23.11.25

With over 3 billion users globally, mobile instant messaging apps have become indispensable for both personal and professional communication.

PAPERS

9.11.25

Open-weight models provide researchers and developers with accessible foundations for diverse downstream applications. We tested the safety and security postures of eight open-weight large language models (LLMs) models to identify vulnerabilities that may impact subsequent fine-tuning and deployment.

PAPERS

9.11.25

Large language models (LLMs) possess extensive knowledge and question-answering capabilities, having been widely deployed in privacy-sensitive domains like finance and medical consultation. During LLM inferences, cache-sharing methods are commonly employed to enhance efficiency by reusing cached states or responses for the same or similar inference requests.

PAPERS

9.11.25

AI assistants are becoming an integral part of society, used for asking advice or help in personal and confidential issues. In this paper, we unveil a novel side-channel that can be used to read encrypted responses from AI Assistants over the web: the token-length side-channel.

PAPERS

9.11.25

Large Language Models (LLMs) are increasingly deployed in sensitive domains including healthcare, legal services, and confidential communications, where privacy is paramount. This paper introduces Whisper Leak, a side-channel attack that infers user prompt topics from encrypted LLM traffic by analyzing packet size and timing patterns in streaming responses.

PAPERS

16.10.25

AMD SEV-SNP offers confidential computing in form of confidential VMs, such that the untrusted hypervisor cannot tamper with its confidentiality and integrity.

PAPERS

16.10.25

Pixel stealing attacks enable malicious websites to leak sensitive content displayed in victim websites.

PAPERS

3.10.25

Intel's Software Guard eXtensions (SGX) is a hardware feature in Intel servers that aims to offer strong integrity and confidentiality properties for software, even in the presence of root-level attackers.

PAPERS

3.10.25

With Battering RAM, we show that even the latest defenses on Intel and AMD cloud processors can be bypassed. We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks.

PAPERS

21.9.25

Abstract—Virtualization is a cornerstone of modern cloud infrastructures, providing the required isolation to customers. This isolation, however, is threatened by speculative execution attacks which the CPU vendors attempt to mitigate by extending the isolation to the branch predictor state.

PAPERS

21.9.25

Abstract—DDR5 has shown an increased resistance to Rowhammer attacks in production settings. Surprisingly, DDR5 achieves this without additional refresh management commands, pointing to the deployment of more sophisticated inDRAM Target Row Refresh (TRR) mechanisms.

PAPERS

17.9.25

A lack of accessible data has historically restricted malware analysis research, and practitioners have relied heavily on datasets provided by industry sources to advance.

PAPERS

17.9.25

Abstract—Since the disclosure of the row hammer (RH) attack phenomenon in 2014, a significant threat to system security, it has been active research in both industry and academia.

PAPERS

17.9.25

Rowhammer is a hardware vulnerability present in nearly all computer memory, allowing attackers to modify bits in memory without directly accessing them.

PAPERS

17.9.25

While conventional backdoor attacks on deep neural networks (DNNs) assume the attacker can manipulate the training data or process, recent research introduces a more practical threat model by injecting backdoors during the inference stage.

PAPERS

31.8.25

Large Language Models (LLMs) are becoming integral components of complex software systems, where they serve as intelligent agents that can interpret natural language instructions, make plans, and execute actions through external tools and APIs

PAPERS

27.8.25

Sni5Gect: A Practical Approach
to Inject aNRchy into 5G NR

PAPERS

20.7.25

From a Teams Call to a Ransomware Threat: Matanbuchus 3.0 MaaS Levels Up

PAPERS

12.7.25

Rowhammer is a read disturbance vulnerability in modernDRAM that causes bit-flips, compromising security and reliability. While extensively studied on Intel and AMD CPUs with DDR and LPDDR memories, its impact on GPUs using GDDR memories, critical for emerging machine learning applications, remains unexplored

PAPERS

12.7.25

Users interact with mobile devices under the assumption that the graphical user interface (GUI) accurately reflects their actions, a trust fundamental to the user experience.

PAPERS

24.6.25

We argue that Large language models (LLMs) will soon alter the economics of cyberattacks. Instead of attacking the most commonly used software and monetizing exploits by targeting the lowest common denominator among victims, LLMs enable adversaries to launch tailored attacks on a user-by-user basis.

AI

24.6.25

Large Language Models (LLMs) guardrail systems are designed to protect against prompt injection and jailbreak attacks.

AI

15.6.25

PAPERS

21.4.25

Linux kernel vulnerability reproduction is a critical task in systemsecurity. To reproduce a kernel vulnerability, the vulnerable environment and the Proof of Concept (PoC) program are needed. Most existing research focuses on the generation of PoC, while the construction of environment is overlooked. However, establishing an effective vulnerable environment to trigger a vulnerability is challenging

Vulnerebility

21.4.25

Content Delivery Networks (CDNs) provide high availability, speed up content delivery, and safeguard against DDoS attacks for their hosting websites. To achieve the aforementioned objectives, CDN designs several back-to-origin strategies that proactively pre-pull resources and modify HTTP requests and responses.

ATTACK

21.4.25

Command and Control (C2) attacks involve establishing an encrypted connection between victim
machines and C2 servers. Utilizing Image-based C2 makes it more challenging for the network security and forensic analysis, even when firewalls have decryption capabilities enabled.

AI

13.4.25

The reliance of popular programming languages such as Python and JavaScript on centralized package repositories and open-source software, combined with the emergence of code-generating Large Language Models (LLMs), has created a new type of threat to the software supply chain: package hallucinations. T

AI

6.4.25

Many networks have a gap in their defenses for detecting and blocking a malicious technique known as “fast flux.”

MALWARE

24.2.25

Apple silicon is the proprietary ARM-based processor that powers the mainstream of Apple devices. The move to this proprietary architecture presents unique challenges in addressing security issues, requiring huge research efforts into the security of Apple silicon-based systems. In this paper, we study the security of KASLR, the randomization-based kernel hardening technique, on the stateof-the-art macOS system equipped with Apple silicon processors.

PAPERS

28.1.25

Uncovering New Classes of Kernel Vulnerabiliti

PAPERS

25.1.25

To bridge the ever-increasing gap between the fast execution speed of modern processors and the long latency of memory accesses, CPU vendors continue to introduce newer and more advanced optimizations. While these optimizations improve performance, research has repeatedly demonstrated that they may also have an adverse impact on security.

PAPERS

25.1.25

Since Spectre’s initial disclosure in 2018, the difficulty of mitigating speculative execution attacks completely in hardware has led to the proliferation of several new variants and attack surfaces in the past six years. Most of the progeny build on top of the original Spectre attack’s key insight, namely that CPUs can execute the wrong control flow transiently and disclose secrets through side-channel traces when attempting to alleviate control hazards, such as conditional or indirect branches and return statements.

PAPERS