ArXivCSExplorer
☆☆Bookmarks🏆RSSHow to UseFAQ
Built with and by Teycir Ben Soltane•
How to Use•FAQ•GitHub•arXiv.org•
Share:

~ similar to 2604.24085v1· 20 results

cs.CRRecentMay 13, 2026

Memory Forensics Techniques for Automated Detection and Analysis of Go Malware

Hala Ali, Andrew Case, Irfan Ahmed

The paper introduces a novel memory forensics framework to perform runtime analysis of Go malware, successfully recovering critical execution state and artifacts that are invisible to traditional stat…

View →
cs.CRRecentMay 26, 2026

The Fault in Our Drafts: Vulnerabilities in RPKI Specification and Software

Oliver Jacobsen, Tobias Kirsch, Haya Schulmann, Niklas Vogel +1 more

This paper analyzes RPKI specifications, demonstrating that vague or conflicting requirements in dozens of RFCs cause systemic vulnerabilities in real-world implementations, leading to 61 undocumented…

View →
cs.CRcs.SERecentMay 29, 2026

R+R: Reassessing Java Security API Misuse in Current LLMs: A Replication on JCA and JSSE APIs with External Security Knowledge

Tianhe Lu, Eric Spero, Sakuna Harinda Jayasundara, Robert Biddle +1 more

This paper replicates and extends a study on Java security API misuse in LLMs, finding that while newer models improve performance, the misuse risk persists and is significantly mitigated by external…

View →
cs.CRRecentMay 26, 2026

Batch Me If You Can: Coverage-guided RPKI Fuzzing at Scale

Haya Schulmann, Niklas Vogel

The paper introduces CAT, a novel coverage-guided fuzzing tool that overcomes the limitations of existing fuzzers for complex, multi-object cryptographic repositories like RPKI, leading to the discove…

View →
cs.CRRecentApr 1, 2026

Obfuscating Code Vulnerabilities against Static Analysis in JavaScript Code

Francesco Pagano, Lorenzo Pisu, Leonardo Regano, Davide Maiorca +2 more

This paper empirically demonstrates that current Static Application Security Testing (SAST) tools are fundamentally unreliable against common JavaScript obfuscation techniques, showing that obfuscatio…

View →
cs.CRcs.SEquant-phRecentApr 8, 2026

Broken Quantum: A Systematic Formal Verification Study of Security Vulnerabilities Across the Open-Source Quantum Computing Simulator Ecosystem

Dominik Blain

The paper presents Broken Quantum, a comprehensive formal security audit that identifies 547 security vulnerabilities across 45 open-source quantum computing simulators, revealing critical flaws in me…

View →
cs.SEcs.CRRecentApr 1, 2026

LibScan: Smart Contract Library Misuse Detection with Iterative Feedback and Static Verification

Yishun Wang, Wenkai Li, Xiaoqi Li, Zongwei Li +2 more

LibScan is an automated framework that detects eight categories of smart contract library misuse by combining LLM-based semantic reasoning with rule-based analysis, achieving 85.15% accuracy on real-w…

View →
cs.CRRecentJun 4, 2026

GCD: Garbled, Corrected, Demonstrandum -- Fixing and Proving Go's Extended GCD Implementation

Linard Arquint

This paper fixes two subtle bugs in Go's extended GCD implementation, which is critical for RSA key generation, and formally proves the correctness and termination of the corrected code.

View →
cs.CRcs.AIcs.SERecentApr 7, 2026

Broken by Default: A Formal Verification Study of Security Vulnerabilities in AI-Generated Code

Dominik Blain, Maxime Noiseux

This study formally verified 3,500 AI-generated code artifacts and found that a majority (55.8%) contain exploitable security vulnerabilities, regardless of the LLM used.

View →
cs.SEcs.CRRecentMar 27, 2026

A Large-scale Empirical Study on the Generalizability of Disclosed Java Library Vulnerability Exploits

Zirui Chen, Qi Zhan, Jiayuan Zhou, Xing Hu +2 more

This paper conducts a large-scale empirical study demonstrating that Java library exploits can accurately identify affected versions, achieving high recall and precision, and proposes strategies for e…

View →
cs.CRcs.SCcs.SERecentMay 5, 2026

From TinyGo to gc Compiler: Extending Zorya's Concolic Framework to Real-World Go Binaries

Karolina Gorna, Nicolas Iooss, Yannick Seurin, Rida Khatoun +1 more

The authors extend the concolic framework Zorya to analyze multi-threaded Go binaries compiled with the standard gc compiler, successfully detecting multiple real-world vulnerabilities.

View →
cs.CRcs.LGRecentMay 18, 2026

Learning to Look Benign: Targeted Evasion of Malware Detectors via API Import Injection

Juozas Dautartas, Olga Kurasova, Juozapas Rokas Čypas, Viktor Medvedev

The paper proposes a framework to intentionally evade malware detectors by adding a small number of benign API imports, successfully demonstrating targeted misclassification into a chosen benign categ…

View →
cs.CRcs.CLcs.CYRecentMay 8, 2026

SecureForge: Finding and Preventing Vulnerabilities in LLM-Generated Code via Prompt Optimization

Houjun Liu, Lisa Einstein, John Yang, Joachim Baumann +4 more

SecureForge is an automated pipeline that significantly reduces cybersecurity vulnerabilities in LLM-generated code by optimizing system prompts, achieving up to a 48% reduction in output vulnerabilit…

View →
cs.CRRecentMay 7, 2026

Beyond Collection: Measuring the Detection Efficacy of Modern Security Logging Standards

Ryan Holeman, John Hastings, Varghese Mathew Vaidyan

This paper systematically evaluates modern security logging standards (CIM, OCSF, ECS) using a novel framework to quantify their detection efficacy across diverse exploit scenarios, revealing critical…

View →
cs.CRcs.SERecentMar 31, 2026

When Labels Are Scarce: A Systematic Mapping of Label-Efficient Code Vulnerability Detection

Noor Khalal, Chakib Fettal, Lazhar Labiod, Mohamed Nadif

This systematic mapping survey reviews label-efficient approaches for code vulnerability detection, synthesizing five paradigm families and providing a decision guide to navigate trade-offs.

View →
cs.SEcs.AIcs.CRRecentApr 22, 2026

Towards Secure Logging: Characterizing and Benchmarking Logging Code Security Issues with LLMs

He Yang Yuan, Xin Wang, Kundi Yao, An Ran Chen +2 more

The paper characterizes logging code security issues and benchmarks LLMs, finding that while LLMs can moderately detect these issues, they struggle significantly with reliably generating correct code…

View →
cs.CRRecentApr 5, 2026

Semantics Over Syntax: Uncovering Pre-Authentication 5G Baseband Vulnerabilities

Qiqing Huang, Xingyu Wang, Wanda Guo, Guofei Gu +1 more

The paper introduces Constraint-Guided Semantic Testing (ConSeT), a novel framework that systematically finds critical, pre-authentication vulnerabilities in 5G User Equipment (UE) by exploiting seman…

View →
cs.SEcs.CRRecentMay 21, 2026

Finding Missing Input Validation in TEEs via LLM-Assisted Symbolic Execution

Chengyan Ma, Jieke Shi, Ruidong Han, Ye Liu +2 more

The paper introduces SymTEE, an LLM-assisted symbolic execution framework that detects missing input validation vulnerabilities in TEE applications without needing complex, real TEE setups.

View →
cs.CRRecentApr 12, 2026

Analyzing Vector Register Usage in Linux Packages to Understand Real-World Impact of Downfall Attack

Yohei Harata, Soramichi Akiyama

This paper analyzes vector register usage across thousands of Linux packages to determine the real-world impact of the Downfall side-channel attack, finding that over 60% of packages use vector regist…

View →
cs.CRcs.SERecentApr 29, 2026

An Empirical Security Evaluation of LLM-Generated Cryptographic Rust Code

Mohamed Elsayed, Kenneth Fulton, Jeong Yang

This study empirically evaluates the cryptographic security of LLM-generated Rust code, finding that while general analysis tools are insufficient, a custom crypto-specific analyzer successfully ident…

View →