#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #malware #cloud #breach #phishing #ransomware #zero-day #authentication
Articles tagged with: #attack-surface Clear filter
Quantifying Distributional Robustness of Agentic Tool-Selection

Quantifying Distributional Robustness of Agentic Tool-Selection

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.03992v1 Announce Type: new Abstract: Large language models (LLMs) are increasingly deployed in agentic systems where they map user intents to relevant external tools to fulfill a task. A critical step in this process is tool selection, where a retriever first surfaces candidate tools from a larger pool, after which the LLM selects the most appropriate one. This pipeline presents an underexplored attack surface where errors in selection can lead to severe outcomes like unauthorized...

#security-tools #incident #attack-surface #ai
Shrinking the Kernel Attack Surface Through Static and Dynamic Syscall Limitation

Shrinking the Kernel Attack Surface Through Static and Dynamic Syscall Limitation

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.03720v1 Announce Type: new Abstract: Linux Seccomp is widely used by the program developers and the system maintainers to secure the operating systems, which can block unused syscalls for different applications and containers to shrink the attack surface of the operating systems. However, it is difficult to configure the whitelist of a container or application without the help of program developers. Docker containers block about only 50 syscalls by default, and lots of unblocked...

#incident #attack-surface #docker #container
What Tools Would You Buy to Strengthen Overall SOC Capability?

What Tools Would You Buy to Strengthen Overall SOC Capability?

cybersecurity www.reddit.com

Hey everyone, Our security team is planning to invest in tools and platforms that can actually make a difference across the board. The goal is to move from being mostly reactive to becoming a more intelligence driven and proactive SOC. We want to strengthen areas like: • Threat intelligence collection and enrichment • Threat hunting and detection engineering • Incident response and digital forensics • External exposure and attack surface management • Automation and playbook maturity I'd love to...

#incident #detection-engineering #attack-surface #incident-response #threat-hunting
Has the Two-Decade-Old Prophecy Come True? Artificial Bad Intelligence Triggered by Merely a Single-Bit Flip in Large Language Models

Has the Two-Decade-Old Prophecy Come True? Artificial Bad Intelligence Triggered by Merely a Single-Bit Flip in Large Language Models

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.00490v1 Announce Type: new Abstract: Recently, Bit-Flip Attack (BFA) has garnered widespread attention for its ability to compromise software system integrity remotely through hardware fault injection. With the widespread distillation and deployment of large language models (LLMs) into single file .gguf formats, their weight spaces have become exposed to an unprecedented hardware attack surface. This paper is the first to systematically discover and validate the existence of...

#incident #attack-surface
2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising

2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions Rising

The Hacker News thehackernews.com

Bitdefender's 2025 Cybersecurity Assessment Report paints a sobering picture of today's cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and frontline teams, and a growing urgency to shrink the enterprise attack surface. The annual research combines insights from over 1,200 IT and security professionals across six countries, along with an

#incident #attack-surface
MobiLLM: An Agentic AI Framework for Closed-Loop Threat Mitigation in 6G Open RANs

MobiLLM: An Agentic AI Framework for Closed-Loop Threat Mitigation in 6G Open RANs

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.21634v1 Announce Type: new Abstract: The evolution toward 6G networks is being accelerated by the Open Radio Access Network (O-RAN) paradigm -- an open, interoperable architecture that enables intelligent, modular applications across public telecom and private enterprise domains. While this openness creates unprecedented opportunities for innovation, it also expands the attack surface, demanding resilient, low-cost, and autonomous security solutions. Legacy defenses remain largely...

#security-tools #incident #attack-surface
Hackers use Weaponized Microsoft Teams Installer to Compromise Systems With Oyster Malware

Hackers use Weaponized Microsoft Teams Installer to Compromise Systems With Oyster Malware

Cyber Security News cybersecuritynews.com

A sophisticated malvertising campaign is using fake Microsoft Teams installers to compromise corporate systems, leveraging poisoned search engine results and abused code-signing certificates to deliver the Oyster backdoor malware. The attack was neutralized by Microsoft Defender's Attack Surface Reduction (ASR) rules, which blocked the malware from establishing contact with its command-and-control server. The multi-stage attack

#incident #malware #attack-surface #code-signing
Salesforce AI Agent Vulnerability Allows Let Attackers Exfiltration Sensitive Data

Salesforce AI Agent Vulnerability Allows Let Attackers Exfiltration Sensitive Data

Cyber Security News cybersecuritynews.com

A critical vulnerability chain in Salesforce's Agentforce AI platform, which could have allowed external attackers to steal sensitive CRM data. The vulnerability, dubbed ForcedLeak by Noma Labs, which discovered it, carries a CVSS score of 9.4 and was executed through a sophisticated indirect prompt injection attack. This discovery highlights the expanded and fundamentally different attack surface presented

#security-tools #vulnerability #patch-management #incident #attack-surface
Jaguar Land Rover to be hit with £2billion bill because it was NOT insured against hacking

Jaguar Land Rover to be hit with £2billion bill because it was NOT insured against hacking

cybersecurity www.reddit.com

This Jaguar incident and the costs involved are blowing my mind. But I think the lack of cyber insurance isn't a justified stick to hit them with. In my dealings with cyber insurers, the larger the organisation and the larger the attack surface area, the harder it is to get cyber insurance. Speculation on my part, but I don't think anybody would actually insure them against a cyber attck. submitted by /u/Rsb418 [link] [comments]

#incident #attack-surface
RAG Security and Privacy: Formalizing the Threat Model and Attack Surface

RAG Security and Privacy: Formalizing the Threat Model and Attack Surface

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.20324v1 Announce Type: new Abstract: Retrieval-Augmented Generation (RAG) is an emerging approach in natural language processing that combines large language models (LLMs) with external document retrieval to produce more accurate and grounded responses. While RAG has shown strong potential in reducing hallucinations and improving factual consistency, it also introduces new privacy and security challenges that differ from those faced by traditional LLMs. Existing research has...

#incident #attack-surface
End-to-End Co-Simulation Testbed for Cybersecurity Research and Development in Intelligent Transportation Systems

End-to-End Co-Simulation Testbed for Cybersecurity Research and Development in Intelligent Transportation Systems

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.16489v1 Announce Type: new Abstract: Intelligent Transportation Systems (ITS) have been widely deployed across major metropolitan regions worldwide to improve roadway safety, optimize traffic flow, and reduce environmental impacts. These systems integrate advanced sensors, communication networks, and data analytics to enable real-time traffic monitoring, adaptive signal control, and predictive maintenance. However, such integration significantly broadens the ITS attack surface,...

#incident #attack-surface
KuppingerCole 2025: Why Thales is a Market Leader in API Security

KuppingerCole 2025: Why Thales is a Market Leader in API Security

Blog www.imperva.com

APIs are the backbone of modern applications connecting critical microservices and enabling enterprises to turn data into context-aware business logic via AI across their digital services. As applications become more contextual, APIs expose the data, workflows, and model interactions attackers target, making them the enterprise's primary attack surface. KuppingerCole's Leadership Compass: API Security & Management

#incident #attack-surface #api-security
Cuckoo Attack: Stealthy and Persistent Attacks Against AI-IDE

Cuckoo Attack: Stealthy and Persistent Attacks Against AI-IDE

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.15572v1 Announce Type: new Abstract: Modern AI-powered Integrated Development Environments (AI-IDEs) are increasingly defined by an Agent-centric architecture, where an LLM-powered Agent is deeply integrated to autonomously execute complex tasks. This tight integration, however, also introduces a new and critical attack surface. Attackers can exploit these components by injecting malicious instructions into untrusted external sources, effectively hijacking the Agent to perform...

#incident #exploit #attack-surface #ai
Hybrid Deep Learning-Federated Learning Powered Intrusion Detection System for IoT/5G Advanced Edge Computing Network

Hybrid Deep Learning-Federated Learning Powered Intrusion Detection System for IoT/5G Advanced Edge Computing Network

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.15555v1 Announce Type: new Abstract: The exponential expansion of IoT and 5G-Advanced applications has enlarged the attack surface for DDoS, malware, and zero-day intrusions. We propose an intrusion detection system that fuses a convolutional neural network (CNN), a bidirectional LSTM (BiLSTM), and an autoencoder (AE) bottleneck within a privacy-preserving federated learning (FL) framework. The CNN-BiLSTM branch captures local and gated cross-feature interactions, while the AE...

#incident #malware #zero-day #detection-engineering #attack-surface
Top 10 Best API Security Testing Tools in 2025

Top 10 Best API Security Testing Tools in 2025

Cyber Security News cybersecuritynews.com

In today's rapidly evolving digital landscape, APIs (Application Programming Interfaces) have become the backbone of online business, connecting services, and enabling new customer experiences. However, as the API footprint grows, so does the attack surface making robust API security testing a critical pillar of enterprise cyber defense in 2025. Whether you're a security analyst, DevSecOps

#incident #attack-surface #api-security #security-testing
Threats and Security Strategies for IoMT Infusion Pumps

Threats and Security Strategies for IoMT Infusion Pumps

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.14604v1 Announce Type: new Abstract: The integration of the Internet of Medical Things (IoMT) into healthcare systems has transformed patient care by enabling real-time monitoring, enhanced diagnostics, and enhanced operational efficiency. However, this increased connectivity has also expanded the attack surface for cybercriminals, raising significant cybersecurity and privacy concerns. This study focuses on the cybersecurity vulnerabilities of IoMT infusion pumps, which are critical...

#vulnerability #incident #attack-surface
What Gets Measured Gets Managed: Mitigating Supply Chain Attacks with a Link Integrity Management System

What Gets Measured Gets Managed: Mitigating Supply Chain Attacks with a Link Integrity Management System

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.14583v1 Announce Type: new Abstract: The web continues to grow, but dependency-monitoring tools and standards for resource integrity lag behind. Currently, there exists no robust method to verify the integrity of web resources, much less in a generalizable yet performant manner, and supply chains remain one of the most targeted parts of the attack surface of web applications. In this paper, we present the design of LiMS, a transparent system to bootstrap link integrity guarantees in...

#incident #supply-chain #attack-surface