All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Deep learning attacks have successfully cracked CAPTCHAs (automated tests that distinguish humans from bots) that use large character sets, especially those with alphabets from languages like Chinese. This paper proposes ACG (Adversarial Large Character Set CAPTCHA Generation), a framework that makes CAPTCHAs harder to attack by adding adversarial perturbations (intentional distortions that confuse AI recognition systems) through two modules: one that prevents character recognition and another that adds global visual noise, reducing attack success rates from 51.52% to 2.56%.
Fix: The paper proposes ACG (Adversarial Large Character Set CAPTCHA Generation) as a defense framework. According to the source, ACG uses 'a Fine-grained Generation Module, combining three novel strategies to prevent attackers from recognizing characters, and an Ensemble Generation Module to generate global perturbations in CAPTCHAs' to strengthen defense against recognition attacks and improve robustness against diverse detection architectures.
IEEE Xplore (Security & AI Journals)A bug in the Linux kernel's Habana Labs accelerator driver could cause a kernel crash when trying to map certain types of memory (specifically, memory allocated by dma_alloc_coherent, which is memory designed for direct hardware access) if IOMMU (input/output memory management unit, which controls how devices access system memory) is enabled. The kernel would crash because it tried to map vmalloc-backed memory (memory allocated from the virtual memory system) without the proper flags set.
A WordPress plugin called AI Autotagger with OpenAI has a security flaw called time-based blind SQL injection (a technique where attackers sneak extra database commands into legitimate queries by exploiting how the software processes user input) in versions up to 3.40.1. Attackers with contributor-level access or higher can use this flaw to steal sensitive data from the database, slow down the website, or extract information through time-delay tricks.
Frappe Learning Management System (LMS) had a vulnerability in versions before 2.41.0 where the server did not properly check user permissions, allowing low-privileged users like students to perform actions meant only for instructors or administrators by directly accessing the API (the interface that lets software communicate with other software). The flaw existed because permission checks only happened on the client side or in the user interface rather than on the server, which is easier to bypass.
Federated learning (a system where decentralized devices train a shared AI model together while keeping their data local) is vulnerable to poisoning attacks, where malicious participants inject false data to corrupt the final model. This paper proposes AdaptiveShield, a defense system that uses dynamic detection strategies to identify attackers, automatically adjusts its sensitivity thresholds to handle different attack types, reduces damage from missed attackers by adjusting hyperparameters (settings that control how the model learns), and hides user identities through a shuffling mechanism to protect privacy.
Fix: AdaptiveShield employs: (1) dynamic detection strategies that assess maliciousness and dynamically adjust detection thresholds to adapt to various attack scenarios; (2) dynamic hyperparameter adjustment to minimize negative impact from missed attackers and enhance robustness; and (3) a hierarchical shuffle mechanism to dissociate user identities from their uploaded local models, providing privacy protection.
IEEE Xplore (Security & AI Journals)This research proposes an AI-based system that uses deep learning and reinforcement learning (RL, a machine learning approach where an AI learns by receiving rewards for good decisions) to detect disease markers in exhaled breath by analyzing volatile organic compounds (VOCs, small carbon-based chemicals produced by the body). The system is designed to work well even with small datasets and aims to improve early disease detection, particularly for chronic kidney disease, through a noninvasive and cost-effective diagnostic method.
This research paper describes a method to improve emotion recognition using EEG (electroencephalography, a technology that measures electrical activity in the brain) by generating synthetic EEG data through a diffusion model (a type of AI that creates new data by gradually removing noise from random data). The proposed approach achieved up to 5.6% better accuracy in identifying emotions compared to traditional methods, helping address the problem of not having enough real EEG data for training these systems.
AI systems are valuable for cybersecurity because they can detect patterns and anomalies in large amounts of data, but attackers can exploit these same AI capabilities to launch sophisticated attacks. Adversarial learning (using AI to trick or attack other AI systems) works in two ways: attackers use techniques like data poisoning (corrupting training data) and test time evasion (fooling a trained model with specially crafted inputs) to compromise security systems, while defenders use adversarial training (teaching AI to resist such attacks) to protect against these threats. The source identifies gaps in current research, including a lack of real-world attack data and limited evaluation of AI solutions for network traffic analysis.
Spiking federated learning (FL, a distributed training method where multiple devices collaborate without sharing their private data) typically uses random selection to choose which devices contribute to the final model, but this ignores statistical heterogeneity (differences in data distribution across devices). This paper proposes SFedCA, a new strategy that assigns credits to devices based on their firing intensity (activity level in spiking neural networks, which use brain-inspired neurons that only activate when needed) before and after training, allowing better selection of devices whose data distributions match the overall model needs.
This research paper addresses generalized out-of-distribution detection (OOD detection, where an AI system identifies inputs that are very different from its training data), which is important for AI systems used in safety-critical applications. Rather than focusing on designing better scoring functions, the authors propose a new decision rule called the generalized Benjamini Hochberg procedure that uses hypothesis testing (a statistical method for making decisions about data) to determine whether an input is out-of-distribution, and they prove this method controls false positive rates better than traditional threshold-based approaches.
This paper presents Test-Time Correction (TTC), a system that helps autonomous vehicles fix detection errors while driving, rather than waiting for retraining. TTC uses an Online Adapter module with visual prompts (image-based descriptions of objects derived from feedback like mismatches or user clicks) to continuously correct mistakes in real-time, allowing vehicles to adapt to new situations and improve safety without stopping to retrain the system.
Researchers developed a new method for backdoor attacks (techniques that manipulate AI systems to behave in specific ways when exposed to hidden trigger patterns) that works better in real-world physical scenarios. The method, called VSSC triggers (Visible, Semantic, Sample-specific, and Compatible), uses large language models, generative models, and vision-language models in an automated pipeline to create stealthy triggers that can survive visual distortions and be deployed using real objects, making physical backdoor attacks more practical and systematic than manual methods.
Remote attestation (RA, the process of verifying that software running on a trusted computer processor is genuine and hasn't been tampered with) traditionally relies on a single central authority to verify trust, which creates security vulnerabilities. This paper introduces Janus, a new RA system that spreads trust across multiple parties using physical hardware features (PUF, or physically unclonable function, unique identifiers built into computer chips) and smart contracts (automated programs running on blockchain networks) to make the verification process more secure, flexible, and resistant to attacks.
Kubernetes (K8s, a system that manages containerized applications across multiple computers) has a vulnerability in how it handles container image downloads through the CRI-API (the interface between Kubernetes and container runtimes). Because Kubernetes cannot monitor the status of these downloads, attackers can exploit this to launch denial-of-service attacks that consume up to 95% of CPU usage and exhaust network and storage resources on worker nodes indefinitely.
Fix: The source proposes MAGI, an eBPF-based (a technology that allows low-level monitoring within the Linux kernel) proof-of-concept mitigation that detects and terminates potential attacks. However, the source notes that a permanent fix would require fundamental architectural changes to how Kubernetes and the CRI-API interact, which is not feasible in the short term.
IEEE Xplore (Security & AI Journals)This research paper presents KGEES, a system designed to reduce energy consumption in multi-access edge computing (MEC, a technology that brings servers closer to users for faster processing) while protecting user privacy. The system uses k-anonymity geo-obfuscation (a technique that hides exact user locations by grouping them with others) to keep user locations private, while using a greedy algorithm (an approach that makes quick decisions based on immediate benefits) to decide how to allocate computing resources efficiently.
This research proposes a new framework for side-channel analysis (SCA, a type of attack that exploits physical information like power consumption or timing to break cryptography) by combining multiple different leakage models (ways of measuring how a cryptographic device leaks secrets) using ensemble learning (combining many weaker models into one stronger one). The framework improves how well attackers can recover secret keys by using deep learning with complementary information from different measurement approaches, and the authors prove mathematically that their ensemble model gets closer to the true secret distribution.
AI can now create extremely realistic fake images using generative adversarial networks (GANs, which generate images by having two competing neural networks work against each other) and diffusion models (AI systems that create images by gradually removing noise). While this technology has legitimate uses, it poses serious risks like spreading misinformation and creating fake profiles, and existing detection methods struggle to identify images from new, unseen generation models. This research proposes a detection method using language-guided contrastive learning (a technique where an AI learns to distinguish real from fake images by comparing them against text descriptions, helping it recognize synthetic images it hasn't encountered before).
Fix: The fix checks whether the memory address comes from the vmalloc range, and if so, sets the VM_MIXEDMAP flag in the VMA (virtual memory area, a region of a process's memory) before mapping it. This allows the memory to be safely mapped without triggering a kernel crash.
NVD/CVE DatabaseLangflow versions up to 1.6.9 have a chained vulnerability that allows attackers to take over user accounts and run arbitrary code on the system. The flaw combines two misconfigurations: overly permissive CORS settings (CORS, or cross-origin resource sharing, allows webpages from different domains to access each other) that accept requests from any origin with credentials, and refresh token cookies (a token used to get new access credentials) set to SameSite=None, which allows a malicious webpage to steal valid tokens and impersonate a victim.
Fix: Update to version 2.41.0 or later, where this vulnerability is fixed.
NVD/CVE DatabaseSAGA is a tool that creates synthetic audit logs (detailed records of system activities) containing hidden Advanced Persistent Threats (APTs, which are long-term targeted cyberattacks) to help train and test detection systems. The tool mixes normal system activity logs with malicious activity based on known attack patterns from the MITRE ATT&CK framework (a database of real-world attack techniques), and researchers showed that machine learning models trained on these synthetic logs can identify new, previously unseen attack techniques.
This article reviews AI-based methods for automatically identifying and outlining the prostate gland in medical images from multiple sources (CT scans, MRI, and ultrasound). The review explains that prostate segmentation, the process of precisely marking the prostate's boundaries in images, is difficult because medical images are imperfect and the prostate has complex internal structure, but machine learning tools are being developed to improve early detection of prostate cancer.