aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6449 items

Enhancing the Security of Large Character Set CAPTCHAs Using Transferable Adversarial Examples

inforesearchPeer-Reviewed
researchsecurity
Dec 9, 2025

Deep learning attacks have successfully cracked CAPTCHAs (automated tests that distinguish humans from bots) that use large character sets, especially those with alphabets from languages like Chinese. This paper proposes ACG (Adversarial Large Character Set CAPTCHA Generation), a framework that makes CAPTCHAs harder to attack by adding adversarial perturbations (intentional distortions that confuse AI recognition systems) through two modules: one that prevents character recognition and another that adds global visual noise, reducing attack success rates from 51.52% to 2.56%.

Fix: The paper proposes ACG (Adversarial Large Character Set CAPTCHA Generation) as a defense framework. According to the source, ACG uses 'a Fine-grained Generation Module, combining three novel strategies to prevent attackers from recognizing characters, and an Ensemble Generation Module to generate global perturbations in CAPTCHAs' to strengthen defense against recognition attacks and improve robustness against diverse detection architectures.

IEEE Xplore (Security & AI Journals)

AdaptiveShield: Dynamic Defense Against Decentralized Federated Learning Poisoning Attacks

inforesearchPeer-Reviewed
security

Reinforcement Learning-Enhanced Dynamic LSTM Training With Meta-Feature Extraction for Small Time-Series VOC Datasets in CKD Detection

inforesearchPeer-Reviewed
research

Enhancing EEG Signal-Based Emotion Recognition With Synthetic Data: Diffusion Model Approach

inforesearchPeer-Reviewed
research

Contrast Duality of Adversarial Learningin Network Intrusion: A Review

inforesearchPeer-Reviewed
research

SFedCA: Credit Assignment-Based Active Client Selection Strategy for Spiking Federated Learning

inforesearchPeer-Reviewed
research

A Unified Decision Rule for Generalized Out-of-Distribution Detection

inforesearchPeer-Reviewed
research

Test-Time Correction: An Online 3D Detection System via Visual Prompting

inforesearchPeer-Reviewed
research

Versatile Backdoor Attack With Visible, Semantic, Sample-Specific and Compatible Triggers

inforesearchPeer-Reviewed
security

Teamwork Makes TEE Work: Open and Resilient Remote Attestation on Decentralized Trust

inforesearchPeer-Reviewed
security

Exploiting Kubernetes’ Image Pull Implementation to Deny Node Availability

inforesearchPeer-Reviewed
security

KGEES: An Energy Saving System With Location Privacy Preservation in Multi-Access Edge Computing

inforesearchPeer-Reviewed
research

Side-Channel Analysis Based on Multiple Leakage Models Ensemble

inforesearchPeer-Reviewed
research

Generalizable Synthetic Image Detection via Language-Guided Contrastive Learning

inforesearchPeer-Reviewed
research

CVE-2025-40311: In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: support mapping cb with vmalloc-b

infovulnerability
security
Dec 7, 2025
CVE-2025-40311

A bug in the Linux kernel's Habana Labs accelerator driver could cause a kernel crash when trying to map certain types of memory (specifically, memory allocated by dma_alloc_coherent, which is memory designed for direct hardware access) if IOMMU (input/output memory management unit, which controls how devices access system memory) is enabled. The kernel would crash because it tried to map vmalloc-backed memory (memory allocated from the virtual memory system) without the proper flags set.

CVE-2025-13922: The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based bli

mediumvulnerability
security
Dec 6, 2025
CVE-2025-13922

A WordPress plugin called AI Autotagger with OpenAI has a security flaw called time-based blind SQL injection (a technique where attackers sneak extra database commands into legitimate queries by exploiting how the software processes user input) in versions up to 3.40.1. Attackers with contributor-level access or higher can use this flaw to steal sensitive data from the database, slow down the website, or extract information through time-delay tricks.

CVE-2025-34291: Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote cod

highvulnerability
security
Dec 5, 2025
CVE-2025-34291EPSS: 13.3%

CVE-2025-66581: Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0,

mediumvulnerability
security
Dec 5, 2025
CVE-2025-66581

Frappe Learning Management System (LMS) had a vulnerability in versions before 2.41.0 where the server did not properly check user permissions, allowing low-privileged users like students to perform actions meant only for instructors or administrators by directly accessing the API (the interface that lets software communicate with other software). The flaw existed because permission checks only happened on the client side or in the user interface rather than on the server, which is easier to bypass.

SAGA: Synthetic Audit Log Generation for APT Campaigns

inforesearchPeer-Reviewed
research

AI-Based Automatic Prostate Gland Segmentation in Multi-modal Medical Imaging: A Review

inforesearchPeer-Reviewed
research
Previous231 / 323Next
research
Dec 9, 2025

Federated learning (a system where decentralized devices train a shared AI model together while keeping their data local) is vulnerable to poisoning attacks, where malicious participants inject false data to corrupt the final model. This paper proposes AdaptiveShield, a defense system that uses dynamic detection strategies to identify attackers, automatically adjusts its sensitivity thresholds to handle different attack types, reduces damage from missed attackers by adjusting hyperparameters (settings that control how the model learns), and hides user identities through a shuffling mechanism to protect privacy.

Fix: AdaptiveShield employs: (1) dynamic detection strategies that assess maliciousness and dynamically adjust detection thresholds to adapt to various attack scenarios; (2) dynamic hyperparameter adjustment to minimize negative impact from missed attackers and enhance robustness; and (3) a hierarchical shuffle mechanism to dissociate user identities from their uploaded local models, providing privacy protection.

IEEE Xplore (Security & AI Journals)
Dec 9, 2025

This research proposes an AI-based system that uses deep learning and reinforcement learning (RL, a machine learning approach where an AI learns by receiving rewards for good decisions) to detect disease markers in exhaled breath by analyzing volatile organic compounds (VOCs, small carbon-based chemicals produced by the body). The system is designed to work well even with small datasets and aims to improve early disease detection, particularly for chronic kidney disease, through a noninvasive and cost-effective diagnostic method.

IEEE Xplore (Security & AI Journals)
Dec 9, 2025

This research paper describes a method to improve emotion recognition using EEG (electroencephalography, a technology that measures electrical activity in the brain) by generating synthetic EEG data through a diffusion model (a type of AI that creates new data by gradually removing noise from random data). The proposed approach achieved up to 5.6% better accuracy in identifying emotions compared to traditional methods, helping address the problem of not having enough real EEG data for training these systems.

IEEE Xplore (Security & AI Journals)
security
Dec 9, 2025

AI systems are valuable for cybersecurity because they can detect patterns and anomalies in large amounts of data, but attackers can exploit these same AI capabilities to launch sophisticated attacks. Adversarial learning (using AI to trick or attack other AI systems) works in two ways: attackers use techniques like data poisoning (corrupting training data) and test time evasion (fooling a trained model with specially crafted inputs) to compromise security systems, while defenders use adversarial training (teaching AI to resist such attacks) to protect against these threats. The source identifies gaps in current research, including a lack of real-world attack data and limited evaluation of AI solutions for network traffic analysis.

IEEE Xplore (Security & AI Journals)
Dec 9, 2025

Spiking federated learning (FL, a distributed training method where multiple devices collaborate without sharing their private data) typically uses random selection to choose which devices contribute to the final model, but this ignores statistical heterogeneity (differences in data distribution across devices). This paper proposes SFedCA, a new strategy that assigns credits to devices based on their firing intensity (activity level in spiking neural networks, which use brain-inspired neurons that only activate when needed) before and after training, allowing better selection of devices whose data distributions match the overall model needs.

IEEE Xplore (Security & AI Journals)
safety
Dec 9, 2025

This research paper addresses generalized out-of-distribution detection (OOD detection, where an AI system identifies inputs that are very different from its training data), which is important for AI systems used in safety-critical applications. Rather than focusing on designing better scoring functions, the authors propose a new decision rule called the generalized Benjamini Hochberg procedure that uses hypothesis testing (a statistical method for making decisions about data) to determine whether an input is out-of-distribution, and they prove this method controls false positive rates better than traditional threshold-based approaches.

IEEE Xplore (Security & AI Journals)
Dec 9, 2025

This paper presents Test-Time Correction (TTC), a system that helps autonomous vehicles fix detection errors while driving, rather than waiting for retraining. TTC uses an Online Adapter module with visual prompts (image-based descriptions of objects derived from feedback like mismatches or user clicks) to continuously correct mistakes in real-time, allowing vehicles to adapt to new situations and improve safety without stopping to retrain the system.

IEEE Xplore (Security & AI Journals)
research
Dec 9, 2025

Researchers developed a new method for backdoor attacks (techniques that manipulate AI systems to behave in specific ways when exposed to hidden trigger patterns) that works better in real-world physical scenarios. The method, called VSSC triggers (Visible, Semantic, Sample-specific, and Compatible), uses large language models, generative models, and vision-language models in an automated pipeline to create stealthy triggers that can survive visual distortions and be deployed using real objects, making physical backdoor attacks more practical and systematic than manual methods.

IEEE Xplore (Security & AI Journals)
Dec 8, 2025

Remote attestation (RA, the process of verifying that software running on a trusted computer processor is genuine and hasn't been tampered with) traditionally relies on a single central authority to verify trust, which creates security vulnerabilities. This paper introduces Janus, a new RA system that spreads trust across multiple parties using physical hardware features (PUF, or physically unclonable function, unique identifiers built into computer chips) and smart contracts (automated programs running on blockchain networks) to make the verification process more secure, flexible, and resistant to attacks.

IEEE Xplore (Security & AI Journals)
research
Dec 8, 2025

Kubernetes (K8s, a system that manages containerized applications across multiple computers) has a vulnerability in how it handles container image downloads through the CRI-API (the interface between Kubernetes and container runtimes). Because Kubernetes cannot monitor the status of these downloads, attackers can exploit this to launch denial-of-service attacks that consume up to 95% of CPU usage and exhaust network and storage resources on worker nodes indefinitely.

Fix: The source proposes MAGI, an eBPF-based (a technology that allows low-level monitoring within the Linux kernel) proof-of-concept mitigation that detects and terminates potential attacks. However, the source notes that a permanent fix would require fundamental architectural changes to how Kubernetes and the CRI-API interact, which is not feasible in the short term.

IEEE Xplore (Security & AI Journals)
Dec 8, 2025

This research paper presents KGEES, a system designed to reduce energy consumption in multi-access edge computing (MEC, a technology that brings servers closer to users for faster processing) while protecting user privacy. The system uses k-anonymity geo-obfuscation (a technique that hides exact user locations by grouping them with others) to keep user locations private, while using a greedy algorithm (an approach that makes quick decisions based on immediate benefits) to decide how to allocate computing resources efficiently.

IEEE Xplore (Security & AI Journals)
security
Dec 8, 2025

This research proposes a new framework for side-channel analysis (SCA, a type of attack that exploits physical information like power consumption or timing to break cryptography) by combining multiple different leakage models (ways of measuring how a cryptographic device leaks secrets) using ensemble learning (combining many weaker models into one stronger one). The framework improves how well attackers can recover secret keys by using deep learning with complementary information from different measurement approaches, and the authors prove mathematically that their ensemble model gets closer to the true secret distribution.

IEEE Xplore (Security & AI Journals)
safety
Dec 8, 2025

AI can now create extremely realistic fake images using generative adversarial networks (GANs, which generate images by having two competing neural networks work against each other) and diffusion models (AI systems that create images by gradually removing noise). While this technology has legitimate uses, it poses serious risks like spreading misinformation and creating fake profiles, and existing detection methods struggle to identify images from new, unseen generation models. This research proposes a detection method using language-guided contrastive learning (a technique where an AI learns to distinguish real from fake images by comparing them against text descriptions, helping it recognize synthetic images it hasn't encountered before).

IEEE Xplore (Security & AI Journals)

Fix: The fix checks whether the memory address comes from the vmalloc range, and if so, sets the VM_MIXEDMAP flag in the VMA (virtual memory area, a region of a process's memory) before mapping it. This allows the memory to be safely mapped without triggering a kernel crash.

NVD/CVE Database
NVD/CVE Database

Langflow versions up to 1.6.9 have a chained vulnerability that allows attackers to take over user accounts and run arbitrary code on the system. The flaw combines two misconfigurations: overly permissive CORS settings (CORS, or cross-origin resource sharing, allows webpages from different domains to access each other) that accept requests from any origin with credentials, and refresh token cookies (a token used to get new access credentials) set to SameSite=None, which allows a malicious webpage to steal valid tokens and impersonate a victim.

NVD/CVE Database

Fix: Update to version 2.41.0 or later, where this vulnerability is fixed.

NVD/CVE Database
security
Dec 5, 2025

SAGA is a tool that creates synthetic audit logs (detailed records of system activities) containing hidden Advanced Persistent Threats (APTs, which are long-term targeted cyberattacks) to help train and test detection systems. The tool mixes normal system activity logs with malicious activity based on known attack patterns from the MITRE ATT&CK framework (a database of real-world attack techniques), and researchers showed that machine learning models trained on these synthetic logs can identify new, previously unseen attack techniques.

IEEE Xplore (Security & AI Journals)
Dec 5, 2025

This article reviews AI-based methods for automatically identifying and outlining the prostate gland in medical images from multiple sources (CT scans, MRI, and ultrasound). The review explains that prostate segmentation, the process of precisely marking the prostate's boundaries in images, is difficult because medical images are imperfect and the prostate has complex internal structure, but machine learning tools are being developed to improve early detection of prostate cancer.

IEEE Xplore (Security & AI Journals)