6894 matches found
HexaMorphHash HMH - Homomorphic Hashing for Secure and Efficient Cryptographic Operations in Data Integrity Verification
In the realm of big data and cloud computing, distributed systems are tasked with proficiently managing, storing, and validating extensive datasets across numerous nodes, all while maintaining robust data integrity. Conventional hashing methods, though straightforward, encounter substan tial...
Falco 0.41.3
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...
iOS Activation Flaw Enables Pre-User Device Compromise
A critical vulnerability exists in Apple’s iOS activation pipeline that allows remote XML payload injection before the user ever interacts with the device...
TestSSL 3.2.1
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in pure bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets...
WordPress Custom Login and Signup Widget 1.0 Remote Code Execution
WordPress Custom Login and Signup Widget plugin versions 1.0 and below suffer from a remote code execution vulnerability...
WordPress Opal Estate Pro 1.7.5 Privilege Escalation
WordPress Opal Estate Pro plugin versions 1.7.5 and below suffers from a privilege escalation vulnerability...
Packet Storm New Exploits for June, 2025
This archive contains all of the 126 exploits added to Packet Storm in June, 2025...
The Age of Sensorial Zero Trust: Why We Can No Longer Trust Our Senses
In a world where deepfakes and cloned voices are emerging as sophisticated attack vectors, organizations require a new security mindset: Sensorial Zero Trust. This article presents a scientific analysis of the need to systematically doubt information perceived through the senses, establishing...
TestSSL 3.0.10
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in pure bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets...
CISA: Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest
CISA, the Federal Bureau of Investigation FBI, the Department of Defense Cyber Crime Center DC3, and the National Security Agency NSA published Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. This joint fact sheet details the need for increased vigilance for...
ZigStrike 2.0
ZigStrike is a robust shellcode loader developed in Zig, offering a variety of injection techniques and anti-sandbox features. It leverages compile-time capabilities for efficient shellcode allocation, demonstrating proven success in bypassing advanced security solutions. ZigStrike includes a...
WATCHDOG: an Ontology-AWare Risk AssessmenT ApproaCH Via Object-Oriented DisruptiOn Graphs
When considering risky events or actions, we must not downplay the role of involved objects: a charged battery in our phone averts the risk of being stranded in the desert after a flat tyre, and a functional firewall mitigates the risk of a hacker intruding the network. The Common Ontology of Val...
SkyEye: When Your Vision Reaches beyond IAM Boundary Scope in AWS Cloud
In recent years, cloud security has emerged as a primary concern for enterprises due to the increasing trend of migrating internal infrastructure and applications to cloud environments. This shift is driven by the desire to reduce the high costs and maintenance fees associated with traditional...
American Fuzzy Lop plus plus 4.33c
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...
Nuclei 3.4.5
Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...
Linear Stability Analysis for a System of Singular Amplitude Equations Arising in Biomorphology
We study linear stability of exponential periodic solutions of a system of singular amplitude equations associated with convective Turing bifurcation in the presence of conservation laws, as arises in modern biomorphology models, binary fluids, and elsewhere. Consisting of a complex Ginzburg-Land...
Consumer Beware! Exploring Data Brokers' CCPA Compliance
Data brokers collect and sell the personal information of millions of individuals, often without their knowledge or consent. The California Consumer Privacy Act CCPA grants consumers the legal right to request access to, or deletion of, their data. To facilitate these requests, California maintai...
Under the Hood of BlotchyQuasar: DLL-Based RAT Campaigns against Latin America
A sophisticated malspam campaign was recently uncovered targeting Latin American countries, with a particular focus on Brazil. This operation utilizes a highly deceptive phishing email to trick users into executing a malicious MSI file, initiating a multi-stage infection. The core of the attack...
Vite Arbitrary File Read
Vite suffers from an arbitrary file read vulnerability. Versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 are affected...
Reconstructing Intelligible Speech from the Pressure Sensor Data in HVACs
Pressure sensors are an integrated component of modern Heating, Ventilation, and Air Conditioning HVAC systems. As these pressure sensors operate within the 0-10 Pa range, support high sampling frequencies of 0.5-2 kHz, and are often placed close to human proximity, they can be used to eavesdrop ...
Mobius Forensic Toolkit 2.16
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools...
ARMOR: Robust Reinforcement Learning-Based Control for UAVs under Physical Attacks
Unmanned Aerial Vehicles UAVs depend on onboard sensors for perception, navigation, and control. However, these sensors are susceptible to physical attacks, such as GPS spoofing, that can corrupt state estimates and lead to unsafe behavior. While reinforcement learning RL offers adaptive control...
Advancing Jailbreak Strategies: a Hybrid Approach to Exploiting LLM Vulnerabilities and Bypassing Modern Defenses
The advancement of Pre-Trained Language Models PTLMs and Large Language Models LLMs has led to their widespread adoption across diverse applications. Despite their success, these models remain vulnerable to attacks that exploit their inherent weaknesses to bypass safety measures. Two primary...
Reliability Analysis of Smart Contract Execution Architectures: a Comparative Simulation Study
The industrial market continuously needs reliable solutions to secure autonomous systems. Especially as these systems become more complex and interconnected, reliable security solutions are becoming increasingly important. One promising solution to tackle this challenge is using smart contracts...
Fairness and Bias in Algorithmic Hiring: a Multidisciplinary Survey
Employers are adopting algorithmic hiring technology throughout the recruitment pipeline. Algorithmic fairness is especially applicable in this domain due to its high stakes and structural inequalities. Unfortunately, most work in this space provides partial treatment, often constrained by two...
Pseudo-Equilibria, Or: How to Stop Worrying about Crypto and Just Analyze the Game
Whitepaper called Pseudo-Equilibria, Or: How To Stop Worrying About Crypto And Just Analyze The Game...
One Video to Steal Them All: 3D-Printing IP Theft through Optical Side-Channels
The 3D printing industry is rapidly growing and increasingly adopted across various sectors including manufacturing, healthcare, and defense. However, the operational setup often involves hazardous environments, necessitating remote monitoring through cameras and other sensors, which opens the do...
Unifying Communication Paradigms in Delegated Quantum Computing
Delegated quantum computing DQC allows clients with low quantum capabilities to outsource computations to a server hosting a quantum computer. This process is typically envisioned within the measurement-based quantum computing framework, as it naturally facilitates blindness of inputs and...
CyGym: a Simulation-Based Game-Theoretic Analysis Framework for Cybersecurity
We introduce a novel cybersecurity encounter simulator between a network defender and an attacker designed to facilitate game-theoretic modeling and analysis while maintaining many significant features of real cyber defense. Our simulator, built within the OpenAI Gym framework, incorporates...
Inside Job: Defending Kubernetes Clusters against Network Misconfigurations
Kubernetes has emerged as the de facto standard for container orchestration. Unfortunately, its increasing popularity has also made it an attractive target for malicious actors. Despite extensive research on securing Kubernetes, little attention has been paid to the impact of network configuratio...
WordPress Simple User Registration 6.3 Privilege Escalation
WordPress Simple User Registration plugin versions 6.3 and below suffer from an unauthenticated privilege escalation vulnerability. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to regist...
PhishKey: a Novel Centroid-Based Approach for Enhanced Phishing Detection Using Adaptive HTML Component Extraction
Phishing attacks pose a significant cybersecurity threat, evolving rapidly to bypass detection mechanisms and exploit human vulnerabilities. This paper introduces PhishKey to address the challenges of adaptability, robustness, and efficiency. PhishKey is a novel phishing detection method using...
TEMPEST-LoRa: Cross-Technology Covert Communication
Electromagnetic EM covert channels pose significant threats to computer and communications security in air-gapped networks. Previous works exploit EM radiation from various components e.g., video cables, memory buses, CPUs to secretly send sensitive information. These approaches typically require...
Boosting Generative Adversarial Transferability with Self-Supervised Vision Transformer Features
The ability of deep neural networks DNNs come from extracting and interpreting features from the data provided. By exploiting intermediate features in DNNs instead of relying on hard labels, we craft adversarial perturbation that generalize more effectively, boosting black-box transferability...
Practical and Accurate Local Edge Differentially Private Graph Algorithms
Whitepaper called Practical And Accurate Local Edge Differentially Private Graph Algorithms...
Balancing Privacy and Utility in Correlated Data: a Study of Bayesian Differential Privacy
Privacy risks in differentially private DP systems increase significantly when data is correlated, as standard DP metrics often underestimate the resulting privacy leakage, leaving sensitive information vulnerable. Given the ubiquity of dependencies in real-world databases, this oversight poses a...
IDGraphs: Intrusion Detection and Analysis Using Stream Compositing
Traffic anomalies and attacks are commonplace in today's networks and identifying them rapidly and accurately is critical for large network operators. For a statistical intrusion detection system IDS, it is crucial to detect at the flow-level for accurate detection and mitigation. However, existi...
httpx 1.7.0 Denial of Service / Out-Of-Bounds Read
httpx version 1.7.0 suffers from an out-of-bounds read in trimTitleTags due to a missing bounds check when slicing the title string...
On the Feasibility of Poisoning Text-To-Image AI Models Via Adversarial Mislabeling
Today's text-to-image generative models are trained on millions of images sourced from the Internet, each paired with a detailed caption produced by Vision-Language Models VLMs. This part of the training pipeline is critical for supplying the models with large volumes of high-quality image-captio...
Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development
This report, released by NSA and CISA, acknowledges the challenges and aims to provide a balanced view of the state of MSLs. Reducing memory safety vulnerabilities requires understanding when MSLs are appropriate, knowing how to adopt them effectively, and recognizing where non-MSLs remain...
Adversarial Threats in Quantum Machine Learning: a Survey of Attacks and Defenses
Quantum Machine Learning QML integrates quantum computing with classical machine learning, primarily to solve classification, regression and generative tasks. However, its rapid development raises critical security challenges in the Noisy Intermediate-Scale Quantum NISQ era. This chapter examines...
The Discovery, Disclosure, and Investigation of CVE-2024-25825
CVE-2024-25825 is a vulnerability found in FydeOS. This thesis describes its discovery, disclosure, and its further investigation in connection to a nation state actor. The vulnerability is CWE-1392: Use of Default Credentials, CWE-1393: Use of Default Password, and CWE-258: Empty Password in...
SIMulator: SIM Tracing on a (Pico-)Budget
SIM tracing -- the ability to inspect, modify, and relay communication between a SIM card and modem -- has become a significant technique in cellular network research. It enables essential security- and development-related applications such as fuzzing communication interfaces, extracting session...
SPA: Towards More Stealth and Persistent Backdoor Attacks in Federated Learning
Federated Learning FL has emerged as a leading paradigm for privacy-preserving distributed machine learning, yet the distributed nature of FL introduces unique security challenges, notably the threat of backdoor attacks. Existing backdoor strategies predominantly rely on end-to-end label...
Communication-Efficient Publication of Sparse Vectors under Differential Privacy
Whitepaper called Communication-Efficient Publication Of Sparse Vectors Under Differential Privacy...
JsDeObsBench: Measuring and Benchmarking LLMs for JavaScript Deobfuscation
Deobfuscating JavaScript JS code poses a significant challenge in web security, particularly as obfuscation techniques are frequently used to conceal malicious activities within scripts. While Large Language Models LLMs have recently shown promise in automating the deobfuscation process,...
Empowering Digital Agriculture: a Privacy-Preserving Framework for Data Sharing and Collaborative Research
Data-driven agriculture, which integrates technology and data into agricultural practices, has the potential to improve crop yield, disease resilience, and long-term soil health. However, privacy concerns, such as adverse pricing, discrimination, and resource manipulation, deter farmers from...
CodeGuard: a Generalized and Stealthy Backdoor Watermarking for Generative Code Models
Generative code models GCMs significantly enhance development efficiency through automated code generation and code summarization. However, building and training these models require computational resources and time, necessitating effective digital copyright protection to prevent unauthorized lea...
Poster: Enhancing GNN Robustness for Network Intrusion Detection Via Agent-Based Analysis
Graph Neural Networks GNNs show great promise for Network Intrusion Detection Systems NIDS, particularly in IoT environments, but suffer performance degradation due to distribution drift and lack robustness against realistic adversarial attacks. Current robustness evaluations often rely on...
Rational Miner Behaviour, Protocol Stability, and Time Preference: an Austrian and Game-Theoretic Analysis of Bitcoin'S Incentive Environment
This paper integrates Austrian capital theory with repeated game theory to examine strategic miner behaviour under different institutional conditions in blockchain systems. It shows that when protocol rules are mutable, effective time preference rises, undermining rational long-term planning and...