Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
IEEE

JasFree: Grammar-free Program Analysis for JavaScript Bytecode

Abstract: JavaScript is rapidly being deployed as binaries in security-critical embedded domains, including IoT devices, edge computing, and smart automotive applications. Ensuring the security of ...
IEEE

Graph Learning-Based Arithmetic Block Identification

Abstract: Arithmetic block identification in gate-level netlist is an essential procedure for malicious logic detection, functional verification, or macro-block optimization. We argue that existing ...