All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
This research proposes a new system that combines blockchain (a decentralized ledger that records transactions) with zero-knowledge proofs (cryptographic methods that prove something is true without revealing the underlying data) to make AI model inference more trustworthy and private. The system verifies both where the input data comes from and where the AI model weights (the learned parameters that control how an AI makes decisions) come from, while keeping user information confidential. The authors demonstrate their approach with a privacy-preserving transaction system that can detect suspicious activity without exposing private data.
NVIDIA Merlin Transformers4Rec for Linux has a vulnerability in its Trainer component involving deserialization of untrusted data (treating unverified data as legitimate code or objects). A user exploiting this flaw could potentially run arbitrary code, crash the system (denial of service), steal information, or modify data.
A memory leak vulnerability exists in the Linux kernel's seccomp (secure computing, a security feature that restricts what system calls a process can make) implementation where seccomp filter objects are not properly freed when a process creation fails after a signal interrupts it. The fix moves the copy_seccomp() function to execute after a signal check and adds a warning in free_task() to ensure filters are properly released during process cleanup.
CVE-2025-64671 is a command injection vulnerability (a flaw where an attacker can inject malicious commands into input that gets executed) in Copilot that allows an unauthorized attacker to execute code locally on a system. The vulnerability stems from improper handling of special characters in commands, and Microsoft has documented it as a known issue.
CVE-2025-62994 is a vulnerability in WP AI CoPilot (a WordPress plugin that adds AI assistance to WordPress sites) version 1.2.7 and earlier, where sensitive information gets accidentally included when the plugin sends data. This allows attackers to retrieve embedded sensitive data that shouldn't be exposed.
This research paper studies the challenge of balancing two competing goals in decentralized learning (where multiple computers train an AI model together without a central server): keeping each computer's data private while protecting against Byzantine attacks (when some computers deliberately send false information to sabotage the learning process). The authors found that using Gaussian noise (random mathematical noise added to messages) to protect privacy actually makes it harder to defend against Byzantine attacks, creating a fundamental tradeoff between these two security goals.
This research proposes a Fairly Proportional Noise Mechanism (FPNM) to address a problem in differential privacy (DP, a technique that adds random noise to data to protect individual privacy while allowing statistical analysis). Traditional DP methods add noise uniformly without considering fairness, which can unfairly affect different groups of people differently, especially in decision-making and learning tasks. The new FPNM approach adjusts noise based on both its direction and size relative to the actual data values, reducing unfairness by about 17-19% in experiments while maintaining privacy protections.
OWASP has released a Top 10 list of security risks specifically for agentic AI applications, which are autonomous AI systems that can use tools and take actions on their own. This framework was built from real incidents and industry experience to help organizations secure these advanced AI systems as they become more common.
The OWASP GenAI Security Project (an open-source community focused on AI safety) has released a list of the top 10 security risks for agentic AI (AI systems that can take actions independently). This guidance was created with input from over 100 industry experts and is meant to help organizations understand and address threats to AI systems.
Fix: Move copy_seccomp() to execute after the signal check in copy_process(), and add a WARN_ON_ONCE() in free_task() for future debugging. This ensures seccomp_filter_release() is called to decrement the filter's refcount in the failure path, preventing memory leaks.
NVD/CVE DatabaseOne-Time Passwords (OTPs, temporary codes used in two-factor authentication to verify your identity) like HOTP and TOTP have vulnerabilities that let attackers bypass security if they steal the secret key stored on a device or server. This paper proposes HP-OTP, a new OTP scheme that combines your password with the device's unique identifier to make it harder for attackers to forge codes even if they compromise either the device or server.
Federated learning (a system where decentralized devices train a shared AI model together while keeping their data local) is vulnerable to poisoning attacks, where malicious participants inject false data to corrupt the final model. This paper proposes AdaptiveShield, a defense system that uses dynamic detection strategies to identify attackers, automatically adjusts its sensitivity thresholds to handle different attack types, reduces damage from missed attackers by adjusting hyperparameters (settings that control how the model learns), and hides user identities through a shuffling mechanism to protect privacy.
Fix: AdaptiveShield employs: (1) dynamic detection strategies that assess maliciousness and dynamically adjust detection thresholds to adapt to various attack scenarios; (2) dynamic hyperparameter adjustment to minimize negative impact from missed attackers and enhance robustness; and (3) a hierarchical shuffle mechanism to dissociate user identities from their uploaded local models, providing privacy protection.
IEEE Xplore (Security & AI Journals)This paper proposes Verifiable Data Capsule (VDC), a method for secure data sharing in cloud computing where data owners encrypt their data and upload it with access policies to a cloud server, allowing only authorized users to process the data in a TEE (Trusted Execution Environment, a secure zone on a computer where data stays protected). The system addresses a problem with existing approaches: malicious servers could trick users by providing outdated or corrupted data, so the researchers designed a lightweight verification method called Locally Verifiable Chameleon Tag (LVCT) that lets users confirm data hasn't been tampered with or replaced.
This academic paper proposes a new authentication scheme for vehicle-to-grid (V2G) systems, which allow electric vehicles to exchange power with electrical grids. The scheme uses conditional anonymous authentication (a method that hides vehicle identity while allowing identification of bad actors) with a multi-level architecture combining group signatures (cryptographic signatures that hide individual identity within a group) and proxy signatures (where one party can create signatures on behalf of another), making it more efficient than existing approaches.
Advanced Persistent Threats (APTs, which are long-term targeted attacks by sophisticated adversaries) are becoming harder to detect early. This paper introduces Warning-Graph, a framework that uses threat intelligence modeling (analyzing data about known attack patterns and infrastructure) to identify ongoing APT attacks by examining IoCs (indicators of compromise, or digital clues that show an attack happened) without needing lots of labeled training data. The framework uses graph-based machine learning techniques to improve detection accuracy by 3-5 percentage points compared to existing methods.
Deep learning attacks have successfully cracked CAPTCHAs (automated tests that distinguish humans from bots) that use large character sets, especially those with alphabets from languages like Chinese. This paper proposes ACG (Adversarial Large Character Set CAPTCHA Generation), a framework that makes CAPTCHAs harder to attack by adding adversarial perturbations (intentional distortions that confuse AI recognition systems) through two modules: one that prevents character recognition and another that adds global visual noise, reducing attack success rates from 51.52% to 2.56%.
Fix: The paper proposes ACG (Adversarial Large Character Set CAPTCHA Generation) as a defense framework. According to the source, ACG uses 'a Fine-grained Generation Module, combining three novel strategies to prevent attackers from recognizing characters, and an Ensemble Generation Module to generate global perturbations in CAPTCHAs' to strengthen defense against recognition attacks and improve robustness against diverse detection architectures.
IEEE Xplore (Security & AI Journals)This research paper describes a method to improve emotion recognition using EEG (electroencephalography, a technology that measures electrical activity in the brain) by generating synthetic EEG data through a diffusion model (a type of AI that creates new data by gradually removing noise from random data). The proposed approach achieved up to 5.6% better accuracy in identifying emotions compared to traditional methods, helping address the problem of not having enough real EEG data for training these systems.
AI systems are valuable for cybersecurity because they can detect patterns and anomalies in large amounts of data, but attackers can exploit these same AI capabilities to launch sophisticated attacks. Adversarial learning (using AI to trick or attack other AI systems) works in two ways: attackers use techniques like data poisoning (corrupting training data) and test time evasion (fooling a trained model with specially crafted inputs) to compromise security systems, while defenders use adversarial training (teaching AI to resist such attacks) to protect against these threats. The source identifies gaps in current research, including a lack of real-world attack data and limited evaluation of AI solutions for network traffic analysis.
This research proposes an AI-based system that uses deep learning and reinforcement learning (RL, a machine learning approach where an AI learns by receiving rewards for good decisions) to detect disease markers in exhaled breath by analyzing volatile organic compounds (VOCs, small carbon-based chemicals produced by the body). The system is designed to work well even with small datasets and aims to improve early disease detection, particularly for chronic kidney disease, through a noninvasive and cost-effective diagnostic method.
Spiking federated learning (FL, a distributed training method where multiple devices collaborate without sharing their private data) typically uses random selection to choose which devices contribute to the final model, but this ignores statistical heterogeneity (differences in data distribution across devices). This paper proposes SFedCA, a new strategy that assigns credits to devices based on their firing intensity (activity level in spiking neural networks, which use brain-inspired neurons that only activate when needed) before and after training, allowing better selection of devices whose data distributions match the overall model needs.
This research paper addresses generalized out-of-distribution detection (OOD detection, where an AI system identifies inputs that are very different from its training data), which is important for AI systems used in safety-critical applications. Rather than focusing on designing better scoring functions, the authors propose a new decision rule called the generalized Benjamini Hochberg procedure that uses hypothesis testing (a statistical method for making decisions about data) to determine whether an input is out-of-distribution, and they prove this method controls false positive rates better than traditional threshold-based approaches.