6894 matches found
Wallets As Universal Access Devices
Wallets are access points for the digital economys value creation. Wallets for blockchains store the end-users cryptographic keys for administrating their digital assets and enable access to blockchain Web3 systems. Web3 delivers new service opportunities. This chapter focuses on the Web3 enabled...
VOLTRON: Detecting Unknown Malware Using Graph-Based Zero-Shot Learning
The persistent threat of Android malware presents a serious challenge to the security of millions of users globally. While many machine learning-based methods have been developed to detect these threats, their reliance on large labeled datasets limits their effectiveness against emerging,...
UniAud: a Unified Auditing Framework for High Auditing Power and Utility with One Training Run
Differentially private DP optimization has been widely adopted as a standard approach to provide rigorous privacy guarantees for training datasets. DP auditing verifies whether a model trained with DP optimization satisfies its claimed privacy level by estimating empirical privacy lower bounds...
Arbiter PUF: Uniqueness and Reliability Analysis Using Hybrid CMOS-Stanford Memristor Model
In an increasingly interconnected world, protecting electronic devices has grown more crucial because of the dangers of data extraction, reverse engineering, and hardware tampering. Producing chips in a third-party manufacturing company can let hackers change the design. As the Internet of Things...
SoK: a Systematic Review of Context- and Behavior-Aware Adaptive Authentication in Mobile Environments
As mobile computing becomes central to digital interaction, researchers have turned their attention to adaptive authentication for its real-time, context- and behavior-aware verification capabilities. However, many implementations remain fragmented, inconsistently apply intelligent techniques, an...
Static Analysis for Detecting Transaction Conflicts in Ethereum Smart Contracts
Ethereum smart contracts operate in a concurrent environment where multiple transactions can be submitted simultaneously. However, the Ethereum Virtual Machine EVM enforces sequential execution of transactions within each block to prevent conflicts arising from concurrent access to the same state...
Adaptive Malware Detection Using Sequential Feature Selection: a Dueling Double Deep Q-Network (D3QN) Framework for Intelligent Classification
Traditional malware detection methods exhibit computational inefficiency due to exhaustive feature extraction requirements, creating accuracy-efficiency trade-offs that limit real-time deployment. We formulate malware classification as a Markov Decision Process with episodic feature acquisition a...
Enhancing Phishing Detection in Financial Systems through NLP
The threat of phishing attacks in financial systems is continuously growing. Therefore, protecting sensitive information from unauthorized access is paramount. This paper discusses the critical need for robust email phishing detection. Several existing methods, including blacklists and whitelists...
Nuclei 3.4.6
Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...
Hijacking JARVIS: Benchmarking Mobile GUI Agents against Unprivileged Third Parties
Mobile GUI agents are designed to autonomously execute diverse device-control tasks by interpreting and interacting with mobile screens. Despite notable advancements, their resilience in real-world scenarios where screen content may be partially manipulated by untrustworthy third parties remains...
Rethinking and Exploring String-Based Malware Family Classification in the Era of LLMs and RAG
Malware Family Classification MFC aims to identify the fine-grained family e.g., GuLoader or BitRAT to which a potential malware sample belongs, in contrast to malware detection or sample classification that predicts only an Yes/No. Accurate family identification can greatly facilitate automated...
Can Large Language Models Automate the Refinement of Cellular Network Specifications?
Cellular networks serve billions of users globally, yet concerns about reliability and security persist due to weaknesses in 3GPP standards. However, traditional analysis methods, including manual inspection and automated tools, struggle with increasingly expanding cellular network specifications...
Quantum Protocols for Rabin Oblivious Transfer
Rabin oblivious transfer is the cryptographic task where Alice wishes to receive a bit from Bob but it may get lost with probability 1/2. In this work, we provide protocol designs which yield quantum protocols with improved security. Moreover, we provide a constant lower bound on any quantum...
MalVol-25: a Diverse, Labelled and Detailed Volatile Memory Dataset for Malware Detection and Response Testing and Validation
This paper addresses the critical need for high-quality malware datasets that support advanced analysis techniques, particularly machine learning and agentic AI frameworks. Existing datasets often lack diversity, comprehensive labelling, and the complexity necessary for effective machine learning...
False Alarms, Real Damage: Adversarial Attacks Using LLM-Based Models on Text-Based Cyber Threat Intelligence Systems
Cyber Threat Intelligence CTI has emerged as a vital complementary approach that operates in the early phases of the cyber threat lifecycle. CTI involves collecting, processing, and analyzing threat data to provide a more accurate and rapid understanding of cyber threats. Due to the large volume ...
ML-Enhanced AES Anomaly Detection for Real-Time Embedded Security
Advanced Encryption Standard AES is a widely adopted cryptographic algorithm, yet its practical implementations remain susceptible to side-channel and fault injection attacks. In this work, we propose a comprehensive framework that enhances AES-128 encryption security through controlled anomaly...
When Data-Free Knowledge Distillation Meets Non-Transferable Teacher: Escaping Out-Of-Distribution Trap Is All You Need
Data-free knowledge distillation DFKD transfers knowledge from a teacher to a student without access the real in-distribution ID data. Its common solution is to use a generator to synthesize fake data and use them as a substitute for real ID data. However, existing works typically assume teachers...
Cloud Digital Forensic Readiness: an Open Source Approach to Law Enforcement Request Management
Cloud Forensics presents a multi-jurisdictional challenge that may undermines the success of digital forensic investigations DFIs. The growing volumes of domiciled and foreign law enforcement LE requests, the latency and complexity of formal channels for crossborder data access are challenging...
S-Leak: Leakage-Abuse Attack against Efficient Conjunctive SSE Via S-Term Leakage
Conjunctive Searchable Symmetric Encryption CSSE enables secure conjunctive searches over encrypted data. While leakage-abuse attacks LAAs against single-keyword SSE have been extensively studied, their extension to conjunctive queries faces a critical challenge: the combinatorial explosion of...
Addressing the Devastating Effects of Single-Task Data Poisoning in Exemplar-Free Continual Learning
Our research addresses the overlooked security concerns related to data poisoning in continual learning CL. Data poisoning - the intentional manipulation of training data to affect the predictions of machine learning models - was recently shown to be a threat to CL training stability. While...
BlowPrint: Blow-Based Multi-Factor Biometrics for Smartphone User Authentication
Biometric authentication is a widely used security mechanism that leverages unique physiological or behavioral characteristics to authenticate users. In multi-factor biometrics MFB, multiple biometric modalities, e.g., physiological and behavioral, are integrated to mitigate the limitations...
Human-Centered Interactive Anonymization for Privacy-Preserving Machine Learning: a Case for Human-Guided K-Anonymity
Privacy-preserving machine learning ML seeks to balance data utility and privacy, especially as regulations like the GDPR mandate the anonymization of personal data for ML applications. Conventional anonymization approaches often reduce data utility due to indiscriminate generalization or...
SecureT2I: No More Unauthorized Manipulation on AI Generated Images from Prompts
Text-guided image manipulation with diffusion models enables flexible and precise editing based on prompts, but raises ethical and copyright concerns due to potential unauthorized modifications. To address this, we propose SecureT2I, a secure framework designed to prevent unauthorized editing in...
A Novel Four-Stage Synchronized Chaotic Map: Design and Statistical Characterization
Digital implementations of chaotic systems often suffer from inherent degradation, limiting their long-term performance and statistical quality. To address this challenge, we propose a novel four-stage synchronized piecewise linear chaotic map. This new map is meticulously designed with four...
Securing Mixed Rust with Hardware Capabilities
The Rust programming language enforces three basic Rust principles, namely ownership, borrowing, and AXM Aliasing Xor Mutability to prevent security bugs such as memory safety violations and data races. However, Rust projects often have mixed code, i.e., code that also uses unsafe Rust, FFI Forei...
Willchain: Decentralized, Privacy-Preserving, Self-Executing, Digital Wills
This work presents a novel decentralized protocol for digital estate planning that integrates advances distributed computing, and cryptography. The original proof-of-concept was constructed using purely solidity contracts. Since then, we have enhanced the implementation into a layer-1 protocol th...
WordPress Migration, Backup, Staging – WPvivid Backup and Migration 0.9.116 Shell Upload
WordPress Migration, Backup, Staging – WPvivid Backup and Migration plugin versions 0.9.116 and below are vulnerable to arbitrary file uploads due to missing file type validation in the wpvividuploadimportfiles function. This allows authenticated attackers Administrator-level and above to upload...
Evaluating the Evaluators: Trust in Adversarial Robustness Tests
Despite significant progress in designing powerful adversarial evasion attacks for robustness verification, the evaluation of these methods often remains inconsistent and unreliable. Many assessments rely on mismatched models, unverified implementations, and uneven computational budgets, which ca...
A Note on Single-Cut Full-Open Protocols
Card-based cryptography is a research area that realizes cryptographic protocols such as secure computation by applying shuffles to sequences of cards that encode input values. A single-cut full-open protocol is one that obtains an output value by applying a random cut to an input sequence of...
When There Is No Decoder: Removing Watermarks from Stable Diffusion Models in a No-Box Setting
Watermarking has emerged as a promising solution to counter harmful or deceptive AI-generated content by embedding hidden identifiers that trace content origins. However, the robustness of current watermarking techniques is still largely unexplored, raising critical questions about their...
LoRAShield: Data-Free Editing Alignment for Secure Personalized LoRA Sharing
The proliferation of Low-Rank Adaptation LoRA models has democratized personalized text-to-image generation, enabling users to share lightweight models e.g., personal portraits on platforms like Civitai and Liblib. However, this "share-and-play" ecosystem introduces critical risks: benign LoRAs c...
SAMEP: a Secure Protocol for Persistent Context Sharing across AI Agents
Current AI agent architectures suffer from ephemeral memory limitations, preventing effective collaboration and knowledge sharing across sessions and agent boundaries. We introduce SAMEP Secure Agent Memory Exchange Protocol, a novel framework that enables persistent, secure, and semantically...
Blackbox Dataset Inference for LLM
Whitepaper called Blackbox Dataset Inference For LLM...
Breaking the Bulkhead: Demystifying Cross-Namespace Reference Vulnerabilities in Kubernetes Operators
Kubernetes Operators, automated tools designed to manage application lifecycles within Kubernetes clusters, extend the functionalities of Kubernetes, and reduce the operational burden on human engineers. While Operators significantly simplify DevOps workflows, they introduce new security risks. I...
RVISmith: Fuzzing Compilers for RVV Intrinsics
Modern processors are equipped with single instruction multiple data SIMD instructions for fine-grained data parallelism. Compiler auto-vectorization techniques that target SIMD instructions face performance limitations due to insufficient information available at compile time, requiring...
VLAI: a RoBERTa-Based Model for Automated Vulnerability Severity Classification
This paper presents VLAI, a transformer-based model that predicts software vulnerability severity levels directly from text descriptions. Built on RoBERTa, VLAI is fine-tuned on over 600,000 real-world vulnerabilities and achieves over 82% accuracy in predicting severity categories, enabling fast...
We Urgently Need Privilege Management in MCP: a Measurement of API Usage in MCP Ecosystems
The Model Context Protocol MCP has emerged as a widely adopted mechanism for connecting large language models to external tools and resources. While MCP promises seamless extensibility and rich integrations, it also introduces a substantially expanded attack surface: any plugin can inherit broad...
Holographic Projection and Cyber Attack Surface: a Physical Analogy for Digital Security
This article presents an in-depth exploration of the analogy between the Holographic Principle in theoretical physics and cyber attack surfaces in digital security. Building on concepts such as black hole entropy and AdS/CFT duality, it highlights how complex infrastructures project their...
Novel Blockchain-Based Protocols for Electronic Voting and Auctions
Programmable blockchains have long been a hot research topic given their tremendous use in decentralized applications. Smart contracts, using blockchains as their underlying technology, inherit the desired properties such as verifiability, immutability, and transparency, which make it a great sui...
Microsoft Edge (Chromium-based) Privilege Escalation
This repository contains a conceptual proof-of-concept PoC for CVE-2025-47181, a link following privilege escalation vulnerability in Microsoft Edge Chromium-based. This vulnerability allows an attacker to exploit improper link resolution and symbolic link symlink handling by a trusted Edge updat...
OpenSSL Toolkit 3.4.2
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.4 release supported until 22nd October 2026...
Singularity Cipher: a Topology-Driven Cryptographic Scheme Based on Visual Paradox and Klein Bottle Illusions
This paper presents the Singularity Cipher, a novel cryptographic-steganographic framework that integrates topological transformations and visual paradoxes to achieve multidimensional security. Inspired by the non-orientable properties of the Klein bottle -- constructed from two Mobius strips --...
OpenSSL Toolkit 3.0.17
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the LTS release supported until 7th September 2026...
OpenSSL Toolkit 3.5.1
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.5 release...
OpenSSL Toolkit 3.3.4
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.3 release supported until 9th April 2026...
FreeBSD Security Advisory - FreeBSD-SA-25:06.xz
FreeBSD Security Advisory - A worker thread could free its input buffer after decoding, while the main thread might still be writing to it. This leads to an use-after-free condition on heap memory...
GNUnet P2P Framework 0.24.3
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...
Wing FTP Remote Code Execution
Wing FTP versions prior to 7.4.4 proof of concept remote code execution exploit...
OpenSSL Toolkit 3.2.5
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.2 release supported until 23rd November 2025...
TOR Virtual Network Tunneling Tool 0.4.8.17
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...