Editor's Picks

Best Talks at 34th USENIX Security Symposium (USENIX Security '25)

Hand-picked from in-depth reviewer verdicts — the top 12 talks from this conference. Skip the noise, find the signal.

← All talks at 34th USENIX Security Symposium (USENIX Security '25)

  1. 1

    My ZIP isn't your ZIP: Identifying and Exploiting Semantic Gaps Between ZIP Parsers

    Yufan You

    In this compelling talk from USENIX Security, Yufan You presented groundbreaking research on **semantic gaps** in **ZIP file format** parsing, revealing a widespread and critical vulnerability across numerous applications and systems. The core premise is deceptively simple yet…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway SOLID ★★★☆☆
  2. 2

    BGP Vortex: Update Message Floods Can Create Internet Instabilities

    Felix Stöger

    The Border Gateway Protocol (BGP) forms the foundational routing fabric of the internet, orchestrating how data traverses autonomous systems (ASes) globally. For decades, the stability and convergence of BGP have been a cornerstone assumption, particularly underpinned by the…

    0 Dr. Zero MUST SEE ★★★★★ H Heather Calloway SOLID ★★★☆☆
  3. 3

    A First Look at Governments' Enterprise Security Guidance

    Kimberly Ruth

    In an increasingly complex and interconnected digital landscape, organizations of all sizes frequently seek authoritative guidance on best practices for cybersecurity. Governments, often perceived as impartial and reliable sources, have stepped into this critical role, with…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway STRONG ACCEPT ★★★★☆
  4. 4

    Abusability of Automation Apps in Intimate Partner Violence

    Shirley Zhang

    This talk, presented by Shirley Zhang at USENIX Security, unveils a critical and often overlooked vector for intimate partner violence (IPV): the weaponization of readily available mobile automation applications. While much research in tech-enabled abuse focuses on overt…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  5. 5

    CloudFlow: Identifying Security-sensitive Data Flows in Serverless Applications

    Giuseppe Raffa

    In this presentation, Giuseppe Raffa introduces **CloudFlow**, a novel framework designed to statically detect security-sensitive data flows within serverless applications. As enterprises increasingly adopt serverless computing for its agility and reduced operational overhead…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  6. 6

    Confusing Value with Enumeration: Studying the Use of CVEs in Academia

    Moritz Schloegel

    This article delves into a critical examination of how **Common Vulnerabilities and Exposures (CVE)** identifiers are perceived and utilized within the academic security research community. Presented by Moritz Schloegel at USENIX Security 2025, the talk, titled "Confusing Value…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  7. 7

    Demystifying the (In)Security of QR Code-based Login in Real-world Deployments

    Xin Zhang

    The proliferation of QR code-based login systems across a myriad of digital platforms, from social media and e-commerce to cloud storage and gaming, has revolutionized user convenience. By simply scanning a QR code with a trusted mobile application, users can bypass traditional…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  8. 8

    Universal Cross-app Attacks: Exploiting and Securing OAuth 2.0 in Integration Platforms

    Kaixuan Luo

    This talk, presented by Kaixuan Luo, a PhD candidate at the Chinese University of Hong Kong, delves into a critical security vulnerability within the rapidly expanding ecosystem of **integration platforms**. These platforms, ranging from virtual voice assistants like Alexa and…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  9. 9

    Predictive Response Optimization: Using Reinforcement Learning to Fight Online Social Network Abuse

    Garrett Wilson

    In the realm of online social networks, the battle against abuse is a perpetual arms race. Traditional approaches have largely focused on the *detection* of malicious activities, often grappling with the inherent trade-off between precision and recall. However, as Garrett…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  10. 10

    Assessing the Aftermath: the Effects of a Global Takedown against DDoS-for-hire Services

    Anh V. Vu

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  11. 11

    Scoop: Mitigation of Recapture Attacks on Provenance-Based Media Authentication

    Yuxin (Myles) Liu

    In an era dominated by rapidly spreading digital information and the proliferation of sophisticated generative AI, distinguishing authentic content from fabricated material has become an increasingly critical challenge. This talk, "Scoop: Mitigation of Recapture Attacks on…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆
  12. 12

    Tracking You from a Thousand Miles Away! Turning a Bluetooth Device into an Apple AirTag Without Root Privileges

    Junming Chen

    This talk, presented by Junming Chen at USENIX Security, unveils a critical security vulnerability within Apple's widely used Find My network. The research, dubbed "Android," demonstrates how nearly any Bluetooth-enabled device – from laptops and smartphones to gaming consoles…

    0 Dr. Zero STRONG ACCEPT ★★★★☆ H Heather Calloway SOLID ★★★☆☆

View all talks at 34th USENIX Security Symposium (USENIX Security '25) →