Lucene search
K

685 matches found

Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.2 views

Swiss-Bench 003: Evaluating LLM Reliability and Adversarial Security for Swiss Regulatory Contexts

The deployment of large language models LLMs in Swiss financial and regulatory contexts demands empirical evidence of both production reliability and adversarial security, dimensions not jointly operationalized in existing Swiss-focused evaluation frameworks. This paper introduces Swiss-Bench 003...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.4 views

Stop Fixating on Prompts: Reasoning Hijacking and Constraint Tightening for Red-Teaming LLM Agents

With the widespread application of LLM-based agents across various domains, their complexity has introduced new security threats. Existing red-team methods mostly rely on modifying user prompts, which lack adaptability to new data and may impact the agent's performance. To address the challenge,...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.4 views

Hackers or Hallucinators? A Comprehensive Analysis of LLM-Based Automated Penetration Testing

The rapid advancement of Large Language Models LLMs has created new opportunities for Automated Penetration Testing AutoPT, spawning numerous frameworks aimed at achieving end-to-end autonomous attacks. However, despite the proliferation of related studies, existing research generally lacks...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.3 views

Towards the Development of an LLM-Based Methodology for Automated Security Profiling in Compliance with Ukrainian Cybersecurity Regulations

In recent years, the pace of development of information technology in various areas has increased drastically, forcing cybersecurity specialists to constantly review existing processes in order to prevent unauthorized access to confidential information. Using Ukraine as a primary case study, this...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.3 views

From Incomplete Architecture to Quantified Risk: Multimodal LLM-Driven Security Assessment for Cyber-Physical Systems

Cyber-physical systems often contend with incomplete architectural documentation or outdated information resulting from legacy technologies, knowledge management gaps, and the complexity of integrating diverse subsystems over extended operational lifecycles. This architectural incompleteness...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.4 views

SkillSieve: A Hierarchical Triage Framework for Detecting Malicious AI Agent Skills

OpenClaw's ClawHub marketplace hosts over 13,000 community-contributed agent skills, and between 13% and 26% of them contain security vulnerabilities according to recent audits. Regex scanners miss obfuscated payloads; formal static analyzers cannot read the natural language instructions in...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.4 views

Guiding Symbolic Execution with Static Analysis and LLMs for Vulnerability Discovery

Symbolic execution detects vulnerabilities with precision, but applying it to large codebases requires harnesses that set up symbolic state, model dependencies, and specify assertions. Writing these harnesses has traditionally been a manual process requiring expert knowledge, which significantly...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/04/06 3:40 p.m.8 views

EUVD-2026-19351

vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...

6.5CVSS5.9AI score0.0033EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/04/05 12:0 a.m.4 views

LLM-Enabled Open-Source Systems in the Wild: An Empirical Study of Vulnerabilities in GitHub Security Advisories

Large language models LLMs are increasingly embedded in open-source software OSS ecosystems, creating complex interactions among natural language prompts, probabilistic model outputs, and execution-capable components. However, it remains unclear whether traditional vulnerability disclosure...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/05 12:0 a.m.6 views

CoopGuard: Stateful Cooperative Agents Safeguarding LLMs against Evolving Multi-Round Attacks

As Large Language Models LLMs are increasingly deployed in complex applications, their vulnerability to adversarial attacks raises urgent safety concerns, especially those evolving over multi-round interactions. Existing defenses are largely reactive and struggle to adapt as adversaries refine...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.3 views

Perceptual Gaps: ASCII Art and Overlapping Audio As CAPTCHA

As multimodal large language models LLMs advance, traditional CAPTCHAs have become obsolete at distinguishing humans from bots. To address this shift, this paper aims to investigate the possibility of using tasks for which humans have evolved highly specialised neural processing. We introduce two...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.4 views

Combating Data Laundering in LLM Training

Data rights owners can detect unauthorized data use in large language model LLM training by querying with proprietary samples. Often, superior performance e.g., higher confidence or lower loss on a sample relative to the untrained data implies it was part of the training corpus, as LLMs tend to...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/02 12:0 a.m.2 views

Automated Malware Family Classification Using Weighted Hierarchical Ensembles of Large Language Models

Malware family classification remains a challenging task in automated malware analysis, particularly in real-world settings characterized by obfuscation, packing, and rapidly evolving threats. Existing machine learning and deep learning approaches typically depend on labeled datasets, handcrafted...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29877

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing to mono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy result...

5.9CVSS5.8AI score0.00267EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/03/29 12:0 a.m.4 views

Hidden Ads: Behavior Triggered Semantic Backdoors for Advertisement Injection in Vision Language Models

Vision-Language Models VLMs are increasingly deployed in consumer applications where users seek recommendations about products, dining, and services. We introduce Hidden Ads, a new class of backdoor attacks that exploit this recommendation-seeking behavior to inject unauthorized advertisements...

5.9AI score
Exploits0
CVE
CVE
added 2026/03/26 11:56 p.m.14 views

CVE-2026-27893

CVE-2026-27893 affects vLLM’s inference/serving engine. From version 0.10.1 up to (but not including) 0.18.0, two model implementation files hardcode trust_remote_code=True when loading sub-components, bypassing the user’s --trust-remote-code=False security opt-out. This enables remote code execu...

8.8CVSS6.5AI score0.01364EPSS
Exploits0References15Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/26 12:0 a.m.4 views

Shape and Substance: Dual-Layer Side-Channel Attacks on Local Vision-Language Models

On-device Vision-Language Models VLMs promise data privacy via local execution. However, we show that the architectural shift toward Dynamic High-Resolution preprocessing e.g., AnyRes introduces an inherent algorithmic side-channel. Unlike static models, dynamic preprocessing decomposes images in...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.4 views

Towards Leveraging LLMs to Generate Abstract Penetration Test Cases from Software Architecture

Software architecture models capture early design decisions that strongly influence system quality attributes, including security. However, architecture-level security assessment and feedback are often absent in practice, allowing security weaknesses to propagate into later phases of the software...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.4 views

TreeTeaming: Autonomous Red-Teaming of Vision-Language Models Via Hierarchical Strategy Exploration

The rapid advancement of Vision-Language Models VLMs has brought their safety vulnerabilities into sharp focus. However, existing red teaming methods are fundamentally constrained by an inherent linear exploration paradigm, confining them to optimizing within a predefined strategy set and...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.3 views

Leveraging Large Language Models for Trustworthiness Assessment of Web Applications

The widespread adoption of web applications has made their security a critical concern and has increased the need for systematic ways to assess whether they can be considered trustworthy. However, "trust" assessment remains an open problem as existing techniques primarily focus on detecting known...

5.9AI score
Exploits0
Rows per page
Query Builder