The paper reframes manufacturing ransomware recovery from a simple backup restoration task to a complex critical-infrastructure continuity problem, proposing Minimum Viable Factory Recovery (MVF Recov…

RansomTrack introduces a hybrid behavioral analysis framework that combines static and dynamic feature extraction to achieve high-accuracy, low-latency, and explainable real-time ransomware detection.

This paper systematically evaluates modern security logging standards (CIM, OCSF, ECS) using a novel framework to quantify their detection efficacy across diverse exploit scenarios, revealing critical…

The paper proposes the Unified Compliance Aggregator (UCA), a framework that integrates multiple specialized security tools into a single, weighted composite score for automated system security assess…

This paper analyzes the proprietary file system of Honeywell video surveillance devices, demonstrating that video data can be successfully recovered even after deletion using three different methods:…

By analyzing over 27,000 posts from 325 public ransomware leak sites, this paper demonstrates that ransomware groups exhibit non-random, predictable operational regularities concerning victim concentr…

Branch Landing (BRL) is a novel forward-edge CFI framework for RISC-V that uses Bloom filters to overcome the source authorization limitations of existing hardware CFI, achieving low overhead for fine…

This paper analyzes RPKI specifications, demonstrating that vague or conflicting requirements in dozens of RFCs cause systemic vulnerabilities in real-world implementations, leading to 61 undocumented…

This paper addresses the lack of research on adversarial malware generation for Linux ELF binaries by developing a new semantic-preserving generator that achieves a high evasion rate against modern de…

The paper introduces ClawTrap, a MITM-based red-teaming framework, to evaluate the security robustness of web agents like OpenClaw against dynamic, real-world network attacks, finding that model stren…

The paper proposes a novel loader-centric verification framework that cryptographically enforces the authenticity of shared objects resolved by the dynamic linker, effectively preventing shared librar…

The paper introduces a novel record-and-replay detection mechanism to accurately detect the true avalanche effect in ransomware, achieving high accuracy against real-world samples.

The paper introduces a large, consensus-labeled prompt bank that reliably distinguishes between requests for executable malicious code and requests for harmful security knowledge, providing a standard…

The paper introduces an open-source security framework that significantly improves cloud infrastructure security assessment by unifying identity and resource data, reducing false positives, and automa…

This study conducts a large-scale longitudinal analysis of CodeQL, finding that while the tool is effective at detecting vulnerabilities, its detection capabilities are not guaranteed to be stable acr…

The paper proposes Fasco, a lightweight confidential container runtime utilizing ARM CCA to significantly reduce startup latency and resource overhead compared to existing microVM-based confidential c…

This paper argues that reporting only the best-case attack success rate for jailbreaks is insufficient, proposing new distributional metrics (VSM and UC) to better characterize the true threat posed b…

The paper conducts a preliminary safety evaluation of the open-weight LLM Kimi K2.5, finding that while it is highly capable, it exhibits concerning dual-use risks, particularly regarding CBRNE misuse…

The paper introduces BOUNDARY FLOW, an LLVM-based framework that enhances kernel fuzzing and analysis by extracting per-task, state-aware data-flow information (arguments and return values) at functio…

The paper evaluates frontier LLMs on cybersecurity tasks using dual-mode benchmarks and concludes that general-purpose models are insufficient, advocating for specialized, vertical foundation models.