We introduce HackerSignal, a benchmark for temporal out-of-distribution cyber threat intelligence (CTI) and cross-source CVE linkage. HackerSignal aggregates 7.45 million exact-deduplicated documents from 64 public forum/source identifiers spanning eight source layers and a 36-year window (1990-2026). In contrast to other publicly accessible cybersecurity datasets, HackerSignal is among the first public benchmark datasets that maps the full potential exploit to vulnerability trajectory from hacker community discourse, exploit databases with working and proof of concept exploits, vulnerability advisories, and software fix commits. HackerSignal creates these linkages through a shared CVE identifier space while preserving source-specific release modes to support a range of unique Artificial Intelligence (AI)-enabled cybersecurity analytics tasks. In this paper, we summarize HackerSignal and illustrate three selected benchmark tasks it uniquely supports: (1) CVE linkage retrieval (cross-source temporal out-of-distribution entity grounding); (2) exploit type classification (8-class vulnerability type prediction with temporal OOD evaluation); and (3) temporal generalization (prospective
Agent benchmarks score submissions with outcome verifiers that are typically hand-written and brittle, leaving them open to reward hacking. We audit 1,968 tasks across five terminal-agent benchmarks and find 323 (16%) hackable by frontier models given only the task description. This corrupts both leaderboard rankings and RL training signal, yet the standard response is manual and reactive. We introduce the hacker-fixer loop, a method for building exploit-resistant verifiers without per-task manual patching. The loop alternates three LLM agents: a hacker tries to pass the verifier without solving the task, a fixer patches the verifier to reject each discovered exploit, and a solver confirms the patched verifier still admits legitimate solutions. The loop iterates: each patch reshapes what the verifier rewards, surfacing the next exploit. We further add verifier access, and let patches transfer across tasks, to broaden the exploits the loop discovers. On KernelBench, the loop drives the attack success rate from 62% to 0% on a held-out corpus of publicly reported exploits. We also find that weaker agents in the loop can defend against much stronger hackers: Gemini 3 Flash's loop drive
Social media platforms have become more influential than traditional news sources, shaping public discourse and accelerating the spread of information. With the rapid advancement of artificial intelligence (AI), open-source software (OSS) projects can leverage these platforms to gain visibility and attract contributors. In this study, we investigate the relationship between Hacker News, a social news site focused on computer science and entrepreneurship, and the extent to which it influences developer activity on the promoted GitHub AI projects. We analyzed 2,195 Hacker News (HN) stories and their corresponding comments over a two-year period. Our findings reveal that at least 19\% of AI developers promoted their GitHub projects on Hacker News, often receiving positive engagement from the community. By tracking activity on the associated 1,814 GitHub repositories after they were shared on Hacker News, we observed a significant increase in forks, stars, and contributors. These results suggest that Hacker News serves as a viable platform for AI-powered OSS projects, with the potential to gain attention, foster community engagement, and accelerate software development.
This paper examines how the figure of the hacker is portrayed in German mainstream media and explores the impact of media framing on public discourse. Through a longitudinal content analysis of 301 articles from four of the most widely circulated German newspapers (Die Zeit, Süddeutsche Zeitung, Bild, and Der Spiegel), the study covers reporting between January 2017 and January 2020. The results reveal a strong predominance of negative connotations and dramatizing frames that link hackers to criminality, national security threats, and digital warfare. Drawing on media effects theory, scandalization mechanisms, and constructivist media theory, the article shows how media representations co-construct public perceptions of IT-related risks. The analysis emphasizes the role of agenda setting, framing, and media reality in shaping societal narratives around hackers. The study concludes by reflecting on the broader implications for IT security education and the sociopolitical challenges posed by distorted representations of digital actors.
Hacker forums provide critical early warning signals for emerging cybersecurity threats, but extracting actionable intelligence from their unstructured and noisy content remains a significant challenge. This paper presents an unsupervised framework that automatically detects, clusters, and prioritizes security events discussed across hacker forum posts. Our approach leverages Transformer-based embeddings fine-tuned with contrastive learning to group related discussions into distinct security event clusters, identifying incidents like zero-day disclosures or malware releases without relying on predefined keywords. The framework incorporates a daily ranking mechanism that prioritizes identified events using quantifiable metrics reflecting timeliness, source credibility, information completeness, and relevance. Experimental evaluation on real-world hacker forum data demonstrates that our method effectively reduces noise and surfaces high-priority threats, enabling security analysts to mount proactive responses. By transforming disparate hacker forum discussions into structured, actionable intelligence, our work addresses fundamental challenges in automated threat detection and analysi
This paper investigates the stochastic behavior of an n-node blockchain which is continuously monitored and faces non-stop cyber attacks from multiple hackers. The blockchain will start being re-set once hacking is detected, forfeiting previous efforts of all hackers. It is assumed the re-setting process takes a random amount of time. Multiple independent hackers will keep attempting to hack into the blockchain until one of them succeeds. For arbitrary distributions of the hacking times, detecting times, and re-setting times, we derive the instantaneous functional probability, the limiting functional probability, and the mean functional time of the blockchain. Moreover, we establish that these quantities are increasing functions of the number of nodes, formalizing the intuition that the more nodes a blockchain has the more secure it is.
Underground forums serve as hubs for cybercriminal activities, offering a space for anonymity and evasion of conventional online oversight. In these hidden communities, malicious actors collaborate to exchange illicit knowledge, tools, and tactics, driving a range of cyber threats from hacking techniques to the sale of stolen data, malware, and zero-day exploits. Identifying the key instigators (i.e., key hackers), behind these operations is essential but remains a complex challenge. This paper presents a novel method called EUREKHA (Enhancing User Representation for Key Hacker Identification in Underground Forums), designed to identify these key hackers by modeling each user as a textual sequence. This sequence is processed through a large language model (LLM) for domain-specific adaptation, with LLMs acting as feature extractors. These extracted features are then fed into a Graph Neural Network (GNN) to model user structural relationships, significantly improving identification accuracy. Furthermore, we employ BERTopic (Bidirectional Encoder Representations from Transformers Topic Modeling) to extract personalized topics from user-generated content, enabling multiple textual repr
Social news platforms have become key launch outlets for open-source projects, especially Hacker News (HN), though quantifying their immediate impact remains challenging. This paper presents a reproducible demonstration system that tracks how HN exposure translates into GitHub star growth for AI and LLM tools. Built entirely on public APIs, our pipeline analyzes 138 repository launches from 2024-2025 and reveals substantial launch effects: repositories gain an average of 121 stars within 24 hours, 189 stars within 48 hours, and 289 stars within a week of HN exposure. Through machine learning models (Elastic Net) and non-linear approaches (Gradient Boosting), we identify key predictors of viral growth. Posting timing appears as key factor--launching at optimal hours can mean hundreds of additional stars--while the "Show HN" tag shows no statistical advantage after controlling for other factors. The demonstration completes in under five minutes on standard hardware, automatically collecting data, training models, and generating visualizations through single-file scripts. This makes our findings immediately reproducible and the framework easily be extended to other platforms, providin
Offensive security-tests are a common way to pro-actively discover potential vulnerabilities. They are performed by specialists, often called penetration-testers or white-hat hackers. The chronic lack of available white-hat hackers prevents sufficient security test coverage of software. Research into automation tries to alleviate this problem by improving the efficiency of security testing. To achieve this, researchers and tool builders need a solid understanding of how hackers work, their assumptions, and pain points. In this paper, we present a first data-driven exploratory qualitative study of twelve security professionals, their work and problems occurring therein. We perform a thematic analysis to gain insights into the execution of security assignments, hackers' thought processes and encountered challenges. This analysis allows us to conclude with recommendations for researchers and tool builders to increase the efficiency of their automation and identify novel areas for research.
We investigate the instantaneous and limiting behavior of an n-node blockchain which is under continuous monitoring of the IT department of a company but faces non-stop cyber attacks from a single hacker. The blockchain is functional as far as no data stored on it has been changed, deleted, or locked. Once the IT department detects the attack from the hacker, it will immediately re-set the blockchain, rendering all previous efforts of the hacker in vain. The hacker will not stop until the blockchain is dysfunctional. For arbitrary distributions of the hacking times and detecting times, we derive the limiting functional probability, instantaneous functional probability, and mean functional time of the blockchain. We also show that all these quantities are increasing functions of the number of nodes, substantiating the intuition that the more nodes a blockchain has, the harder it is for a hacker to succeed in a cyber attack.
This paper explores the behaviour of malicious hacker groups operating in cyberspace and how they organize themselves in structured networks. To better understand these groups, the paper uses Social Network Analysis (SNA) to analyse the interactions and relationships among several malicious hacker groups. The study uses a tested dataset as its primary source, providing an empirical analysis of the cooperative behaviours exhibited by these groups. The study found that malicious hacker groups tend to form close-knit networks where they consult, coordinate with, and assist each other in carrying out their attacks. The study also identified a "small world" phenomenon within the population of malicious actors, which suggests that these groups establish interconnected relationships to facilitate their malicious operations. The small world phenomenon indicates that the actor-groups are densely connected, but they also have a small number of connections to other groups, allowing for efficient communication and coordination of their activities.
Society is inextricably dependent on the Internet and other globally interconnected infrastructures used in the provisioning of information services. The growth of information technology (IT) and information systems (IS) over the past decades has created an unprecedented demand for access to information. The implication of wireless mobility are great, and the commercial possibilities of new and innovative wireless flexibility are just beginning to be realized through the emergence of the Internet of Things (IoT). This article takes a look the history of hacking and professionalization of the hacker industry. As the hacker industry becomes more fully professionalized, it is becoming much more adaptive and flexible, making it harder for intelligence and law enforcement to confront. Furthermore, the hacker industry is blurring the distinction between motivated crime and traditional computer security threats - including the disruption of critical infrastructures or the penetration of networks.
There are numerous articles about the programming languages most commonly used by hackers. Among them, however, there are hardly any scientific studies. One reason might be that hackers mainly operate anonymously and are difficult to reach. This paper aims to shed light on this interesting and relevant research question. In order to find answers, we conducted a survey among the members of the German Chaos Computer Club. As one of the world's largest organisations for information security and hacking, the club provides a good basis for our study. We examine the question of which programming languages are used by hackers as well as the importance of the programming language for their work. The paper offers first insights into the topic and can provide a starting point for further research.
Code protections aim at blocking (or at least delaying) reverse engineering and tampering attacks to critical assets within programs. Knowing the way hackers understand protected code and perform attacks is important to achieve a stronger protection of the software assets, based on realistic assumptions about the hackers' behaviour. However, building such knowledge is difficult because hackers can hardly be involved in controlled experiments and empirical studies. The FP7 European project Aspire has given the authors of this paper the unique opportunity to have access to the professional penetration testers employed by the three industrial partners. In particular, we have been able to perform a qualitative analysis of three reports of professional penetration test performed on protected industrial code. Our qualitative analysis of the reports consists of open coding, carried out by 7 annotators and resulting in 459 annotations, followed by concept extraction and model inference. We identified the main activities: understanding, building attack, choosing and customizing tools, and working around or defeating protections. We built a model of how such activities take place. We used su
In our current society, the inter-connectivity of devices provides easy access for netizens to utilize cyberspace technology for illegal activities. The deep web platform is a consummative ecosystem shielded by boundaries of trust, information sharing, trade-off, and review systems. Domain knowledge is shared among experts in hacker's forums which contain indicators of compromise that can be explored for cyberthreat intelligence. Developing tools that can be deployed for threat detection is integral in securing digital communication in cyberspace. In this paper, we addressed the use of TOR relay nodes for anonymizing communications in deep web forums. We propose a novel approach for detecting cyberthreats using a deep learning algorithm Long Short-Term Memory (LSTM). The developed model outperformed the experimental results of other researchers in this problem domain with an accuracy of 94\% and precision of 90\%. Our model can be easily deployed by organizations in securing digital communications and detection of vulnerability exposure before cyberattack.
Developing new metal hydrides is a critical step toward efficient hydrogen storage in carbon-neutral energy systems. However, existing materials databases, such as the Materials Project, contain a limited number of well-characterized hydrides, which constrains the discovery of optimal candidates. This work presents a framework that integrates causal discovery with a lightweight generative machine learning model to generate novel metal hydride candidates that may not exist in current databases. Using a dataset of 450 samples (270 training, 90 validation, and 90 testing), the model generates 1,000 candidates. After ranking and filtering, six previously unreported chemical formulas and crystal structures are identified, four of which are validated by density functional theory simulations and show strong potential for future experimental investigation. Overall, the proposed framework provides a scalable and time-efficient approach for expanding hydrogen storage datasets and accelerating materials discovery.
Artificial intelligence (AI) systems impose substantial and growing environmental costs, yet transparency about these impacts has declined even as their deployment has accelerated. This paper makes three contributions. First, we collate empirical evidence that generative Web search and reasoning models - which have proliferated in 2025 - come with much higher cumulative environmental impacts than previous generations of AI approaches. Second, we map the global regulatory landscape across eleven jurisdictions and find that the manner in which environmental governance operates (predominantly at the facility-level rather than the model-level, with a focus on training rather than inference, with limited AI-specific energy disclosure requirements outside the EU) limits its applicability. Third, to address this, we propose a three-pronged policy response: mandatory model-level transparency that covers inference consumption, benchmarks, and compute locations; user rights to opt out of unnecessary generative AI integration and to select environmentally optimized models; and international coordination to prevent regulatory arbitrage. We conclude with concrete legislative proposals - includi
We consider a Stokes flow coupled with advective-diffusive transport in an evolving domain with boundary conditions allowing for inflow and outflow. The evolution of the domain is induced by the transport process, leading to a fully coupled problem. Our aim is to model the thermal control of blood flow in human skin. To this end, the model takes into account the temperature-dependent production of biochemical substances, the subsequent dilation and constriction of blood vessels, and the resulting changes in convective heat transfer. We prove existence and uniqueness of weak solutions using a fixed point method that allows us to treat the nonlinear coupling.
The current advancement in and deployment of agentic AI systems has created a set of key challenges for the legal frameworks that govern their use. We cover two central components: first, the regulatory classification of agents under the EU AI Act, and second, the legal status and validity of autonomous actions within the established framework of EU contract law. We argue that the unique capacity of agents to autonomously reason, plan, and execute tasks across disparate external systems necessitates a fundamental shift in oversight toward the orchestration layer, where multi-agent interactions introduce novel risks of misalignment. While agents generally utilise general-purpose AI models, we posit that their structural complexity and cross-system permeability require them to be regulated as "AI systems" with distinct obligations under the AI Act. Consequently, our proposals highlight the need for robust accountability mechanisms to manage this heightened autonomy. On the contractual side, we advocate for a "traffic light" system of staggered task authorization based on operational risk and the creation of a statutory list of non-delegable legal acts. By implementing these measures,
Context: LHS 3844 b (TOI-136 b) is a ultra short-period, Earth-size exoplanet detected by TESS. It is one of the most favourable object for atmospheric characterisation and the study of its surface with the James Webb Space Telescope. However, the dynamical mass of this planet has not been measured yet. Aims: We aim to determine the mass of LHS 3844 b using high-precision radial velocity (RV) measurements and assess the robustness of the inferred signal across different noise and orbital modelling assumptions. Methods: We analyse 25 ESPRESSO RV observations within a fully Bayesian framework. We explore 15 competing RV models that differ in their treatment of correlated stellar variability (through different Gaussian Process kernels) and long-term drifts. Marginal likelihoods are computed for all models and used for Bayesian model comparison and evidence-weighted parameter estimation. Results: The RV planetary signal is robustly detected across all models, and the inferred semi-amplitude remains stable under all tested noise and drift prescriptions. From the evidence-weighted posterior samples we derive a planetary mass of $2.27 \pm 0.23$ M$_\oplus$ and a bulk density of $5.67 \pm 0