This study evaluated a personality-conditional cybersecurity training system, TailoredSec, finding that routing content based on a user's Five-Factor Model (FFM) trait significantly improved post-trai…

This systematic literature review analyzes existing methods, models, and instruments for assessing human vulnerability in cybersecurity, concluding that current approaches are fragmented and lack a dy…

The study analyzes coding patterns in malware versus benign software, finding that malware code is optimized for quick evasion and secrecy rather than maintainability, though its metrics are not uniqu…

This study surveyed Icelandic organizations to find that human factors, such as poor training and culture, pose significant cybersecurity risks that often bypass technical controls.

The paper demonstrates that generative AI can automate and scale highly personalized, context-aware spear-phishing attacks using only public social media data, resulting in messages that are significa…

This study proposes a negotiation framework, using composite indices (RBTI and CATI), to explain how youth navigate competing privacy pressures when using smart voice assistants, finding that high usa…

The paper proposes ConGISATA, a continuous, gamified framework using embedded mobile sensors to enhance individual information security awareness by transforming passive risks into active learning opp…

This paper introduces FreakOut-LLM, demonstrating that emotional context, specifically stress, significantly compromises the safety alignment of large language models, increasing jailbreak susceptibil…

This paper argues that much of the existing research on Federated Learning (FL) security is based on idealized assumptions, and provides a practical evaluation framework showing that real-world attack…

The study analyzed TLS certificate and domain features in the Danish .dk namespace to distinguish phishing sites, concluding that while combined features are useful, no single attribute reliably ident…

The paper argues that despite the focus on risk, the cybersecurity profession is structurally trained as a threat-management discipline, leading to poor foundational risk reasoning among professionals…

The paper proposes MVRAF, a data-driven framework that quantifies vulnerability risk in large-scale cloud infrastructure by integrating multiple attack attributes and analyzing cumulative risk distrib…

The study finds exploratory evidence that gender moderates how youth perceive privacy risks and benefits, influencing their protective behavior when using smart voice assistants.

This paper uses Colonel Blotto game models, grounded in Routine Activity Theory, to determine the optimal allocation of defensive resources against social engineering attacks, providing data-driven de…

The study compared the cybersecurity risk assessment capabilities of five popular large language models (LLMs) against human experts, finding that LLMs consistently underestimated risks and require ma…

This paper introduces a machine learning system that detects phishing emails by analyzing contextual features from the entire email body content, achieving 95.41% accuracy using Logistic Regression.

This study empirically measures the consistency and success rate of autonomous LLM penetration testing across multiple services, finding statistically significant differences in exploitation capabilit…

This study empirically measures the consistency and effectiveness of autonomous LLM penetration testing across multiple services, finding statistically significant differences in exploitation rates am…

CyberCane is a neuro-symbolic framework that enhances phishing detection by combining symbolic rule analysis with privacy-preserving RAG and formal ontology reasoning, achieving high recall against AI…

The paper introduces PHTV-Scout, a novel framework that analyzes Douyin and Kwai data, revealing a high prevalence of potentially harmful teen videos, particularly CSE imagery, and demonstrating that…