted, Verifiable, and Immutable Open Banking Data
Open banking framework enables third party providers to access financial data across banking institutions, leading to unprecedented innovations in the financial sector. However, some open banking standards remain susceptible to severe technological risks, including unverified data sources,...
EinHops: Einsum Notation for Expressive Homomorphic Operations on RNS-CKKS Tensors
Fully Homomorphic Encryption FHE is an encryption scheme that allows for computation to be performed directly on encrypted data, effectively closing the loop on secure and outsourced computing. Data is encrypted not only during rest and transit, but also during processing. However, FHE provides a...
Beyond the Worst Case: Extending Differential Privacy Guarantees to Realistic Adversaries
Differential Privacy DP is a family of definitions that bound the worst-case privacy leakage of a mechanism. One important feature of the worst-case DP guarantee is it naturally implies protections against adversaries with less prior information, more sophisticated attack goals, and complex...
A Formal Rebuttal of "The Blockchain Trilemma: a Formal Proof of the Inherent Trade-Offs among Decentralization, Security, and Scalability"
This paper presents a comprehensive refutation of the so-called "blockchain trilemma," a widely cited but formally ungrounded claim asserting an inherent trade-off between decentralisation, security, and scalability in blockchain protocols. Through formal analysis, empirical evidence, and detaile...
RADAR: a Radio-Based Analytics for Dynamic Association and Recognition of Pseudonyms in VANETs
This paper presents RADAR, a tracking algorithm for vehicles participating in Cooperative Intelligent Transportation Systems C-ITS that exploits multiple radio signals emitted by a modern vehicle to break privacy-preserving pseudonym schemes deployed in VANETs. This study shows that by combining...
GPUHammer: Rowhammer Attacks on GPU Memories Are Practical
Rowhammer is a read disturbance vulnerability in modern DRAM that causes bit-flips, compromising security and reliability. While extensively studied on Intel and AMD CPUs with DDR and LPDDR memories, its impact on GPUs using GDDR memories, critical for emerging machine learning applications,...
Defending against Prompt Injection with a Few DefensiveTokens
When large language model LLM systems interact with external data to perform complex tasks, a new attack, namely prompt injection, becomes a significant threat. By injecting instructions into the data accessed by the system, the attacker is able to override the initial user task with an arbitrary...
Towards Privacy-Preserving and Personalized Smart Homes Via Tailored Small Language Models
Large Language Models LLMs have showcased remarkable generalizability in language comprehension and hold significant potential to revolutionize human-computer interaction in smart homes. Existing LLM-based smart home assistants typically transmit user commands, along with user profiles and home...
The Trust Fabric: Decentralized Interoperability and Economic Coordination for the Agentic Web
The fragmentation of AI agent ecosystems has created urgent demands for interoperability, trust, and economic coordination that current protocols -- including MCP Hou et al., 2025, A2A Habler et al., 2025, ACP Liu et al., 2025, and Cisco's AGP Edwards, 2025 -- cannot address at scale. We present...
Microsoft Office Outlook Code Execution
This proof-of-concept exploit demonstrates a code execution vulnerability in Microsoft Outlook. It injects a crafted mail item into Outlook containing a malicious sync path that triggers an action during scanning...
Agent Safety Alignment Via Reinforcement Learning
The emergence of autonomous Large Language Model LLM agents capable of tool usage has introduced new safety risks that go beyond traditional conversational misuse. These agents, empowered to execute external functions, are vulnerable to both user-initiated threats e.g., adversarial prompts and...
Giving AI Agents Access to Cryptocurrency and Smart Contracts Creates New Vectors of AI Harm
There is growing interest in giving AI agents access to cryptocurrencies as well as to the smart contracts that transact them. But doing so, this position paper argues, could lead to formidable new vectors of AI harm. To support this argument, we first examine the unique properties of...
Phishing Detection in the Gen-AI Era: Quantized LLMs Vs Classical Models
Phishing attacks are becoming increasingly sophisticated, underscoring the need for detection systems that strike a balance between high accuracy and computational efficiency. This paper presents a comparative evaluation of traditional Machine Learning ML, Deep Learning DL, and quantized...
Can Large Language Models Improve Phishing Defense? A Large-Scale Controlled Experiment on Warning Dialogue Explanations
Phishing has become a prominent risk in modern cybersecurity, often used to bypass technological defences by exploiting predictable human behaviour. Warning dialogues are a standard mitigation measure, but the lack of explanatory clarity and static content limits their effectiveness. In this pape...
KeyDroid: a Large-Scale Analysis of Secure Key Storage in Android Apps
Most contemporary mobile devices offer hardware-backed storage for cryptographic keys, user data, and other sensitive credentials. Such hardware protects credentials from extraction by an adversary who has compromised the main operating system, such as a malicious third-party app. Since 2011,...
Hybrid LLM-Enhanced Intrusion Detection for Zero-Day Threats in IoT Networks
This paper presents a novel approach to intrusion detection by integrating traditional signature-based methods with the contextual understanding capabilities of the GPT-2 Large Language Model LLM. As cyber threats become increasingly sophisticated, particularly in distributed, heterogeneous, and...
Invariant-Based Robust Weights Watermark for Large Language Models
Watermarking technology has gained significant attention due to the increasing importance of intellectual property IP rights, particularly with the growing deployment of large language models LLMs on billions resource-constrained edge devices. To counter the potential threats of IP theft by...
LINE: Public-Key Encryption
We propose a public key encryption cryptosystem based on solutions of linear equation systems with predefinition of input parameters through shared secret computation for factorizable substitutions. The existence of multiple equivalent solutions for an underdetermined system of linear equations...
Autonomous AI-Based Cybersecurity Framework for Critical Infrastructure: Real-Time Threat Mitigation
Critical infrastructure systems, including energy grids, healthcare facilities, transportation networks, and water distribution systems, are pivotal to societal stability and economic resilience. However, the increasing interconnectivity of these systems exposes them to various cyber threats,...
Disa: Accurate Learning-Based Static Disassembly with Attentions
For reverse engineering related security domains, such as vulnerability detection, malware analysis, and binary hardening, disassembly is crucial yet challenging. The fundamental challenge of disassembly is to identify instruction and function boundaries. Classic approaches rely on file-format...
PotentRegion4MalDetect: Advanced Features from Potential Malicious Regions for Malware Detection
Malware developers exploit the fact that most detection models focus on the entire binary to extract the feature rather than on the regions of potential maliciousness. Therefore, they reverse engineer a benign binary and inject malicious code into it. This obfuscation technique circumvents the...
FedP3E: Privacy-Preserving Prototype Exchange for Non-IID IoT Malware Detection in Cross-Silo Federated Learning
As IoT ecosystems continue to expand across critical sectors, they have become prominent targets for increasingly sophisticated and large-scale malware attacks. The evolving threat landscape, combined with the sensitive nature of IoT-generated data, demands detection frameworks that are both...
Privacy-Utility-Fairness: a Balanced Approach to Vehicular-Traffic Management System
Location-based vehicular traffic management faces significant challenges in protecting sensitive geographical data while maintaining utility for traffic management and fairness across regions. Existing state-of-the-art solutions often fail to meet the required level of protection against linkage...
Understanding Malware Propagation Dynamics through Scientific Machine Learning
Accurately modeling malware propagation is essential for designing effective cybersecurity defenses, particularly against adaptive threats that evolve in real time. While traditional epidemiological models and recent neural approaches offer useful foundations, they often fail to fully capture the...
On the Impossibility of Separating Intelligence from Judgment: the Computational Intractability of Filtering for AI Alignment
With the increased deployment of large language models LLMs, one concern is their potential misuse for generating harmful content. Our work studies the alignment challenge, with a focus on filters to prevent the generation of unsafe information. Two natural points of intervention are the filterin...
Semi-Fragile Watermarking of Remote Sensing Images Using DWT, Vector Quantization and Automatic Tiling
A semi-fragile watermarking scheme for multiple band images is presented in this article. We propose to embed a mark into remote sensing images applying a tree-structured vector quantization approach to the pixel signatures instead of processing each band separately. The signature of the...
AI Agent Smart Contract Exploit Generation
We present A1, an agentic execution driven system that transforms any LLM into an end-to-end exploit generator. A1 has no hand-crafted heuristics and provides the agent with six domain-specific tools that enable autonomous vulnerability discovery. The agent can flexibly leverage these tools to...
GNU Transport Layer Security Library 3.8.10
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS 12, OpenPGP, and other...
WatchWitch: Interoperability, Privacy, and Autonomy for the Apple Watch
Smartwatches such as the Apple Watch collect vast amounts of intimate health and fitness data as we wear them. Users have little choice regarding how this data is processed: The Apple Watch can only be used with Apple's iPhones, using their software and their cloud services. We are the first to...
Clio-X: AWeb3 Solution for Privacy-Preserving AI Access to Digital Archives
As archives turn to artificial intelligence to manage growing volumes of digital records, privacy risks inherent in current AI data practices raise critical concerns about data sovereignty and ethical accountability. This paper explores how privacy-enhancing technologies PETs and Web3 architectur...
RAG Safety: Exploring Knowledge Poisoning Attacks to Retrieval-Augmented Generation
Retrieval-Augmented Generation RAG enhances large language models LLMs by retrieving external data to mitigate hallucinations and outdated knowledge issues. Benefiting from the strong ability in facilitating diverse data sources and supporting faithful reasoning, knowledge graphs KGs have been...
Automated Attack Testflow Extraction from Cyber Threat Report Using BERT for Contextual Analysis
In the ever-evolving landscape of cybersecurity, the rapid identification and mitigation of Advanced Persistent Threats APTs is crucial. Security practitioners rely on detailed threat reports to understand the tactics, techniques, and procedures TTPs employed by attackers. However, manually...
Approximating Euler Totient Function Using Linear Regression on RSA Moduli
The security of the RSA cryptosystem is based on the intractability of computing Euler's totient function phin for large integers n. Although deriving phin deterministically remains computationally infeasible for cryptographically relevant bit lengths, and machine learning presents a promising...
Analytic Rényi Entropy Bounds for Device-Independent Cryptography
Device-independent DI cryptography represents the highest level of security, enabling cryptographic primitives to be executed safely on uncharacterized devices. Moreover, with successful proof-of-concept demonstrations in randomness expansion, randomness amplification, and quantum key distributio...
Unifying Re-Identification, Attribute Inference, and Data Reconstruction Risks in Differential Privacy
Differentially private DP mechanisms are difficult to interpret and calibrate because existing methods for mapping standard privacy parameters to concrete privacy risks -- re-identification, attribute inference, and data reconstruction -- are both overly pessimistic and inconsistent. In this work...
Wrapless: the Trustless Lending Protocol on Top of Bitcoin
This paper presents Wrapless -- a lending protocol that enables the collateralization of bitcoins without requiring a trusted wrapping mechanism. The protocol facilitates a "loan channel" on the Bitcoin blockchain, allowing bitcoins to be locked as collateral for loans issued on any blockchain th...
Shuffling for Semantic Secrecy
Deep learning draws heavily on the latest progress in semantic communications. The present paper aims to examine the security aspect of this cutting-edge technique from a novel shuffling perspective. Our goal is to improve upon the conventional secure coding scheme to strike a desirable tradeoff...