6894 matches found
AppleAVD AV1_Syntax::f Out-Of-Bounds Read
There is an issue in AppleAVD kernel extension with decoding AV1 video files that could potentially be used to read out-of bound data or potentially cause a kernel crash when rendering a malformed video file. The issue was observed on macOS Sonoma 14.5...
Don'T Hash Me like That: Exposing and Mitigating Hash-Induced Unfairness in Local Differential Privacy
Local differential privacy LDP has become a widely accepted framework for privacy-preserving data collection. In LDP, many protocols rely on hash functions to implement user-side encoding and perturbation. However, the security and privacy implications of hash function selection have not been...
AppleAVD AV1_Syntax::Parse_Header Out-Of-Bounds Read
There is an issue in AppleAVD kernel extension with decoding AV1 video files that could potentially be used to read out-of bound data or potentially cause a kernel crash when rendering a malformed video file. The issue was observed on macOS Sonoma 14.5...
On the Impact of Sybil-Based Attacks on Mobile Crowdsensing for Transportation
Mobile Crowd-Sensing MCS enables users with personal mobile devices PMDs to gain information on their surroundings. Users collect and contribute data on different phenomena using their PMD sensors, and the MCS system processes this data to extract valuable information for end users. Navigation...
Living Long Doing Pentests
Whitepaper called Living Long Doing Pentests. It discusses basic LLDP protocol fuzzing and usage from a pentester's point of view...
MacOS Sandbox Escape via Double Free in coreaudiod/CoreAudio Framework
MacOS suffers from a sandbox escape vulnerability due to a double-free condition in coreaudiod/CoreAudio Framework...
Generative AI for Vulnerability Detection in 6G Wireless Networks: Advances, Case Study, and Future Directions
The rapid advancement of 6G wireless networks, IoT, and edge computing has significantly expanded the cyberattack surface, necessitating more intelligent and adaptive vulnerability detection mechanisms. Traditional security methods, while foundational, struggle with zero-day exploits, adversarial...
Perry: a High-Level Framework for Accelerating Cyber Deception Experimentation
Cyber deception aims to distract, delay, and detect network attackers with fake assets such as honeypots, decoy credentials, or decoy files. However, today, it is difficult for operators to experiment, explore, and evaluate deception approaches. Existing tools and platforms have non-portable and...
msm_npu Race Condition / Memory Corruption
msmnpu has a race condition between npuhostunloadnetwork and npuhostexecnetworkv2 that leads to memory corruption...
RedCoder: Automated Multi-Turn Red Teaming for Code LLMs
Large Language Models LLMs for code generation i.e., Code LLMs have demonstrated impressive capabilities in AI-assisted software development and testing. However, recent studies have shown that these models are prone to generating vulnerable or even malicious code under adversarial settings...
Vulnerability Disclosure through Adaptive Black-Box Adversarial Attacks on NIDS
Adversarial attacks, wherein slight inputs are carefully crafted to mislead intelligent models, have attracted increasing attention. However, a critical gap persists between theoretical advancements and practical application, particularly in structured data like network traffic, where...
Measuring Modern Phishing Tactics: a Quantitative Study of Body Obfuscation Prevalence, Co-Occurrence, and Filter Impact
Phishing attacks frequently use email body obfuscation to bypass detection filters, but quantitative insights into how techniques are combined and their impact on filter scores remain limited. This paper addresses this gap by empirically investigating the prevalence, co-occurrence patterns, and...
PrivacyGo: Privacy-Preserving Ad Measurement with Multidimensional Intersection
This paper tackles the challenging and practical problem of multi-identifier private user profile matching for privacy-preserving ad measurement, a cornerstone of modern advertising analytics. We introduce a comprehensive cryptographic framework leveraging reversed Oblivious Pseudorandom Function...
Samsung S24 MP3 Decoder Out-Of-Bounds Read
There is an out-of-bounds read in the MP3 decoder in the Samsung S24. The function smp123djointstereov1 indexes into several tables for decoding, and does not check that the index is valid, allowing the tables to be read out of bounds. It may be possible to use this bug to bypass ASLR, as loading...
Client Clustering Meets Knowledge Sharing: Enhancing Privacy and Robustness in Personalized Peer-To-Peer Learning
The growing adoption of Artificial Intelligence AI in Internet of Things IoT ecosystems has intensified the need for personalized learning methods that can operate efficiently and privately across heterogeneous, resource-constrained devices. However, enabling effective personalized learning in...
ZKPROV: a Zero-Knowledge Approach to Dataset Provenance for Large Language Models
As the deployment of large language models LLMs grows in sensitive domains, ensuring the integrity of their computational provenance becomes a critical challenge, particularly in regulated sectors such as healthcare, where strict requirements are applied in dataset usage. We introduce ZKPROV, a...
XNU VM_BEHAVIOR_ZERO_WIRED_PAGES Read-Only Write
XNU VMBEHAVIORZEROWIREDPAGES suffers from a flaw that allows writing to read-only pages...
Counterfactual Influence As a Distributional Quantity
Machine learning models are known to memorize samples from their training data, raising concerns around privacy and generalization. Counterfactual self-influence is a popular metric to study memorization, quantifying how the model's prediction for a sample changes depending on the sample's...
Universal and Efficient Detection of Adversarial Data through Nonuniform Impact on Network Layers
Deep Neural Networks DNNs are notoriously vulnerable to adversarial input designs with limited noise budgets. While numerous successful attacks with subtle modifications to original input have been proposed, defense techniques against these attacks are relatively understudied. Existing defense...
Hear No Evil: Detecting Gradient Leakage by Malicious Servers in Federated Learning
Recent work has shown that gradient updates in federated learning FL can unintentionally reveal sensitive information about a client's local data. This risk becomes significantly greater when a malicious server manipulates the global model to provoke information-rich updates from clients. In this...
AppleAVD AV1_Syntax::Parse_Header Integer Underflow / Out-Of-Bounds Read
There is an issue in AppleAVD kernel extension with decoding AV1 video files that could potentially be used to read out-of bound data or potentially cause a kernel crash when rendering a malformed video file. The issue was observed on macOS Sonoma 14.5...
Leaner Training, Lower Leakage: Revisiting Memorization in LLM Fine-Tuning with LoRA
Memorization in large language models LLMs makes them vulnerable to data extraction attacks. While pre-training memorization has been extensively studied, fewer works have explored its impact in fine-tuning, particularly for LoRA fine-tuning, a widely adopted parameter-efficient method. In this...
E-FreeM2: Efficient Training-Free Multi-Scale and Cross-Modal News Verification Via MLLMs
The rapid spread of misinformation in mobile and wireless networks presents critical security challenges. This study introduces a training-free, retrieval-based multimodal fact verification system that leverages pretrained vision-language models and large language models for credibility assessmen...
SV-LLM: an Agentic Approach for SoC Security Verification Using Large Language Models
Ensuring the security of complex system-on-chips SoCs designs is a critical imperative, yet traditional verification techniques struggle to keep pace due to significant challenges in automation, scalability, comprehensiveness, and adaptability. The advent of large language models LLMs, with their...
Yotta: a Large-Scale Trustless Data Trading Scheme for Blockchain System
Data trading is one of the key focuses of Web 3.0. However, all the current methods that rely on blockchain-based smart contracts for data exchange cannot support large-scale data trading while ensuring data security, which falls short of fulfilling the spirit of Web 3.0. Even worse, there is...
KnowML: Improving Generalization of ML-NIDS with Attack Knowledge Graphs
Despite extensive research on Machine Learning-based Network Intrusion Detection Systems ML-NIDS, their capability to detect diverse attack variants remains uncertain. Prior studies have largely relied on homogeneous datasets, which artificially inflate performance scores and offer a false sense ...
On the Efficacy of Old Features for the Detection of New Bots
For more than a decade now, academicians and online platform administrators have been studying solutions to the problem of bot detection. Bots are computer algorithms whose use is far from being benign: malicious bots are purposely created to distribute spam, sponsor public characters and,...
From Worst-Case Hardness of NP to Quantum Cryptography Via Quantum Indistinguishability Obfuscation
Whitepaper called From Worst-Case Hardness Of NP To Quantum Cryptography Via Quantum Indistinguishability Obfuscation...
Quest KACE Systems Management Appliance 14.1 Unauthenticated License Replacement
Seralys Security Advisory - Quest KACE SMA allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service. Version 14.1 is confirmed...
Quest KACE Systems Management Appliance 14.1 Unauthenticated Backup Upload
Seralys Security Advisory - Quest KACE SMA allows unauthenticated users to upload backup files to the system. While signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity. Version 14.1 is...
FuncVul: an Effective Function Level Vulnerability Detection Model Using LLM and Code Chunk
Software supply chain vulnerabilities arise when attackers exploit weaknesses by injecting vulnerable code into widely used packages or libraries within software repositories. While most existing approaches focus on identifying vulnerable packages or libraries, they often overlook the specific...
An ETSI GS QKD Compliant TLS Implementation
A modification of the TLS protocol is presented, using our implementation of the Quantum Key Distribution QKD standard ETSI GS QKD 014 v1.1.1. We rely on the Rustls library for this. The TLS protocol is modified while maintaining backward compatibility on the client and server side. We thus wish ...
PhishingHook: Catching Phishing Ethereum Smart Contracts Leveraging EVM Opcodes
The Ethereum Virtual Machine EVM is a decentralized computing engine. It enables the Ethereum blockchain to execute smart contracts and decentralized applications dApps. The increasing adoption of Ethereum sparked the rise of phishing activities. Phishing attacks often target users through...
Recalling the Forgotten Class Memberships: Unlearned Models Can Be Noisy Labelers to Leak Privacy
Machine Unlearning MU technology facilitates the removal of the influence of specific data instances from trained models on request. Despite rapid advancements in MU technology, its vulnerabilities are still under explored, posing potential risks of privacy breaches through leaks of ostensibly...
Autonomous Cyber Resilience Via a Co-Evolutionary Arms Race within a Fortified Digital Twin Sandbox
The convergence of IT and OT has created hyper-connected ICS, exposing critical infrastructure to a new class of adaptive, intelligent adversaries that render static defenses obsolete. Existing security paradigms often fail to address a foundational "Trinity of Trust," comprising the fidelity of...
PrivacyXray: Detecting Privacy Breaches in LLMs through Semantic Consistency and Probability Certainty
Large Language Models LLMs are widely used in sensitive domains, including healthcare, finance, and legal services, raising concerns about potential private information leaks during inference. Privacy extraction attacks, such as jailbreaking, expose vulnerabilities in LLMs by crafting inputs that...
Can One Safety Loop Guard Them All? Agentic Guard Rails for Federated Computing
We propose Guardian-FC, a novel two-layer framework for privacy preserving federated computing that unifies safety enforcement across diverse privacy preserving mechanisms, including cryptographic back-ends like fully homomorphic encryption FHE and multiparty computation MPC, as well as statistic...
SoK: Can Synthetic Images Replace Real Data? A Survey of Utility and Privacy of Synthetic Image Generation
Advances in generative models have transformed the field of synthetic image generation for privacy-preserving data synthesis PPDS. However, the field lacks a comprehensive survey and comparison of synthetic image generation methods across diverse settings. In particular, when we generate syntheti...
Quantum-Resistant Domain Name System: a Comprehensive System-Level Study
The Domain Name System DNS plays a foundational role in Internet infrastructure, yet its core protocols remain vulnerable to compromise by quantum adversaries. As cryptographically relevant quantum computers become a realistic threat, ensuring DNS confidentiality, authenticity, and integrity in t...
Verifiable Unlearning on Edge
Machine learning providers commonly distribute global models to edge devices, which subsequently personalize these models using local data. However, issues such as copyright infringements, biases, or regulatory requirements may require the verifiable removal of certain data samples across all edg...
Diffusion-Based Task-Oriented Semantic Communications with Model Inversion Attack
Semantic communication has emerged as a promising neural network-based system design for 6G networks. Task-oriented semantic communication is a novel paradigm whose core goal is to efficiently complete specific tasks by transmitting semantic information, optimizing communication efficiency and ta...
ZK-SERIES: Privacy-Preserving Authentication Using Temporal Biometric Data
Biometric authentication relies on physiological or behavioral traits that are inherent to a user, making them difficult to lose, forge or forget. Biometric data with a temporal component enable the following authentication protocol: recent readings of the underlying biometrics are encoded as tim...
A Hybrid Intrusion Detection System with a New Approach to Protect the Cybersecurity of Cloud Computing
Cybersecurity is one of the foremost challenges facing the world of cloud computing. Recently, the widespread adoption of smart devices in cloud computing environments that provide Internet-based services has become prevalent. Therefore, it is essential to consider the security threats in these...
Assessing Risk of Stealing Proprietary Models for Medical Imaging Tasks
The success of deep learning in medical imaging applications has led several companies to deploy proprietary models in diagnostic workflows, offering monetized services. Even though model weights are hidden to protect the intellectual property of the service provider, these models are exposed to...
Out-of-Bounds Write Vulnerability in BACnet MS/TP Kernel Module
A critical buffer overflow vulnerability in the mstp.ko kernel module, used in ABB’s Cylon ASPECT/FLXeon BACnet MS/TP controllers for building management systems BMS, allows out-of-bounds writes in the SendFrame function due to inadequate bounds checking of BACnet MS/TP frames. This flaw,...
Retrieval-Confused Generation Is a Good Defender for Privacy Violation Attack of Large Language Models
Recent advances in large language models LLMs have made a profound impact on our society and also raised new security concerns. Particularly, due to the remarkable inference ability of LLMs, the privacy violation attack PVA, revealed by Staab et al., introduces serious personal privacy issues...
Decompiling Smart Contracts with a Large Language Model
The widespread lack of broad source code verification on blockchain explorers such as Etherscan, where despite 78,047,845 smart contracts deployed on Ethereum as of May 26, 2025, a mere 767,520 1% are open source, presents a severe impediment to blockchain security. This opacity necessitates the...
Attack Smarter: Attention-Driven Fine-Grained Webpage Fingerprinting Attacks
Website Fingerprinting WF attacks aim to infer which websites a user is visiting by analyzing traffic patterns, thereby compromising user anonymity. Although this technique has been demonstrated to be effective in controlled experimental environments, it remains largely limited to small-scale...
Anti-Phishing Training Does Not Work: a Large-Scale Empirical Assessment of Multi-Modal Training Grounded in the NIST Phish Scale
Social engineering attacks using email, commonly known as phishing, are a critical cybersecurity threat. Phishing attacks often lead to operational incidents and data breaches. As a result, many organizations allocate a substantial portion of their cybersecurity budgets to phishing awareness...
WebGuard++: Interpretable Malicious URL Detection Via Bidirectional Fusion of HTML Subgraphs and Multi-Scale Convolutional BERT
URL+HTML feature fusion shows promise for robust malicious URL detection, since attacker artifacts persist in DOM structures. However, prior work suffers from four critical shortcomings: 1 incomplete URL modeling, failing to jointly capture lexical patterns and semantic context; 2 HTML graph...