Vulnerability Detection Model using LLM and Code Chunk - arxiv.org/pdf/2506.19453 Software supply chain vulnerabilities arise when attackers exploit weaknesses by injecting vulnerable code into widely used packages or libraries within software repositories. While most existing approaches focus on identifying vulnerable packages or libraries, they often overlook the specific functions responsible for these vulnerabilities. Pinpointing vulnerable functions within packages or libraries is critical, as it can significantly reduce the risks associated with using open-source software. Identifying vulnerable patches is challenging because developers often submit code changes that are unrelated to vulnerability fixes. To address this issue, this paper introduces FuncVul, an innovative code chunk-based model for function-level vulnerability detection in C/C and Python, designed to identify multiple vulnerabilities within a function by focusing on smaller, critical code segments. To assess the model’s effectiveness, we construct six code and generic code chunk based datasets using two approaches: (1) integrating patch information with large language models to label vulnerable samples and (2) leveraging large language models alone to detect vulnerabilities in function-level code. To design FuncVul vulnerability model, we utilise GraphCodeBERT fine tune model that captures both the syntactic and semantic aspects of code. Experimental results show that FuncVul outperforms existing state-of-the-art models, achieving an average accuracy of 87-92% and an F1 score of 86-92% across all datasets. Furthermore, we have demonstrated that our codechunk-based FuncVul model improves 53.9% accuracy and 42.0% F1-score than the full function-based vulnerability prediction. #FuncVul #LLMSecurity #CodeChunks #VulnerabilityDetection #SoftwareSupplyChain #OpenSourceSecurity #GraphCodeBERT #FunctionLevelAnalysis #PatchDetection #CodeSecurity #AI4Code #CVEAnalysis #SecureCoding #AIinSecurity #CodeVulnerabilities #LLMDetection #PythonSecurity #CppSecurity #SemanticCodeAnalysis #AISoftwareSecurity

Using LLMs for Security Advisory Investigations - arxiv.org/pdf/2506.13161 Large Language Models are increasingly used in software security, but their trustworthiness in generating accurate vulnerability advisories remains uncertain. This study investigates the ability of ChatGPT to (1) generate plausible security advisories from CVE-IDs, (2) differentiate real from fake CVE-IDs, and (3) extract CVE-IDs from advisory descriptions #LLMSecurity #CVEAnalysis #SecurityAdvisories #ChatGPTLimitations #FakeCVE #AIinCybersecurity #LLMTrustworthiness #CyberThreatIntel #AIValidation #AdvisoryAutomation #SecurityNLP #LLMRisks #VulnerabilityDetection #AIAuthenticity #ResponsibleAI #CVEGeneration #AISecurityTools #LLMChallenges #SecureAI #AI4Security

How is this #CVE chained with other CVEs in real-world attacks❓ What are the technical details and exploitation steps❓ What attack paths could a threat actor take❓ Ask these questions directly in CVE Insights Cards using Ask AI! feedly.com/new-features/post… #ThreatIntel #CVEAnalysis #Cybersecurity

📚 Dive into our new blog analyzing the Adobe ColdFusion Pre-Auth Remote Code Execution vulnerability (CVE-2023-29300). Visit 👉 blog.projectdiscovery.io/ado… Also, check out our @pdnuclei template for effective vulnerability detection. #AdobeColdFusion #Cybersecurity #CVEanalysis #RCE #hackwithautomation