Hasil untuk "Toxicology. Poisons"

K. Rice, E. Walker, Miaozong Wu et al.

Mercury exists naturally and as a man-made contaminant. The release of processed mercury can lead to a progressive increase in the amount of atmospheric mercury, which enters the atmospheric-soil-water distribution cycles where it can remain in circulation for years. Mercury poisoning is the result of exposure to mercury or mercury compounds resulting in various toxic effects depend on its chemical form and route of exposure. The major route of human exposure to methylmercury (MeHg) is largely through eating contaminated fish, seafood, and wildlife which have been exposed to mercury through ingestion of contaminated lower organisms. MeHg toxicity is associated with nervous system damage in adults and impaired neurological development in infants and children. Ingested mercury may undergo bioaccumulation leading to progressive increases in body burdens. This review addresses the systemic pathophysiology of individual organ systems associated with mercury poisoning. Mercury has profound cellular, cardiovascular, hematological, pulmonary, renal, immunological, neurological, endocrine, reproductive, and embryonic toxicological effects.

L. Friberg, C. Elinder, T. Kjellström et al.

This book contains the following chapters: Respiratory Effects. Renal Effects. Effects on Bone, on Vitamin D, and Calcium Metabolism. Other Toxic Effects. Carcinogenic and Genetic Effects. Critical Organs, Critical Concentrations, and Whole Body Dose-Response Relationships. General Summary and Conclusions and Some Aspects of Diagnosis and Poisoning. Appendix.

J. A. Camargo, Á. Alonso

C. Ruiz-Capillas, A. Herrero

Today, food safety and quality are some of the main concerns of consumer and health agencies around the world. Our current lifestyle and market globalization have led to an increase in the number of people affected by food poisoning. Foodborne illness and food poisoning have different origins (bacteria, virus, parasites, mold, contaminants, etc.), and some cases of food poisoning can be traced back to chemical and natural toxins. One of the toxins targeted by the Food and Drug Administration (FDA) and European Food Safety Authority (EFSA) is the biogenic amine histamine. Biogenic amines (BAs) in food constitute a potential public health concern due to their physiological and toxicological effects. The consumption of foods containing high concentrations of biogenic amines has been associated with health hazards. In recent years there has been an increase in the number of food poisoning cases associated with BAs in food, mainly in relation to histamines in fish. We need to gain a better understanding of the origin of foodborne disease and how to control it if we expect to keep people from getting ill. Biogenic amines are found in varying concentrations in a wide range of foods (fish, cheese, meat, wine, beer, vegetables, etc.), and BA formation is influenced by different factors associated with the raw material making up food products, microorganisms, processing, and conservation conditions. Moreover, BAs are thermostable. Biogenic amines also play an important role as indicators of food quality and/or acceptability. Hence, BAs need to be controlled in order to ensure high levels of food quality and safety. All of these aspects will be addressed in this review.

Danish Gufran, Akhil Singampalli, Sudeep Pasricha

Indoor localization has become increasingly essential for applications ranging from asset tracking to delivering personalized services. Federated learning (FL) offers a privacy-preserving approach by training a centralized global model (GM) using distributed data from mobile devices without sharing raw data. However, real-world deployments require a continual federated learning (CFL) setting, where the GM receives continual updates under device heterogeneity and evolving indoor environments. In such dynamic conditions, erroneous or biased updates can cause the GM to deviate from its expected learning trajectory, gradually degrading internal GM representations and GM localization performance. This vulnerability is further exacerbated by adversarial model poisoning attacks. To address this challenge, we propose ARMOR, a novel CFL-based framework that monitors and safeguards the GM during continual updates. ARMOR introduces a novel state-space model (SSM) that learns the historical evolution of GM weight tensors and predicts the expected next state of weight tensors of the GM. By comparing incoming local updates with this SSM projection, ARMOR detects deviations and selectively mitigates corrupted updates before local updates are aggregated with the GM. This mechanism enables robust adaptation to temporal environmental dynamics and mitigate the effects of model poisoning attacks while preventing GM corruption. Experimental evaluations in real-world conditions indicate that ARMOR achieves notable improvements, with up to 8.0x reduction in mean error and 4.97x reduction in worst-case error compared to state-of-the-art indoor localization frameworks, demonstrating strong resilience against model corruption tested using real-world data and mobile devices.

Phan The Duy, Nghi Hoang Khoa, Nguyen Tran Anh Quan et al.

The increasing deployment of Federated Learning (FL) in Intrusion Detection Systems (IDS) introduces new challenges related to data privacy, centralized coordination, and susceptibility to poisoning attacks. While significant research has focused on protecting traditional FL-IDS with centralized aggregation servers, there remains a notable gap in addressing the unique challenges of decentralized FL-IDS (DFL-IDS). This study aims to address the limitations of traditional centralized FL-IDS by proposing a novel defense framework tailored for the decentralized FL-IDS architecture, with a focus on privacy preservation and robustness against poisoning attacks. We propose PenTiDef, a privacy-preserving and robust defense framework for DFL-IDS, which incorporates Distributed Differential Privacy (DDP) to protect data confidentiality and utilizes latent space representations (LSR) derived from neural networks to detect malicious updates in the decentralized model aggregation context. To eliminate single points of failure and enhance trust without a centralized aggregation server, PenTiDef employs a blockchain-based decentralized coordination mechanism that manages model aggregation, tracks update history, and supports trust enforcement through smart contracts. Experimental results on CIC-IDS2018 and Edge-IIoTSet demonstrate that PenTiDef consistently outperforms existing defenses (e.g., FLARE, FedCC) across various attack scenarios and data distributions. These findings highlight the potential of PenTiDef as a scalable and secure framework for deploying DFL-based IDS in adversarial environments. By leveraging privacy protection, malicious behavior detection in hidden data, and working without a central server, it provides a useful security solution against real-world attacks from untrust participants.

I-Jung Hsu, Chih-Hsun Lin, Chia-Mu Yu et al.

Trajectory data, which tracks movements through geographic locations, is crucial for improving real-world applications. However, collecting such sensitive data raises considerable privacy concerns. Local differential privacy (LDP) offers a solution by allowing individuals to locally perturb their trajectory data before sharing it. Despite its privacy benefits, LDP protocols are vulnerable to data poisoning attacks, where attackers inject fake data to manipulate aggregated results. In this work, we make the first attempt to analyze vulnerabilities in several representative LDP trajectory protocols. We propose \textsc{TraP}, a heuristic algorithm for data \underline{P}oisoning attacks using a prefix-suffix method to optimize fake \underline{Tra}jectory selection, significantly reducing computational complexity. Our experimental results demonstrate that our attack can substantially increase target pattern occurrences in the perturbed trajectory dataset with few fake users. This study underscores the urgent need for robust defenses and better protocol designs to safeguard LDP trajectory data against malicious manipulation.

Wassim Bouaziz, El-Mahdi El-Mhamdi, Nicolas Usunier

Protecting the use of audio datasets is a major concern for data owners, particularly with the recent rise of audio deep learning models. While watermarks can be used to protect the data itself, they do not allow to identify a deep learning model trained on a protected dataset. In this paper, we adapt to audio data the recently introduced data taggants approach. Data taggants is a method to verify if a neural network was trained on a protected image dataset with top-$k$ predictions access to the model only. This method relies on a targeted data poisoning scheme by discreetly altering a small fraction (1%) of the dataset as to induce a harmless behavior on out-of-distribution data called keys. We evaluate our method on the Speechcommands and the ESC50 datasets and state of the art transformer models, and show that we can detect the use of the dataset with high confidence without loss of performance. We also show the robustness of our method against common data augmentation techniques, making it a practical method to protect audio datasets.

Junnan Qiu, Yuanjie Zhao, Jie Li

Offline Reinforcement Learning (RL) enables policy optimization from static datasets but is inherently vulnerable to data poisoning attacks. Existing attack strategies typically rely on locally uniform perturbations, which treat all samples indiscriminately. This approach is inefficient, as it wastes the perturbation budget on low-impact samples, and lacks stealthiness due to significant statistical deviations. In this paper, we propose a novel Global Budget Allocation attack strategy. Leveraging the theoretical insight that a sample's influence on value function convergence is proportional to its Temporal Difference (TD) error, we formulate the attack as a global resource allocation problem. We derive a closed-form solution where perturbation magnitudes are assigned proportional to the TD-error sensitivity under a global L2 constraint. Empirical results on D4RL benchmarks demonstrate that our method significantly outperforms baseline strategies, achieving up to 80% performance degradation with minimal perturbations that evade detection by state-of-the-art statistical and spectral defenses.

Mingli Zhu, Shaokui Wei, Hongyuan Zha et al.

Recent studies have highlighted the vulnerability of deep neural networks to backdoor attacks, where models are manipulated to rely on embedded triggers within poisoned samples, despite the presence of both benign and trigger information. While several defense methods have been proposed, they often struggle to balance backdoor mitigation with maintaining benign performance.In this work, inspired by the concept of optical polarizer-which allows light waves of specific polarizations to pass while filtering others-we propose a lightweight backdoor defense approach, NPD. This method integrates a neural polarizer (NP) as an intermediate layer within the compromised model, implemented as a lightweight linear transformation optimized via bi-level optimization. The learnable NP filters trigger information from poisoned samples while preserving benign content. Despite its effectiveness, we identify through empirical studies that NPD's performance degrades when the target labels (required for purification) are inaccurately estimated. To address this limitation while harnessing the potential of targeted adversarial mitigation, we propose class-conditional neural polarizer-based defense (CNPD). The key innovation is a fusion module that integrates the backdoored model's predicted label with the features to be purified. This architecture inherently mimics targeted adversarial defense mechanisms without requiring label estimation used in NPD. We propose three implementations of CNPD: the first is r-CNPD, which trains a replicated NP layer for each class and, during inference, selects the appropriate NP layer for defense based on the predicted class from the backdoored model. To efficiently handle a large number of classes, two variants are designed: e-CNPD, which embeds class information as additional features, and a-CNPD, which directs network attention using class information.

Yuxin Cao, Wei Song, Jingling Xue et al.

Video Large Language Models (VideoLLMs) have emerged as powerful tools for understanding videos, supporting tasks such as summarization, captioning, and question answering. Their performance has been driven by advances in frame sampling, progressing from uniform-based to semantic-similarity-based and, most recently, prompt-guided strategies. While vulnerabilities have been identified in earlier sampling strategies, the safety of prompt-guided sampling remains unexplored. We close this gap by presenting PoisonVID, the first black-box poisoning attack that undermines prompt-guided sampling in VideoLLMs. PoisonVID compromises the underlying prompt-guided sampling mechanism through a closed-loop optimization strategy that iteratively optimizes a universal perturbation to suppress harmful frame relevance scores, guided by a depiction set constructed from paraphrased harmful descriptions leveraging a shadow VideoLLM and a lightweight language model, i.e., GPT-4o-mini. Comprehensively evaluated on three prompt-guided sampling strategies and across three advanced VideoLLMs, PoisonVID achieves 82% - 99% attack success rate, highlighting the importance of developing future advanced sampling strategies for VideoLLMs.

Yu-Hang Wu, Yu-Jie Xiong, Hao Zhang et al.

With the increasingly deep integration of large language models (LLMs) across diverse domains, the effectiveness of their safety mechanisms is encountering severe challenges. Currently, jailbreak attacks based on prompt engineering have become a major safety threat. However, existing methods primarily rely on black-box manipulation of prompt templates, resulting in poor interpretability and limited generalization. To break through the bottleneck, this study first introduces the concept of Defense Threshold Decay (DTD), revealing the potential safety impact caused by LLMs' benign generation: as benign content generation in LLMs increases, the model's focus on input instructions progressively diminishes. Building on this insight, we propose the Sugar-Coated Poison (SCP) attack paradigm, which uses a "semantic reversal" strategy to craft benign inputs that are opposite in meaning to malicious intent. This strategy induces the models to generate extensive benign content, thereby enabling adversarial reasoning to bypass safety mechanisms. Experiments show that SCP outperforms existing baselines. Remarkably, it achieves an average attack success rate of 87.23% across six LLMs. For defense, we propose Part-of-Speech Defense (POSD), leveraging verb-noun dependencies for syntactic analysis to enhance safety of LLMs while preserving their generalization ability.

Ornella Binazon, Mario Cocco, Daniel Thwaites et al.

Efgartigimod is a human IgG1 antibody Fc fragment that reduces IgG levels through neonatal Fc receptor blockade. This study evaluated whether efgartigimod affects the generation of T-cell-dependent antibodies and cellular immune responses to keyhole limpet hemocyanin (KLH) immunization in non-human primates. Cynomolgus monkeys received efgartigimod or vehicle control intravenously for 11 wk, followed by a recovery phase. KLH challenges occurred during both the dosing phase and the recovery phase. No statistically significant differences emerged in anti-KLH IgM levels between the efgartigimod and control groups. Likewise, comparable KLH-specific T cell responses were observed between groups. Anti-KLH IgG titers were lower in efgartigimod-treated animals compared with controls only after the first boost of KLH, coinciding with decreases in total IgG titers in efgartigimod-treated animals, and returned to baseline levels by the end of the recovery phase. Taken together, these results indicate that efgartigimod does not suppress T-cell-dependent antibody responses or antibody class-switching. The findings of this study are consistent with efgartigimod’s pharmacological mechanism of action and suggest that efgartigimod does not impair the generation of effective immune responses.

Amin Bakhtiyari, Masoud Ghadipasha, Hanie Bakhtiyari

Background: Since the first use of DNA analysis in biological samples in a criminal case, a revolution in forensic investigations was created by a sub-field called forensic genetics. Also, today, it is possible to identify people by creating databases of the genetic identity of people in society and matching them with the genetic profile extracted from unknown samples. One of the applications of genetics banks is to identify the bodies in accidents such as traffic accidents where the body cannot be recognized in terms of appearance. For this purpose, by taking a biological sample from the body and extracting its genetic profile, it can be matched with the genetic profile of the person already registered in the genetic bank, and the unknown body can be identified. Case Presentation: Seventeen bodies that died due to car accidents and could not be identified in terms of appearance were referred to the legal medicine organization of Ilam Province, Iran, to determine the cause of death and identification. After taking muscle samples from all bodies due to the lack of a sizeable genetic bank in Iran, the first-degree families of the claimant bodies were invited to take blood samples for identification. Unknown bodies related to car accidents were successfully identified by using muscle samples from unknown bodies and comparing them with blood samples from first-degree families. Conclusion: Nevertheless, with the creation and development of DNA data banks for all people, there is no need for the presence of the first-degree family in such incidents, and by comparing the unknown samples in the DNA data banks, it is possible to identify the unknown bodies more accurately, quickly and at a lower cost. Right now, we have a DNA data bank for criminals in Iran. However, the creation of a DNA data bank for everyone is emphasized in this study due to various applications, such as identifying unidentified bodies.

Katherine Tsaioun, Thomas Hartung, Sebastian Hoffmann et al.

At the 13th Global Summit on Regulatory Science (GSRS23), a pre-summit workshop organized by EBTC and EFSA explored the integration of artificial intelligence (AI), big data, and new approach methodologies (NAMs) into regulatory science. Experts Presentations highlighted how AI can enhance toxicological assessments by improving data processing, enabling predictive modeling, and supporting systematic evidence synthesis. Emphasis was placed on the need for high-quality, interoperable data and FAIR principles to ensure reliable AI outputs. Case studies, such as the ONTOX project, demonstrated practical progress toward animal-free, AI-supported toxicity prediction. Key challenges discussed included data quality and data gaps, legal and ethical considerations, and the need for trust building, standards, and the regulatory readiness for AI. The workshop concluded that while AI holds transformative promise, responsible implementation requires coordinated efforts across science, policy, and regulation.

Arturo J. Brugger Aubán

The use of poisons spans human history, serving as tools for war, execution, assassination, revenge, and political control. Ancient texts like the "Rig Veda" mention poisoned weapons, and many civilizations used natural toxins—such as frog skin, snake venom, and plant extracts—for lethal purposes. Mythology reflects deep knowledge of poisons. Medea attempted to poison Theseus with aconite to protect her son’s claim to the throne. Hercules used Hydra’s venom to create deadly arrows. In historical contexts, figures like Socrates were executed with poison—hemlock in his case—which was reserved for elite criminals due to its cost. Classical toxicology began in Ancient Greece and continued through the Roman Empire. During Rome’s imperial era, poisons were commonly used in power struggles. Tiberius’ reign saw suspected poisonings of his potential successors, including Germanicus and Drusus. Caligula ultimately rose to power through such intrigue, killing his rivals. Notable toxicologists include Mateo Orfila, who advanced forensic detection techniques in the 19th century, and Juan Bautista Peset Aleixandre, who developed early devices to detect toxic gases in the blood. Natural poisons were also studied in modern science. Cobra venom contains dozens of toxic proteins, many of which disrupt nerve and muscle function. Aconitine, found in "Aconitum napellus", binds to sodium channels in nerves, keeping them open and causing fatal disruptions in cell signaling. Another plant-based toxin, protoanemonin from buttercups, causes painful spasms and ulcers, giving rise to the term "sardonic smile". In Renaissance and Baroque Europe, poisoners like Locusta in Nero’s Rome and La Voisin in Louis XV’s court gained notoriety for their lethal skills. They supplied aristocrats with toxic mixtures to remove rivals or secure inheritances. One infamous potion, “Aqua Tofana”, was linked to hundreds of deaths, possibly including that of Mozart. Venice’s secretive Council of Ten used poison for state security, relying on anonymous citizen reports and aconite-based poisons. In France, women like the Marquise de Brinvilliers and La Voisin were executed for mass poisonings. These individuals often disguised their poisons as medicine or spiritual remedies, exploiting trust and social status. Through myth, science, and scandal, poisons have left an indelible mark on human history, both as instruments of death and as subjects of fascination and fear.

Ramin Ghasemishayan, Dorsa Jalaei, Faramarz Dobakhti

Abstract Purpose Ophthalmic drugs typically last only around 15 minutes due to rapid elimination from tear flow, with only about 2% absorption, while the rest may enter the nasal mucosa, potentially causing systemic side effects. Diatoms, with properties like unique structure, abundance, low cost, heat resistance, non-toxicity, and easy access, present a promising solution for sustained drug delivery. This study aimed to prepare and evaluate an ocular suspension of diclofenac sodium loaded onto modified diatoms. Methods Diatoms were modified with aluminum sulfate solution, followed by loading of diclofenac sodium. Characteristics of diatoms before and after modification—particle size, surface charge, and drug loading—were analyzed using electron microscopy, FTIR (Fourier Transform Infrared Spectroscopy), XRD (X-ray Diffraction), and elemental mapping. BET (Brunauer–Emmett–Teller (Surface Area Analysis) testing provided adsorption data, while DSC (Differential Scanning Calorimetry) assessed thermal properties. An in vitro release study using a dialysis bag in artificial tear fluid examined drug release over 8 hours. Drug content was determined by spectrophotometry, and cytotoxicity on MDA-MB-231 and HEP-G2 cell lines was evaluated at different diatom concentrations. Results SEM (Scanning Electron Microscopy) imaging showed no topographic changes post-modification. BET and XRD analyses confirmed drug loading and structural stability, while FTIR indicated involvement of carboxylate groups. TGA and DSC showed stable thermal properties. Elemental mapping confirmed increased surface elements and high drug loading. Modified diatoms showed sustained drug release and no significant cytotoxicity differences. Conclusion Modified diatoms demonstrated higher drug loading and sustained release, indicating their potential for safe and effective ocular drug delivery. Further studies are recommended to confirm these findings.

Yanguang Ren, Feng Guo, Lin Wang

Diquat (DQ) is a nonselective bipyridine herbicide with a structure resembling paraquat (PQ). In recent years, the utilization of DQ as a substitute for PQ has grown, leading to an increase in DQ poisoning cases. While the toxicity mechanism of DQ remains unclear, it is primarily attributed to the intracellular generation of reactive oxygen species (ROS) and reactive nitrogen species (RNS) through the process of reduction oxidation. This results in oxidative stress, leading to a cascade of clinical symptoms. Notably, recent reports on DQ poisoning have highlighted a concerning trend: an upsurge in cases involving neurological damage caused by DQ poisoning. These patients often present with severe illness and a high mortality rate, with no effective treatment available thus far. Imaging findings from these cases have shown that neurological damage tends to concentrate on the brainstem. However, the specific mechanisms behind this poisoning remain unclear, and no specific antidote exists. This review summarizes the research progress on DQ poisoning and explores potential mechanisms. By shedding light on the nerve damage associated with DQ poisoning, we hope to raise awareness, propose new avenues for investigating the mechanisms of DQ poisoning, and lay the groundwork for the development of treatment strategies for DQ poisoning. Trial registration number: 2024PS174K.

A. Jangjou, M. Moqadas, Leila Mohsenian et al.

Intoxication with methanol most commonly occurs as a consequence of ingesting, inhaling, or coming into contact with formulations that include methanol as a base. Clinical manifestations of methanol poisoning include suppression of the central nervous system, gastrointestinal symptoms, and decompensated metabolic acidosis, which is associated with impaired vision and either early or late blindness within 0.5-4 h after ingestion. After ingestion, methanol concentrations in the blood that are greater than 50 mg/dl should raise some concern. Ingested methanol is typically digested by alcohol dehydrogenase (ADH), and it is subsequently redistributed to the body's water to attain a volume distribution that is about equivalent to 0.77 L/kg. Moreover, it is removed from the body as its natural, unchanged parent molecules. Due to the fact that methanol poisoning is relatively uncommon but frequently involves a large number of victims at the same time, this type of incident occupies a special position in the field of clinical toxicology. The beginning of the COVID-19 pandemic has resulted in an increase in erroneous assumptions regarding the preventative capability of methanol in comparison to viral infection. More than 1000 Iranians fell ill, and more than 300 of them passed away in March of this year after they consumed methanol in the expectation that it would protect them from a new coronavirus. The Atlanta epidemic, which involved 323 individuals and resulted in the deaths of 41, is one example of mass poisoning. Another example is the Kristiansand outbreak, which involved 70 people and resulted in the deaths of three. In 2003, the AAPCC received reports of more than one thousand pediatric exposures. Since methanol poisoning is associated with high mortality rates, it is vital that the condition be addressed seriously and managed as quickly as feasible. The objective of this review was to raise awareness about the mechanism and metabolism of methanol toxicity, the introduction of therapeutic interventions such as gastrointestinal decontamination and methanol metabolism inhibition, the correction of metabolic disturbances, and the establishment of novel diagnostic/screening nanoparticle-based strategies for methanol poisoning such as the discovery of ADH inhibitors as well as the detection of the adulteration of alcoholic drinks by nanoparticles in order to prevent methanol poisoning. In conclusion, increasing warnings and knowledge about clinical manifestations, medical interventions, and novel strategies for methanol poisoning probably results in a decrease in the death load.

Gelei Deng, Yi Liu, Kailong Wang et al.

Large Language Models~(LLMs) have gained immense popularity and are being increasingly applied in various domains. Consequently, ensuring the security of these models is of paramount importance. Jailbreak attacks, which manipulate LLMs to generate malicious content, are recognized as a significant vulnerability. While existing research has predominantly focused on direct jailbreak attacks on LLMs, there has been limited exploration of indirect methods. The integration of various plugins into LLMs, notably Retrieval Augmented Generation~(RAG), which enables LLMs to incorporate external knowledge bases into their response generation such as GPTs, introduces new avenues for indirect jailbreak attacks. To fill this gap, we investigate indirect jailbreak attacks on LLMs, particularly GPTs, introducing a novel attack vector named Retrieval Augmented Generation Poisoning. This method, Pandora, exploits the synergy between LLMs and RAG through prompt manipulation to generate unexpected responses. Pandora uses maliciously crafted content to influence the RAG process, effectively initiating jailbreak attacks. Our preliminary tests show that Pandora successfully conducts jailbreak attacks in four different scenarios, achieving higher success rates than direct attacks, with 64.3\% for GPT-3.5 and 34.8\% for GPT-4.