cyberfeed.io — security news aggregator

Security Analysis and Threat Modeling of Research Management Applications [Extended Version]

cs.CR updates on arXiv.org • 2025-10-07 • arxiv.org

arXiv:2510.03407v1 Announce Type: new Abstract: Research management applications (RMA) are widely used in clinical research environments to collect, transmit, analyze, and store sensitive data. This data is so valuable making RMAs susceptible to security threats. This analysis, analyzes RMAs' security, focusing on Research Electronic Data Capture (REDCap) as an example. We explore the strengths and vulnerabilities within RMAs by evaluating the architecture, data flow, and security features. We...

#vulnerability #threat-modeling

EU CRA TM and RA

cybersecurity • 2025-09-29 • www.reddit.com

Any ideas regarding threat modeling, risk analysis, and applicable methodologies for CRA? submitted by /u/WeaknessBest6957 [link] [comments]

#threat-modeling

Building an AI threat modeling tool for early-stage SaaS - would love your feedback

cybersecurity • 2025-09-27 • www.reddit.com

submitted by /u/Infinite-Rice6288 [link] [comments]

#security-tools #threat-modeling

Threat Modeling for Enhancing Security of IoT Audio Classification Devices under a Secure Protocols Framework

cs.CR updates on arXiv.org • 2025-09-19 • arxiv.org

arXiv:2509.14657v1 Announce Type: new Abstract: The rapid proliferation of IoT nodes equipped with microphones and capable of performing on-device audio classification exposes highly sensitive data while operating under tight resource constraints. To protect against this, we present a defence-in-depth architecture comprising a security protocol that treats the edge device, cellular network and cloud backend as three separate trust domains, linked by TPM-based remote attestation and mutually...

#cloud #security-tools #threat-modeling #attestation

Appsec engineer Amazon

cybersecurity • 2025-09-18 • www.reddit.com

Hey guys ! I have un upcomping phone interview (1h) with Amazon for an Appsec engineer position, There is surely questions on LPs and secure code review, how about threat modeling is it possible to have it on phone screen? Thank you in advance ! submitted by /u/Rich-Inspection-5766 [link] [comments]

#threat-modeling

AegisShield: Democratizing Cyber Threat Modeling with Generative AI

cs.CR updates on arXiv.org • 2025-09-16 • arxiv.org

arXiv:2509.10482v1 Announce Type: new Abstract: The increasing sophistication of technology systems makes traditional threat modeling hard to scale, especially for small organizations with limited resources. This paper develops and evaluates AegisShield, a generative AI enhanced threat modeling tool that implements STRIDE and MITRE ATT&CK to automate threat generation and provide systematic assessments. By integrating real time threat intelligence from the National Vulnerability Database and...

#security-tools #vulnerability #patch-management #mitre-attack #threat-modeling

Tools for Threat Modelling

cybersecurity • 2025-09-16 • www.reddit.com

What tools do you recommend for Threat Modeling?Just anything you can draw dataflow diagrams or something specific, maybe with some automation for detecting threats? submitted by /u/pearlkele [link] [comments]

#threat-modeling

Threat Modeling Automation and TMaaC

cybersecurity • 2025-09-12 • www.reddit.com

Hi everyone. I am looking for a way to include Threat Modeling in the DevSecOps process. I don't exactly know what I am looking for so feel free to share your thaughts and opinions even if it's not about TMA. I have seen TMA tools like IriusRisk or Threat modeler and TMaaC tools like OWASP Paytm or TaaC-AI but they don't seems much used. Have you ever used them or considered using them? Is it useful or is it too difficult to create and mantain the architecture files? Are the outputs relevant?...

#threat-modeling

Information Inference Diagrams: Complementing Privacy and Security Analyses Beyond Data Flows

cs.CR updates on arXiv.org • 2025-09-12 • arxiv.org

arXiv:2405.08356v2 Announce Type: replace Abstract: This work introduces Information Inference Diagrams (I2Ds), a modeling framework aiming to complement existing approaches for privacy and security analysis of distributed systems. It is intended to support established threat modeling processes. Our approach is designed to be compatible with Data Flow Diagrams~(DFDs), which form the basis of many established techniques and tools. Unlike DFDs, I2Ds represent information propagation, going beyond...

#security-tools #threat-modeling

ThreatGPT: An Agentic AI Framework for Enhancing Public Safety through Threat Modeling

cs.CR updates on arXiv.org • 2025-09-09 • arxiv.org

arXiv:2509.05379v1 Announce Type: new Abstract: As our cities and communities become smarter, the systems that keep us safe, such as traffic control centers, emergency response networks, and public transportation, also become more complex. With this complexity comes a greater risk of security threats that can affect not just machines but real people's lives. To address this challenge, we present ThreatGPT, an agentic Artificial Intelligence (AI) assistant built to help people whether they are...

#security-tools #ai #threat-modeling

Is there a market for a solo cybersecurity consultant?

cybersecurity • 2025-08-28 • www.reddit.com

Hey, I'm tired of corporate, O have over a decade of experience at: Security design and code review, setup fuzzer, low-level security research on open source code projects etc. I want to start my own solo consultant service in which I will offer: 1. Threat modeling 2. Security design reviews 3. Security code reviews Any experience to share? submitted by /u/LeftAssociation1119 [link] [comments]

#fuzz #threat-modeling