CyberCane is a neuro-symbolic framework that enhances phishing detection by combining symbolic rule analysis with privacy-preserving RAG and formal ontology reasoning, achieving high recall against AI…

The paper empirically studies the security controls of top domain registrars for the .nl ccTLD, finding that while they implement effective measures, they lack advanced controls like proper two-factor…

The paper identifies and quantifies 'zombie linkages' in various DNS integrations, demonstrating that persistent, outdated mappings pose significant security risks across different naming ecosystems.

This study provides the first measurement of authentication security in real-world remote Model Context Protocol (MCP) servers, finding pervasive and critical authentication weaknesses, particularly i…

The paper introduces an end-to-end framework that not only detects network intrusions using deep learning but also generates actionable, citation-grounded mitigation reports using a Retrieval-Augmente…

This paper analyzes RPKI specifications, demonstrating that vague or conflicting requirements in dozens of RFCs cause systemic vulnerabilities in real-world implementations, leading to 61 undocumented…

The paper proposes HSTS-Enforced, a new web security model that flips the default connection from HTTP to HTTPS, eliminating TLS stripping attacks while allowing sites to opt out if they genuinely req…

The paper proposes a lightweight hybrid MLP framework that uses structural URL features to achieve highly accurate and computationally efficient real-time phishing URL detection, outperforming several…

The paper introduces GuardPhish, a large-scale dataset and evaluation framework, demonstrating that even high-performing open-source LLMs can generate actionable phishing content despite accurate inte…

This study provides a longitudinal analysis of dark web content, revealing that cybercrime discussions are dominated by a few persistent core topics rather than rapidly shifting themes.

This paper introduces a machine learning system that detects phishing emails by analyzing contextual features from the entire email body content, achieving 95.41% accuracy using Logistic Regression.

This paper demonstrates that visual phishing detectors can be completely bypassed by employing simple timing-based attacks that delay the rendering of key webpage elements.

This paper introduces a novel malware detection system for macOS by utilizing domain-specific static features, achieving state-of-the-art performance and demonstrating strong generalization capabiliti…

This paper develops an explainable and deployable machine learning system for highly accurate phishing detection across diverse, heterogeneous datasets, achieving up to 99.78% accuracy using transform…

The paper analyzes persistent TLS misconfigurations and introduces TLSGatekeeper, a high-performance, network-based tool that enforces security policies by monitoring TLS handshakes without requiring…

This study profiles user vulnerability to phishing by identifying key psychological and behavioral factors, revealing that most users are high-risk due to hasty decision-making rather than lacking tec…

This paper systematically analyzes the threat posed by malicious third-party API routers in the LLM supply chain, finding that a significant number of routers actively perform payload injection, crede…

This paper analyzes various attack vectors against FIDO2 passkeys, demonstrating that while sophisticated attacks are possible, the overall security posture significantly raises the bar compared to tr…

This study empirically demonstrates that even highly technical students struggle significantly with the long-term usability and security understanding of Mutual TLS (mTLS) client authentication, sugge…

PhishSigma++ is a novel entity-relation-based detector that improves malicious email detection by focusing on invariant functional relationships between typed entities, significantly outperforming tex…