All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
This paper addresses how to map out the structure of autonomous systems (ASes, which are large networks controlled by single organizations) using path identifiers in path-aware networking (PAN, a system where packets carry information about which networks they travel through). The researchers propose an algorithm called AEC (Alternating Expanding and Checking) that reconstructs the AS-level topology by examining these path identifiers in packets, achieving 99.6% accuracy in tests.
Between July 2024 and February 2025, malicious DNG files (a raw image format) were discovered that exploited a Samsung vulnerability through the Quram image parsing library. These files were sent via WhatsApp and triggered a spyware infection when users clicked to download the images, which then allowed the malware to run within Samsung's com.samsung.ipservice process, a system service that automatically scans images for AI-powered features.
LibreChat (a ChatGPT alternative with extra features) versions 0.8.0 and below have a security flaw where JSON parsing errors aren't properly handled, causing user input to appear in error messages. This can expose HTML or JavaScript code in responses, creating an XSS risk (cross-site scripting, where attackers inject malicious code that runs in users' browsers).
LibreChat versions 0.8.0 and below have a vulnerability where JSON requests sent to modify prompts aren't properly checked for valid input, allowing users to change prompts in unintended ways through a PATCH endpoint (a request type that modifies existing data). The vulnerability occurs because the patchPromptGroup function passes user input directly without filtering out sensitive fields that shouldn't be modifiable.
LibreChat, a ChatGPT clone with extra features, has a vulnerability in versions 0.8.0 and below where an attacker can modify the iconURL parameter (a web address for an icon image) in chat posts. This malicious code gets saved and can be shared to other users, potentially exposing their private information through malicious trackers when they view the shared chat link. The vulnerability is caused by improper handling of HTML content (XSS, or cross-site scripting, where attackers inject malicious code into web pages).
CVE-2025-67511 is a command injection vulnerability (a flaw where attackers can insert malicious commands into input) in Cybersecurity AI (CAI), an open-source framework for building AI agents that handle security tasks. Versions 0.5.9 and earlier are vulnerable because the run_ssh_command_with_credentials() function only escapes (protects) the password and command inputs, leaving the username, host, and port values open to attack.
Neuron is a PHP framework for creating AI agents that can perform tasks, and versions 2.8.11 and earlier have a vulnerability in the MySQLWriteTool component. The tool runs database commands without checking if they're safe, allowing attackers to use prompt injection (tricking the AI by hiding instructions in its input) to execute harmful SQL commands like deleting entire tables or changing permissions if the database user has broad access rights.
Neuron is a PHP framework for building AI agents that can query databases. Versions 2.8.11 and below have a flaw in MySQLSelectTool, a component meant to safely let AI agents read from databases. The tool only checks if a command starts with SELECT and blocks certain words, but misses SQL commands like INTO OUTFILE that write files to disk. An attacker could use prompt injection (tricking an AI by hiding instructions in its input) through a public agent endpoint to write files to the database server if it has the right permissions.
Privacy-preserving federated learning (PPFL, a method where multiple computers train AI models together while keeping their data secret) is vulnerable to data poisoning attacks (where attackers intentionally corrupt training data to sabotage the model). This paper proposes PPFPL, a framework that uses prototypes (simplified representations of model updates) and homomorphic encryption (a technique allowing calculations on encrypted data without decrypting it) to protect against poisoning attacks while maintaining privacy in distributed learning scenarios.
Fix: The exploited Samsung vulnerability was fixed in April 2025.
Google Project ZeroFix: Update to version 0.8.1, where this issue is fixed.
NVD/CVE DatabaseFix: This issue is fixed in version 0.8.1. Users should upgrade to LibreChat version 0.8.1 or later.
NVD/CVE DatabaseThis paper presents Mimi, a new system for searching encrypted data (searchable encryption, where users can find information in coded databases without revealing what they're looking for) that uses two-factor verification to confirm results are correct. Mimi addresses problems in existing systems by using a special tree structure to speed up result verification, supporting fast searches even with large datasets, and protecting encryption keys from being stolen. The system also allows multiple users to search the same encrypted data and handles changes to user permissions and data over time.
This research addresses the problem that deepfake detection systems (AI trained to identify manipulated images created by generative models like GANs and diffusion models) often fail when encountering new or unfamiliar types of forgeries. The authors propose RSG-DA, a framework that improves detection by generating diverse fake samples and using a dual augmentation strategy (data transformation techniques applied in two different ways) to help the AI learn to recognize a wider range of forgery patterns, along with a lightweight module to make these learned patterns work better across different datasets.
Researchers demonstrated a new attack method called ASBA (APK-Specific Backdoor Attack) that can compromise Android malware detection systems by injecting poisoned training data. Unlike previous attacks that use the same trigger across many malware samples, ASBA uses a generative adversarial network (GAN, an AI technique that learns to create realistic fake data) to generate unique triggers for each malware sample, making it harder for security tools to detect and block multiple instances of malware at once.
M&M is a framework that improves secure two-party machine learning (where two parties compute on data without revealing it to each other) by using an efficient modulus conversion protocol (a technique that converts numbers between different mathematical domains used by different encryption methods). The framework integrates various cryptographic tools more efficiently, achieving 6–100 times faster approximated truncations (rounding operations) and 4–5 times faster communication and runtime for machine learning tasks.
This research presents DIST (disentangled spatiotemporal graph neural networks), a new AI framework designed to make traffic prediction more reliable when real-world conditions change unexpectedly. The system separates stable, unchanging traffic patterns from dynamic ones, and uses graph perturbation (intentionally introducing variations during training) to help the model learn which features are robust enough to work across different traffic scenarios.
GitHub's CodeQL multi-repository variant analysis (MRVA) lets you run security bug-finding queries across thousands of projects quickly, but it's built mainly for VS Code. A developer created mrva, a terminal-based alternative that runs on your machine and works with command-line tools, letting you download pre-built CodeQL databases (collections of code information), analyze them with queries, and display results in the terminal.
Fix: Update to version 2.8.12, which fixes this issue.
NVD/CVE DatabaseFix: Fixed in version 2.8.12.
NVD/CVE DatabaseThis research proposes PPFPS, a privacy-preserving system for managing vehicle platoons (groups of trucks traveling together) in urban freight delivery. The scheme uses encrypted Manhattan distance calculation (a method for measuring distances along city streets rather than straight lines) combined with reputation tracking to let delivery vehicles flexibly join and leave groups while keeping their locations private. The system reduces computational work on central authorities by 66-78% compared to existing approaches.
This research proposes a new method for assessing security risks in large corporate networks by using Bayesian attack graphs (mathematical models that show how attackers might chain together vulnerabilities to breach a system) built from system audit logs (records of activities on computers). The method addresses limitations of traditional security approaches by capturing real-time changes in network configurations and identifying the most dangerous attack paths while reducing computational complexity.
This research proposes FKLM-PDA, a lightweight system for collecting power consumption data in smart grids while protecting users' privacy. The system uses an efficient encryption method (combining random masking with secret-sharing based key separation, which splits encryption keys so no single leaked key fully exposes data) to replace expensive encryption algorithms, and it can tolerate transmission failures and handle users joining or leaving the system.
XSS attacks (malicious code injected into websites to steal user data) are hard to detect because attackers can create adversarial samples that trick detection models into missing threats. This paper proposes a new detection model using two-stage AST (abstract syntax tree, a structural representation of code) analysis combined with LSTM (long short-term memory, a type of neural network good at processing sequences) to better identify malicious code while resisting adversarial tricks, achieving over 98.2% detection accuracy even against adversarial attacks.
This research paper studies the challenge of balancing two competing goals in decentralized learning (where multiple computers train an AI model together without a central server): keeping each computer's data private while protecting against Byzantine attacks (when some computers deliberately send false information to sabotage the learning process). The authors found that using Gaussian noise (random mathematical noise added to messages) to protect privacy actually makes it harder to defend against Byzantine attacks, creating a fundamental tradeoff between these two security goals.