Tootfinder

Temporal Logic-Based Multi-Vehicle Backdoor Attacks against Offline RL Agents in End-to-end Autonomous Driving
Xuan Chen, Shiwei Feng, Zikang Xiong, Shengwei An, Yunshu Mao, Lu Yan, Guanhong Tao, Wenbo Guo, Xiangyu Zhang
https://arxiv.org/abs/2509.16950

Temporal Logic-Based Multi-Vehicle Backdoor Attacks against Offline RL Agents in End-to-end Autonomous Driving
Assessing the safety of autonomous driving (AD) systems against security threats, particularly backdoor attacks, is a stepping stone for real-world deployment. However, existing works mainly focus on pixel-level triggers that are impractical to deploy in the real world. We address this gap by introducing a novel backdoor attack against the end-to-end AD systems that leverage one or more other vehicles' trajectories as triggers. To generate precise trigger trajectories, we first use temporal log…

Inverting Trojans in LLMs
Zhengxing Li, Guangmingmei Yang, Jayaram Raghuram, David J. Miller, George Kesidis
https://arxiv.org/abs/2509.16203 https://arxiv…

Inverting Trojans in LLMs
While effective backdoor detection and inversion schemes have been developed for AIs used e.g. for images, there are challenges in "porting" these methods to LLMs. First, the LLM input space is discrete, which precludes gradient-based search over this space, central to many backdoor inversion methods. Second, there are ~30,000^k k-tuples to consider, k the token-length of a putative trigger. Third, for LLMs there is the need to blacklist tokens that have strong marginal associations with the pu…

BadFU: Backdoor Federated Learning through Adversarial Machine Unlearning
Bingguang Lu, Hongsheng Hu, Yuantian Miao, Shaleeza Sohail, Chaoxiang He, Shuo Wang, Xiao Chen
https://arxiv.org/abs/2508.15541

BadFU: Backdoor Federated Learning through Adversarial Machine Unlearning
Federated learning (FL) has been widely adopted as a decentralized training paradigm that enables multiple clients to collaboratively learn a shared model without exposing their local data. As concerns over data privacy and regulatory compliance grow, machine unlearning, which aims to remove the influence of specific data from trained models, has become increasingly important in the federated setting to meet legal, ethical, or user-driven demands. However, integrating unlearning into FL introdu…

I have zero doubt that Israel and Russia currently have a backdoor into our intelligence community’s cyber infrastructure through Palantir and Pegasus.
https://www.politico.com/news/2025/08/20/gabbard-odni-cuts-00517232

US-Geheimdienstchefin: Großbritannien will doch keine Hintertür für Apple-User
Laut Angaben der amerikanischen Geheimdienstkoordinatorin Tulsi Gabbard gibt es einen "Deal" mit London. Dort wollte man eine weltweite iCloud-Backdoor.

Sources: the UK may backtrack on its January order for Apple to create a backdoor for iCloud encrypted data after pressure from US officials, including JD Vance (Financial Times)
https://www.ft.com/content/3a3e6dbc-591d-4087-9ad3-11af04f0176f

Backdooring Self-Supervised Contrastive Learning by Noisy Alignment
Tuo Chen, Jie Gui, Minjing Dong, Ju Jia, Lanting Fang, Jian Liu
https://arxiv.org/abs/2508.14015 https://

Backdooring Self-Supervised Contrastive Learning by Noisy Alignment
Self-supervised contrastive learning (CL) effectively learns transferable representations from unlabeled data containing images or image-text pairs but suffers vulnerability to data poisoning backdoor attacks (DPCLs). An adversary can inject poisoned images into pretraining datasets, causing compromised CL encoders to exhibit targeted misbehavior in downstream tasks. Existing DPCLs, however, achieve limited efficacy due to their dependence on fragile implicit co-occurrence between backdoor and …

Localizing Malicious Outputs from CodeLLM
Mayukh Borana, Junyi Liang, Sai Sathiesh Rajan, Sudipta Chattopadhyay
https://arxiv.org/abs/2509.17070 https://ar…

Localizing Malicious Outputs from CodeLLM
We introduce FreqRank, a mutation-based defense to localize malicious components in LLM outputs and their corresponding backdoor triggers. FreqRank assumes that the malicious sub-string(s) consistently appear in outputs for triggered inputs and uses a frequency-based ranking system to identify them. Our ranking system then leverages this knowledge to localize the backdoor triggers present in the inputs. We create nine malicious models through fine-tuning or custom instructions for three downstr…

DOPA: Stealthy and Generalizable Backdoor Attacks from a Single Client under Challenging Federated Constraints
Xuezheng Qin, Ruwei Huang, Xiaolong Tang, Feng Li
https://arxiv.org/abs/2508.14530

DOPA: Stealthy and Generalizable Backdoor Attacks from a Single Client under Challenging Federated Constraints
Federated Learning (FL) is increasingly adopted for privacy-preserving collaborative training, but its decentralized nature makes it particularly susceptible to backdoor attacks. Existing attack methods, however, often rely on idealized assumptions and fail to remain effective under real-world constraints, such as limited attacker control, non-IID data distributions, and the presence of diverse defense mechanisms. To address this gap, we propose DOPA (Divergent Optimization Path Attack), a nove…

This story is cute: A malicious "Solidity" (that's the smart contract language Ethereum and other blockchains use) extension for Cursor, the Vibe-Coding Editor included code that steals your tokens/coins.
I find it funny for two reasons:
- Blockchainers love talking about how you need to verify things you interact with but someone wasn't checking if they have the right extension
- Programming smart contracts is hard because it's a massively hostile envir…

Code highlighting with Cursor AI for $500,000
Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer.

CLIP-Guided Backdoor Defense through Entropy-Based Poisoned Dataset Separation
Binyan Xu, Fan Yang, Xilin Dai, Di Tang, Kehuan Zhang
https://arxiv.org/abs/2507.05113

CLIP-Guided Backdoor Defense through Entropy-Based Poisoned Dataset Separation
Deep Neural Networks (DNNs) are susceptible to backdoor attacks, where adversaries poison training data to implant backdoor into the victim model. Current backdoor defenses on poisoned data often suffer from high computational costs or low effectiveness against advanced attacks like clean-label and clean-image backdoors. To address them, we introduce CLIP-Guided backdoor Defense (CGD), an efficient and effective method that mitigates various backdoor attacks. CGD utilizes a publicly accessible …

US DNI Tulsi Gabbard says the UK has agreed to drop its mandate requiring Apple to provide a backdoor for accessing users' encrypted data (Kanishka Singh/Reuters)
https://www.reuters.com/sustainability/boa

I'll gonna take some time today to personalize the message and send out emails from my own account to hopefully ditch filtering on the target side and make my voice heard. Allowing chat control does not only put privacy and democracy in danger. At times of constant digital attacks from rogue states like Russia, the US, North Korea and China etc. it should be obvious that having weak encryption and standard backdoor access to secure communications channels is an invitation for any malici…

Fight Chat Control (@chatcontrol@mastodon.social)
Angehängt: 1 Bild Germany's position has been reverted to UNDECIDED. Despite expressing concerns about breaking end-to-end encryption, Germany refrained from taking a definitive stance on the Chat Control proposal during the September 12th LEWP meeting. A willingness to negotiate and compromise remains. This is an unfortunate development as Germany is crucial to defeating Chat Control. Please make your voices heard! https://fightchatcontrol.eu/ Source: https://netzpolitik.org/2025/chatko…

VisualTrap: A Stealthy Backdoor Attack on GUI Agents via Visual Grounding Manipulation
Ziang Ye, Yang Zhang, Wentao Shi, Xiaoyu You, Fuli Feng, Tat-Seng Chua
https://arxiv.org/abs/2507.06899

VisualTrap: A Stealthy Backdoor Attack on GUI Agents via Visual Grounding Manipulation
Graphical User Interface (GUI) agents powered by Large Vision-Language Models (LVLMs) have emerged as a revolutionary approach to automating human-machine interactions, capable of autonomously operating personal devices (e.g., mobile phones) or applications within the device to perform complex real-world tasks in a human-like manner. However, their close integration with personal devices raises significant security concerns, with many threats, including backdoor attacks, remaining largely unexp…

Multi-Target Backdoor Attacks Against Speaker Recognition
Alexandrine Fortier, Sonal Joshi, Thomas Thebaud, Jesus Villalba Lopez, Najim Dehak, Patrick Cardinal
https://arxiv.org/abs/2508.08559

Multi-Target Backdoor Attacks Against Speaker Recognition
In this work, we propose a multi-target backdoor attack against speaker identification using position-independent clicking sounds as triggers. Unlike previous single-target approaches, our method targets up to 50 speakers simultaneously, achieving success rates of up to 95.04%. To simulate more realistic attack conditions, we vary the signal-to-noise ratio between speech and trigger, demonstrating a trade-off between stealth and effectiveness. We further extend the attack to the speaker verific…

Google spots tailored backdoor malware aimed at SonicWall appliances https://therecord.media/sonicwall-sma-100-series-overstep-malware-unc6148

Why use a URL shortener when you can use a phishy URL extender?
#infosec

»Forscher warnen – Bisher unbekannte Linux-Malware ist seit Monaten aktiv:
Die Malware verfügt über ausgeklügelte Verschleierungstechniken. Bis zuletzt wurde sie von keiner Antivirensoftware auf Virustotal erkannt«
Betroffen müssen deswegen nicht alle Linuxmaschinen sein aber überprüfen sollte mensch es schon… bis später und AntVir nutze ich nicht - wer schon?
P.S. Jegliche IT-Systeme könnten betroffen sein.
🐧

Forscher warnen: Bisher unbekannte Linux-Backdoor ist seit Monaten aktiv - Golem.de
Die Malware verfügt über ausgeklügelte Verschleierungstechniken. Bis zuletzt wurde sie von keiner Antivirensoftware auf Virustotal erkannt.

Replaced article(s) found for cs.CR. https://arxiv.org/list/cs.CR/new
[2/2]:
- Rethinking Backdoor Detection Evaluation for Language Models
Jun Yan, Wenjie Jacky Mo, Xiang Ren, Robin Jia

@… Here this combines two of your favourite things: https://securelist.com/open-source-package-for-cur…

Code highlighting with Cursor AI for $500,000
Kaspersky GReAT experts uncover malicious extensions for Cursor AI that download the Quasar backdoor and a crypto stealer.

Do the EU Members who want #chatcontrol for everybody (but politicians) realize that once a backdoor is in, it's in for everybody?
That it will be used by "good" and bad guys? That it will be used against real criminals and people who happen to have the wrong sort of face?
Most importantly (for them), do they understand their friends etc will not be even nominally e…

Hybrid Reputation Aggregation: A Robust Defense Mechanism for Adversarial Federated Learning in 5G and Edge Network Environments
Saeid Sheikhi, Panos Kostakos, Lauri Loven
https://arxiv.org/abs/2509.18044

Hybrid Reputation Aggregation: A Robust Defense Mechanism for Adversarial Federated Learning in 5G and Edge Network Environments
Federated Learning (FL) in 5G and edge network environments face severe security threats from adversarial clients. Malicious participants can perform label flipping, inject backdoor triggers, or launch Sybil attacks to corrupt the global model. This paper introduces Hybrid Reputation Aggregation (HRA), a novel robust aggregation mechanism designed to defend against diverse adversarial behaviors in FL without prior knowledge of the attack type. HRA combines geometric anomaly detection with momen…

Partial Functional Dynamic Backdoor Diffusion-based Causal Model
Xinwen Liu, Lei Qian, Song Xi Chen, Niansheng Tang
https://arxiv.org/abs/2509.00472 https://

Partial Functional Dynamic Backdoor Diffusion-based Causal Model
We introduce a Partial Functional Dynamic Backdoor Diffusion-based Causal Model (PFD-BDCM), specifically designed for causal inference in the presence of unmeasured confounders with spatial heterogeneity and temporal dependency. The proposed PFD-BDCM framework addresses the restrictions of the existing approaches by uniquely integrating models for complex spatio-temporal dynamics with the analysis of multi-resolution variables. Specifically, the framework systematically mitigates confounding bi…

Stay alert and check out today's Metacurity for the critical infosec developments you should know, including
--Minnesota's Walz mobilizes National Guard to help with St. Paul cyberattack,
--Tea suspends direct messaging and gets hit with class actions over breach,
--CISA to release Wyden-demanded report to unblock Plankey nomination,
--Google has not received UK backdoor demand,
--Orange breach triggers minor disruptions,
--Palo Alto to buy CyberAr…

Minnesota's Walz mobilizes National Guard to help with St. Paul cyberattack
Tea suspends direct messaging and gets hit with class actions over breach, CISA to release Wyden-demanded report to unblock Plankey nomination, Google has not received UK backdoor demand, Orange breach triggers minor disruptions, Palo Alto to buy CyberArk for $25m, much more

BVQC: A Backdoor-style Watermarking Scheme for Variational Quantum Circuits
Cheng Chu, Lei Jiang, Fan Chen
https://arxiv.org/abs/2508.01893 https://arxiv.o…

BVQC: A Backdoor-style Watermarking Scheme for Variational Quantum Circuits
Variational Quantum Circuits (VQCs) have emerged as a powerful quantum computing paradigm, demonstrating a scaling advantage for problems intractable for classical computation. As VQCs require substantial resources and specialized expertise for their design, they represent significant intellectual properties (IPs). However, existing quantum circuit watermarking techniques suffer from two primary drawbacks: (1) watermarks can be removed during re-compilation of the circuits, and (2) these method…

Google says threat actors are stealing sensitive data from organizations by targeting fully patched, end-of-life appliances from cybersecurity company SonicWall (Jonathan Greig/The Record)
https://therecord.media/sonicwall-sma-100-series-overstep-malware-unc6148

Google spots tailored backdoor malware aimed at SonicWall appliances
Google researchers reported on a malware campaign against end-of-life SonicWall appliances, noting that the attackers were good at covering their tracks.

A very NYTimesian euphemism: "Trump May Not Be Done Overhauling Renewable Energy."
The story goes on with words like hamstring, backdoor cancellation, and sledgehammer, but meanwhile, the headline has done its work..https://www.

Thought Purity: Defense Paradigm For Chain-of-Thought Attack
Zihao Xue, Zhen Bi, Long Ma, Zhenlin Hu, Yan Wang, Zhenfang Liu, Qing Sheng, Jie Xiao, Jungang Lou
https://arxiv.org/abs/2507.12314

Thought Purity: Defense Paradigm For Chain-of-Thought Attack
While reinforcement learning-trained Large Reasoning Models (LRMs, e.g., Deepseek-R1) demonstrate advanced reasoning capabilities in the evolving Large Language Models (LLMs) domain, their susceptibility to security threats remains a critical vulnerability. This weakness is particularly evident in Chain-of-Thought (CoT) generation processes, where adversarial methods like backdoor prompt attacks can systematically subvert the model's core reasoning mechanisms. The emerging Chain-of-Thought Atta…

Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?
Ruby Nealon
https://arxiv.org/abs/2508.13453 https://arxiv.org/p…

Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?
In February 2024, after building trust over two years with project maintainers by making a significant volume of legitimate contributions, GitHub user "JiaT75" self-merged a version of the XZ Utils project containing a highly sophisticated, well-disguised backdoor targeting sshd processes running on systems with the backdoored package installed. A month later, this package began to be distributed with popular Linux distributions until a Microsoft employee discovered the backdoor while investiga…

Sealing The Backdoor: Unlearning Adversarial Text Triggers In Diffusion Models Using Knowledge Distillation
Ashwath Vaithinathan Aravindan, Abha Jha, Matthew Salaway, Atharva Sandeep Bhide, Duygu Nur Yaldiz
https://arxiv.org/abs/2508.18235

Sealing The Backdoor: Unlearning Adversarial Text Triggers In Diffusion Models Using Knowledge Distillation
Text-to-image diffusion models have revolutionized generative AI, but their vulnerability to backdoor attacks poses significant security risks. Adversaries can inject imperceptible textual triggers into training data, causing models to generate manipulated outputs. Although text-based backdoor defenses in classification models are well-explored, generative models lack effective mitigation techniques against. We address this by selectively erasing the model's learned associations between adversa…

The registry keys referenced in this article are good things to check for in your environment. There aren’t many legitimate uses for macros and VBA in Outlook and you should ensure that functionality is disabled and stays that way.
#cybersecurity
From: @…

3S-Attack: Spatial, Spectral and Semantic Invisible Backdoor Attack Against DNN Models
Jianyao Yin, Luca Arnaboldi, Honglong Chen, Pascal Berrang
https://arxiv.org/abs/2507.10733 …

3S-Attack: Spatial, Spectral and Semantic Invisible Backdoor Attack Against DNN Models
Backdoor attacks involve either poisoning the training data or directly modifying the model in order to implant a hidden behavior, that causes the model to misclassify inputs when a specific trigger is present. During inference, the model maintains high accuracy on benign samples but misclassifies poisoned samples into an attacker-specified target class. Existing research on backdoor attacks has explored developing triggers in the spatial, spectral (frequency), and semantic (feature) domains, a…

„Der Auslöser zum Aktivieren der Backdoor in Gayfemboy ist die Zeichenkette "meowmeow".“
https://www.heise.de/news/Mirai-basierte-Botnet-Kampagne-Gayfemboy-auch-in-Deutschland-aktiv-10607344.html

Mirai-basierte Botnet-Kampagne "Gayfemboy" auch in Deutschland aktiv
IT-Forscher von Fortinet beobachten ein IoT-Botnet, das auf "Mirai" basiert und "Gayfemboy" genannt wird. Es versteckt sich gut.

Each week, Metacurity offers our free and paid subscribers a digest of the best long-form (and longish) infosec-related pieces we couldn't properly fit into our daily news crush.
This week's selection covers
--N. Korea's IT worker scheme ensnared a troubled woman,
--Iran is harvesting millions of airline passengers' data,
--Myanmar is isolated in its digital tyranny,
--Pushing the UK to abandon its encryption backdoor,
--The racist hacker …

Best infosec-related long reads for the week of 7/19/25
N. Korea's IT worker scheme ensnared a troubled woman, Iran is harvesting millions of airline passengers' data, Myanmar is isolated in its digital tyranny, Pushing the UK to abandon its encryption backdoor, The racist hacker attacking universities, Making quantum cryptography stronger

Malaysia reins in data center expansion amid power and water shortages, hindering Chinese companies that use the region as a backdoor to access US-made AI chips (Reuters)
https://www.reuters.com/world/china/malaysia-reins-d…

Replaced article(s) found for cs.AI. https://arxiv.org/list/cs.AI/new
[5/5]:
- BadPromptFL: A Novel Backdoor Threat to Prompt-based Federated Learning in Multimodal Models
Maozhen Zhang, Mengnan Zhao, Bo Wang

Prototype-Guided Robust Learning against Backdoor Attacks
Wei Guo, Maura Pintor, Ambra Demontis, Battista Biggio
https://arxiv.org/abs/2509.08748 https://a…

Prototype-Guided Robust Learning against Backdoor Attacks
Backdoor attacks poison the training data to embed a backdoor in the model, causing it to behave normally on legitimate inputs but maliciously when specific trigger signals appear. Training a benign model from a dataset poisoned by backdoor attacks is challenging. Existing works rely on various assumptions and can only defend against backdoor attacks with specific trigger signals, high poisoning ratios, or when the defender possesses a large, untainted, validation dataset. In this paper, we pro…

Backdoor Attacks on Deep Learning Face Detection
Quentin Le Roux, Yannick Teglia, Teddy Furon, Philippe Loubet-Moundi
https://arxiv.org/abs/2508.00620 https://

Backdoor Attacks on Deep Learning Face Detection
Face Recognition Systems that operate in unconstrained environments capture images under varying conditions,such as inconsistent lighting, or diverse face poses. These challenges require including a Face Detection module that regresses bounding boxes and landmark coordinates for proper Face Alignment. This paper shows the effectiveness of Object Generation Attacks on Face Detection, dubbed Face Generation Attacks, and demonstrates for the first time a Landmark Shift Attack that backdoors the co…

Silent Until Sparse: Backdoor Attacks on Semi-Structured Sparsity
Wei Guo, Maura Pintor, Ambra Demontis, Battista Biggio
https://arxiv.org/abs/2509.08747 https://

Silent Until Sparse: Backdoor Attacks on Semi-Structured Sparsity
In the deployment phase, semi-structured sparsity accelerates the execution of deep neural networks on modern GPUs via sparse matrix multiplication. In this paper, targeting the semi-structured sparsity, we introduce a Silent Until Sparse (SUS) backdoor attack, where the released full model remains silent (benign), but becomes a backdoored model after sparsification. The attack operates in two phases: (i) in the backdoor training phase, the backdoor functionality is injected into specific weigh…

Lethe: Purifying Backdoored Large Language Models with Knowledge Dilution
Chen Chen, Yuchen Sun, Jiaxin Gao, Xueluan Gong, Qian Wang, Ziyao Wang, Yongsen Zheng, Kwok-Yan Lam
https://arxiv.org/abs/2508.21004

Lethe: Purifying Backdoored Large Language Models with Knowledge Dilution
Large language models (LLMs) have seen significant advancements, achieving superior performance in various Natural Language Processing (NLP) tasks. However, they remain vulnerable to backdoor attacks, where models behave normally for standard queries but generate harmful responses or unintended output when specific triggers are activated. Existing backdoor defenses either lack comprehensiveness, focusing on narrow trigger settings, detection-only mechanisms, and limited domains, or fail to with…

Hidden in the Noise: Unveiling Backdoors in Audio LLMs Alignment through Latent Acoustic Pattern Triggers
Liang Lin, Miao Yu, Kaiwen Luo, Yibo Zhang, Lilan Peng, Dexian Wang, Xuehai Tang, Yuanhe Zhang, Xikang Yang, Zhenhong Zhou, Kun Wang, Yang Liu
https://arxiv.org/abs/2508.02175

Hidden in the Noise: Unveiling Backdoors in Audio LLMs Alignment through Latent Acoustic Pattern Triggers
As Audio Large Language Models (ALLMs) emerge as powerful tools for speech processing, their safety implications demand urgent attention. While considerable research has explored textual and vision safety, audio's distinct characteristics present significant challenges. This paper first investigates: Is ALLM vulnerable to backdoor attacks exploiting acoustic triggers? In response to this issue, we introduce Hidden in the Noise (HIN), a novel backdoor attack framework designed to exploit subtle,…

#Facebook is very very bad. https://www.businesstoday.in/technology/news/story/how-facebook-t…

Coward: Toward Practical Proactive Federated Backdoor Defense via Collision-based Watermark
Wenjie Li, Siying Gu, Yiming Li, Kangjie Chen, Zhili Chen, Tianwei Zhang, Shu-Tao Xia, Dacheng Tao
https://arxiv.org/abs/2508.02115

Coward: Toward Practical Proactive Federated Backdoor Defense via Collision-based Watermark
Backdoor detection is currently the mainstream defense against backdoor attacks in federated learning (FL), where malicious clients upload poisoned updates that compromise the global model and undermine the reliability of FL deployments. Existing backdoor detection techniques fall into two categories, including passive and proactive ones, depending on whether the server proactively modifies the global model. However, both have inherent limitations in practice: passive defenses are vulnerable to…

SLIP: Soft Label Mechanism and Key-Extraction-Guided CoT-based Defense Against Instruction Backdoor in APIs
Zhengxian Wu, Juan Wen, Wanli Peng, Haowei Chang, Yinghan Zhou, Yiming Xue
https://arxiv.org/abs/2508.06153

SLIP: Soft Label Mechanism and Key-Extraction-Guided CoT-based Defense Against Instruction Backdoor in APIs
With the development of customized large language model (LLM) agents, a new threat of black-box backdoor attacks has emerged, where malicious instructions are injected into hidden system prompts. These attacks easily bypass existing defenses that rely on white-box access, posing a serious security challenge. To address this, we propose SLIP, a Soft Label mechanism and key-extraction-guided CoT-based defense against Instruction backdoors in APIs. SLIP is designed based on two key insights. First…

BadTime: An Effective Backdoor Attack on Multivariate Long-Term Time Series Forecasting
Kunlan Xiang, Haomiao Yang, Meng Hao, Haoxin Wang, Shaofeng Li, Wenbo Jiang
https://arxiv.org/abs/2508.04189

BadTime: An Effective Backdoor Attack on Multivariate Long-Term Time Series Forecasting
Multivariate Long-Term Time Series Forecasting (MLTSF) models are increasingly deployed in critical domains such as climate, finance, and transportation. Although a variety of powerful MLTSF models have been proposed to improve predictive performance, the robustness of MLTSF models against malicious backdoor attacks remains entirely unexplored, which is crucial to ensuring their reliable and trustworthy deployment. To address this gap, we conduct an in-depth study on backdoor attacks against ML…

Friendly reminder, it takes place today. #EU #Methan-Backdoor #Fracking #LNG. @…

Videokonferenzen, Web-Konferenzen, Webinare, Bildschirmfreigabe
Zoom ist Marktführer bei der modernen Videokommunikation für Unternehmen und bietet eine einfache, zuverlässige Cloud-Plattform für Video- und Audiokonferenzen, Chats und Webinare über Mobil-, Desktop- und Raumsysteme. Zoom Rooms ist die ursprüngliche softwarebasierte Konferenzraumlösung, die überall bei Vorstands-, Konferenz-, Besprechungs-, Versammlungs- und Schulungsräumen sowie in Vorstandsbüros und Klassenzimmern zum Einsatz kommt. Zoom wurde 2011 gegründet und führt Firmenabte…

BDFirewall: Towards Effective and Expeditiously Black-Box Backdoor Defense in MLaaS
Ye Li, Chengcheng Zhu, Yanchao Zhao, Jiale Zhang
https://arxiv.org/abs/2508.03307 https://

BDFirewall: Towards Effective and Expeditiously Black-Box Backdoor Defense in MLaaS
In this paper, we endeavor to address the challenges of backdoor attacks countermeasures in black-box scenarios, thereby fortifying the security of inference under MLaaS. We first categorize backdoor triggers from a new perspective, i.e., their impact on the patched area, and divide them into: high-visibility triggers (HVT), semi-visibility triggers (SVT), and low-visibility triggers (LVT). Based on this classification, we propose a progressive defense framework, BDFirewall, that removes these …

BadBlocks: Low-Cost and Stealthy Backdoor Attacks Tailored for Text-to-Image Diffusion Models
Yu Pan, Jiahao Chen, Lin Wang, Bingrong Dai, Yi Du
https://arxiv.org/abs/2508.03221

BadBlocks: Low-Cost and Stealthy Backdoor Attacks Tailored for Text-to-Image Diffusion Models
In recent years,Diffusion models have achieved remarkable progress in the field of image generation.However,recent studies have shown that diffusion models are susceptible to backdoor attacks,in which attackers can manipulate the output by injecting covert triggers such as specific visual patterns or textual phrases into the training dataset.Fortunately,with the continuous advancement of defense techniques,defenders have become increasingly capable of identifying and mitigating most backdoor at…

Wyden asks White House to scrutinize UK surveillance laws https://therecord.media/wyden-asks-white-house-scrutinize-uk-surveillance-laws-apple

BackFed: An Efficient & Standardized Benchmark Suite for Backdoor Attacks in Federated Learning
Thinh Dao, Dung Thuy Nguyen, Khoa D Doan, Kok-Seng Wong
https://arxiv.org/abs/2507.04903

BackFed: An Efficient & Standardized Benchmark Suite for Backdoor Attacks in Federated Learning
Federated Learning (FL) systems are vulnerable to backdoor attacks, where adversaries train their local models on poisoned data and submit poisoned model updates to compromise the global model. Despite numerous proposed attacks and defenses, divergent experimental settings, implementation errors, and unrealistic assumptions hinder fair comparisons and valid conclusions about their effectiveness in real-world scenarios. To address this, we introduce BackFed - a comprehensive benchmark suite desi…

DISTIL: Data-Free Inversion of Suspicious Trojan Inputs via Latent Diffusion
Hossein Mirzaei, Zeinab Taghavi, Sepehr Rezaee, Masoud Hadi, Moein Madadi, Mackenzie W. Mathis
https://arxiv.org/abs/2507.22813

DISTIL: Data-Free Inversion of Suspicious Trojan Inputs via Latent Diffusion
Deep neural networks have demonstrated remarkable success across numerous tasks, yet they remain vulnerable to Trojan (backdoor) attacks, raising serious concerns about their safety in real-world mission-critical applications. A common countermeasure is trigger inversion -- reconstructing malicious "shortcut" patterns (triggers) inserted by an adversary during training. Current trigger-inversion methods typically search the full pixel space under specific assumptions but offer no assurances tha…

ConSeg: Contextual Backdoor Attack Against Semantic Segmentation
Bilal Hussain Abbasi, Zirui Gong, Yanjun Zhang, Shang Gao, Antonio Robles-Kelly, Leo Zhang
https://arxiv.org/abs/2507.19905

ConSeg: Contextual Backdoor Attack Against Semantic Segmentation
Despite significant advancements in computer vision, semantic segmentation models may be susceptible to backdoor attacks. These attacks, involving hidden triggers, aim to cause the models to misclassify instances of the victim class as the target class when triggers are present, posing serious threats to the reliability of these models. To further explore the field of backdoor attacks against semantic segmentation, in this paper, we propose a simple yet effective backdoor attack called Contextu…

Replaced article(s) found for cs.MM. https://arxiv.org/list/cs.MM/new
[1/1]:
- CLIP-Guided Backdoor Defense through Entropy-Based Poisoned Dataset Separation
Binyan Xu, Fan Yang, Xilin Dai, Di Tang, Kehuan Zhang

BadReasoner: Planting Tunable Overthinking Backdoors into Large Reasoning Models for Fun or Profit
Biao Yi, Zekun Fei, Jianing Geng, Tong Li, Lihai Nie, Zheli Liu, Yiming Li
https://arxiv.org/abs/2507.18305

BadReasoner: Planting Tunable Overthinking Backdoors into Large Reasoning Models for Fun or Profit
Large reasoning models (LRMs) have emerged as a significant advancement in artificial intelligence, representing a specialized class of large language models (LLMs) designed to tackle complex reasoning tasks. The defining characteristic of LRMs lies in their extensive chain-of-thought (CoT) reasoning capabilities. In this paper, we identify a previously unexplored attack vector against LRMs, which we term "overthinking backdoors". We advance this concept by proposing a novel tunable backdoor, w…

BadViM: Backdoor Attack against Vision Mamba
Yinghao Wu, Liyan Zhang
https://arxiv.org/abs/2507.00577 https://arxiv.org/pdf/2507.0057…

BadViM: Backdoor Attack against Vision Mamba
Vision State Space Models (SSMs), particularly architectures like Vision Mamba (ViM), have emerged as promising alternatives to Vision Transformers (ViTs). However, the security implications of this novel architecture, especially their vulnerability to backdoor attacks, remain critically underexplored. Backdoor attacks aim to embed hidden triggers into victim models, causing the model to misclassify inputs containing these triggers while maintaining normal behavior on clean inputs. This paper i…

Replaced article(s) found for cs.CR. https://arxiv.org/list/cs.CR/new
[1/1]:
- Clean-Label Physical Backdoor Attacks with Data Distillation
Thinh Dao, Khoa D Doan, Kok-Seng Wong

SPA: Towards More Stealth and Persistent Backdoor Attacks in Federated Learning
Chengcheng Zhu, Ye Li, Bosen Rao, Jiale Zhang, Yunlong Mao, Sheng Zhong
https://arxiv.org/abs/2506.20931

SPA: Towards More Stealth and Persistent Backdoor Attacks in Federated Learning
Federated Learning (FL) has emerged as a leading paradigm for privacy-preserving distributed machine learning, yet the distributed nature of FL introduces unique security challenges, notably the threat of backdoor attacks. Existing backdoor strategies predominantly rely on end-to-end label supervision, which, despite their efficacy, often results in detectable feature disentanglement and limited persistence. In this work, we propose a novel and stealthy backdoor attack framework, named SPA, whi…

Isolate Trigger: Detecting and Eradicating Evade-Adaptive Backdoors
Chengrui Sun, Hua Zhang, Haoran Gao, Zian Tian, Jianjin Zhao, qi Li, Hongliang Zhu, Zongliang Shen, Shang Wang, Anmin Fu
https://arxiv.org/abs/2508.04094

Isolate Trigger: Detecting and Eradicating Evade-Adaptive Backdoors
All current detection of backdoor attacks on deep learning models fall under the category of a non essential features(NEF), which focus on fighting against simple and efficient vertical class backdoor -- trigger is small, few and not overlapping with the source. Evade-adaptive backdoor (EAB) attacks have evaded NEF detection and improved training efficiency. We introduces a precise, efficient and universal detection and defense framework coined as Isolate Trigger (IsTr). IsTr aims to find the h…

Selection-Based Vulnerabilities: Clean-Label Backdoor Attacks in Active Learning
Yuhan Zhi, Longtian Wang, Xiaofei Xie, Chao Shen, Qiang Hu, Xiaohong Guan
https://arxiv.org/abs/2508.05681

Selection-Based Vulnerabilities: Clean-Label Backdoor Attacks in Active Learning
Active learning(AL), which serves as the representative label-efficient learning paradigm, has been widely applied in resource-constrained scenarios. The achievement of AL is attributed to acquisition functions, which are designed for identifying the most important data to label. Despite this success, one question remains unanswered: is AL safe? In this work, we introduce ALA, a practical and the first framework to utilize the acquisition function as the poisoning attack surface to reveal the w…

Towards Stealthy and Effective Backdoor Attacks on Lane Detection: A Naturalistic Data Poisoning Approach
Yifan Liao, Yuxin Cao, Yedi Zhang, Wentao He, Yan Xiao, Xianglong Du, Zhiyong Huang, Jin Song Dong
https://arxiv.org/abs/2508.15778

Towards Stealthy and Effective Backdoor Attacks on Lane Detection: A Naturalistic Data Poisoning Approach
Deep learning-based lane detection (LD) plays a critical role in autonomous driving and advanced driver assistance systems. However, its vulnerability to backdoor attacks presents a significant security concern. Existing backdoor attack methods on LD often exhibit limited practical utility due to the artificial and conspicuous nature of their triggers. To address this limitation and investigate the impact of more ecologically valid backdoor attacks on LD models, we examine the common data poiso…

CodeGuard: A Generalized and Stealthy Backdoor Watermarking for Generative Code Models
Haoxuan Li, Jiale Zhang, Xiaobing Sun, Xiapu Luo
https://arxiv.org/abs/2506.20926

CodeGuard: A Generalized and Stealthy Backdoor Watermarking for Generative Code Models
Generative code models (GCMs) significantly enhance development efficiency through automated code generation and code summarization. However, building and training these models require computational resources and time, necessitating effective digital copyright protection to prevent unauthorized leaks and misuse. Backdoor watermarking, by embedding hidden identifiers, simplifies copyright verification by breaking the model's black-box nature. Current backdoor watermarking techniques face two mai…

SABRE-FL: Selective and Accurate Backdoor Rejection for Federated Prompt Learning
Momin Ahmad Khan, Yasra Chandio, Fatima Muhammad Anwar
https://arxiv.org/abs/2506.22506

SABRE-FL: Selective and Accurate Backdoor Rejection for Federated Prompt Learning
Federated Prompt Learning has emerged as a communication-efficient and privacy-preserving paradigm for adapting large vision-language models like CLIP across decentralized clients. However, the security implications of this setup remain underexplored. In this work, we present the first study of backdoor attacks in Federated Prompt Learning. We show that when malicious clients inject visually imperceptible, learnable noise triggers into input images, the global prompt learner becomes vulnerable …

Strategic Sample Selection for Improved Clean-Label Backdoor Attacks in Text Classification
Onur Alp Kirci, M. Emre Gursoy
https://arxiv.org/abs/2508.15934 https://

Strategic Sample Selection for Improved Clean-Label Backdoor Attacks in Text Classification
Backdoor attacks pose a significant threat to the integrity of text classification models used in natural language processing. While several dirty-label attacks that achieve high attack success rates (ASR) have been proposed, clean-label attacks are inherently more difficult. In this paper, we propose three sample selection strategies to improve attack effectiveness in clean-label scenarios: Minimum, Above50, and Below50. Our strategies identify those samples which the model predicts incorrectl…

Backdoor Attacks and Defenses in Computer Vision Domain: A Survey
Bilal Hussain Abbasi, Yanjun Zhang, Leo Zhang, Shang Gao
https://arxiv.org/abs/2509.07504 https://

Replaced article(s) found for cs.CR. https://arxiv.org/list/cs.CR/new
[1/1]:
- Breaking PEFT Limitations: Leveraging Weak-to-Strong Knowledge Transfer for Backdoor Attacks in LLMs
Zhao, Gan, Guo, Wu, Jia, Xiao, Nguyen, Tuan

FPEdit: Robust LLM Fingerprinting through Localized Knowledge Editing
Shida Wang, Chaohu Liu, Yubo Wang, Linli Xu
https://arxiv.org/abs/2508.02092 https://…

FPEdit: Robust LLM Fingerprinting through Localized Knowledge Editing
Large language models represent significant investments in computation, data, and engineering expertise, making them extraordinarily valuable intellectual assets. Nevertheless, these AI assets remain vulnerable to unauthorized redistribution and commercial exploitation through fine-tuning or black-box deployment. Current fingerprinting approaches face a fundamental trade-off: intrinsic methods require full parameter access, while backdoor-based techniques employ statistically anomalous triggers…

Unlocking the Effectiveness of LoRA-FP for Seamless Transfer Implantation of Fingerprints in Downstream Models
Zhenhua Xu, Zhaokun Yan, Binhan Xu, Xin Tong, Haitao Xu, Yourong Chen, Meng Han
https://arxiv.org/abs/2509.00820

Unlocking the Effectiveness of LoRA-FP for Seamless Transfer Implantation of Fingerprints in Downstream Models
With the rapid advancement of large language models (LLMs), safeguarding intellectual property (IP) has become increasingly critical. To address the challenges of high costs and potential contamination in fingerprint integration, we propose LoRA-FP, a lightweight, plug-and-play framework that embeds backdoor fingerprints into LoRA adapters through constrained fine-tuning. This design enables seamless fingerprint transplantation via parameter fusion, eliminating the need for full-parameter updat…

Hot-Swap MarkBoard: An Efficient Black-box Watermarking Approach for Large-scale Model Distribution
Zhicheng Zhang, Peizhuo Lv, Mengke Wan, Jiang Fang, Diandian Guo, Yezeng Chen, Yinlong Liu, Wei Ma, Jiyan Sun, Liru Geng
https://arxiv.org/abs/2507.20650

Hot-Swap MarkBoard: An Efficient Black-box Watermarking Approach for Large-scale Model Distribution
Recently, Deep Learning (DL) models have been increasingly deployed on end-user devices as On-Device AI, offering improved efficiency and privacy. However, this deployment trend poses more serious Intellectual Property (IP) risks, as models are distributed on numerous local devices, making them vulnerable to theft and redistribution. Most existing ownership protection solutions (e.g., backdoor-based watermarking) are designed for cloud-based AI-as-a-Service (AIaaS) and are not directly applicab…

Replaced article(s) found for cs.CR. https://arxiv.org/list/cs.CR/new
[1/1]:
- Unified Neural Backdoor Removal with Only Few Clean Samples through Unlearning and Relearning
Nay Myat Min, Long H. Pham, Jun Sun