By analyzing over 27,000 posts from 325 public ransomware leak sites, this paper demonstrates that ransomware groups exhibit non-random, predictable operational regularities concerning victim concentr…

The paper introduces STRIKE, a multi-dimensional structured taxonomy designed to provide a comprehensive and unified framework for classifying the rapidly evolving complexity of modern cybercrimes.

This survey proposes a proactive, lifecycle-based framework, utilizing the C5 Interaction Model, to detect emerging adversarial synthetic narratives generated by GenAI, moving beyond traditional react…

This survey proposes a proactive, lifecycle-based framework, utilizing the C5 Interaction Model, to detect emerging adversarial synthetic narratives generated by Generative AI, moving beyond tradition…

This study provides the first large-scale analysis of video piracy on Telegram, quantifying its massive financial impact and developing a resilient detection framework, Anti-RIP, to combat it.

The paper introduces TeleHunt, a comprehensive framework and tool that systematically evaluates various strategies for efficiently discovering cybercriminal communities operating on Telegram.

This paper provides the first longitudinal analysis of log-based detection rule evolution in public repositories, finding that rule changes reflect ongoing operational trade-offs rather than steady co…

This paper analyzes darknet traffic to characterize advanced, AI-assisted bot reconnaissance, finding that modern evasion techniques allow most bot traffic to bypass standard IDS thresholds.

The paper analyzes the real threat of GenAI in cybercrime, arguing that while high-end automation (Stand-Alone Complex) is possible, current adoption is low and primarily affects skilled actors, sugge…

This paper systematically analyzes 123 publications on anti-forensics to quantify techniques and attack vectors, identify research patterns, and propose directions for a more coherent and ethical unde…

This paper systematically measured web tracking across 20 popular AI chatbots, finding that a majority share both conversational content and user identity information with third parties.

This paper proposes the first web-focused threat model for agentic browsers, demonstrating that traditional web social engineering attacks can be amplified into dangerous, reproducible threats when ex…

This paper demonstrates that YARA rules, even when stripped of metadata, contain enough stylistic information to accurately infer the original source repository, author, and even the malware family.

The paper introduces the CAI Dataset, a massive, multi-terabyte corpus of real-world, hands-on cybersecurity LLM trajectories, designed to address the performance bottleneck caused by expert operator…

The paper introduces the Sovereign Context Protocol (SCP), an open-source, attribution-aware data access layer designed to standardize how Large Language Models (LLMs) connect to and track usage of hu…

The paper proposes a dynamic queueing framework that estimates an organization's cyber resources and attack surface dynamics by analyzing the timestamps of vulnerabilities and fixes, achieving high ac…

This paper provides a large-scale characterization of Telegram bots, revealing that while they serve useful functions like crowdsourcing, they are also extensively used for malicious activities such a…

This study profiles user vulnerability to phishing by identifying key psychological and behavioral factors, revealing that most users are high-risk due to hasty decision-making rather than lacking tec…

The paper introduces PHTV-Scout, a novel framework that analyzes Douyin and Kwai data, revealing a high prevalence of potentially harmful teen videos, particularly CSE imagery, and demonstrating that…

The paper identifies and quantifies 'zombie linkages' in various DNS integrations, demonstrating that persistent, outdated mappings pose significant security risks across different naming ecosystems.