Lucene search
K

685 matches found

Packet Storm News
Packet Storm News
added 2026/03/01 12:0 a.m.4 views

A Systematic Study of LLM-Based Architectures for Automated Patching

Large language models LLMs have shown promise for automated patching, but their effectiveness depends strongly on how they are integrated into patching systems. While prior work explores prompting strategies and individual agent designs, the field lacks a systematic comparison of patching...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/01 12:0 a.m.5 views

VEcho: A Paradigm Shift from Vulnerability Verification to Proactive Discovery with Large Language Models

Static Application Security Testing SAST tools often suffer from high false positive rates, leading to alert fatigue that consumes valuable auditing resources. Recent efforts leveraging Large Language Models LLMs as filters offer limited improvements; however, these methods treat LLMs as passive,...

6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/26 12:7 p.m.9 views

LLMs Generate Predictable Passwords

LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a letter, usually uppercase G, almost always followed by the digit 7. Character choices are highly uneven ­ for example, L , 9, m, 2, $ and...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/26 12:0 a.m.13 views

Reverse CAPTCHA: Evaluating LLM Susceptibility to Invisible Unicode Instruction Injection

We introduce Reverse CAPTCHA, an evaluation framework that tests whether large language models follow invisible Unicode-encoded instructions embedded in otherwise normal-looking text. Unlike traditional CAPTCHAs that distinguish humans from machines, our benchmark exploits a capability gap: model...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/25 12:0 a.m.4 views

APFuzz: Towards Automatic Greybox Protocol Fuzzing

Greybox protocol fuzzing is a random testing approach for stateful protocol implementations, where the input is protocol messages generated from mutations of seeds, and the search in the input space is driven by the feedback on coverage of both code and state. State model and message model are th...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.6 views

Analysis of LLMs against Prompt Injection and Jailbreak Attacks

Large Language Models LLMs are widely deployed in real-world systems. Given their broader applicability, prompt engineering has become an efficient tool for resource-scarce organizations to adopt LLMs for their own purposes. At the same time, LLMs are vulnerable to prompt-based attacks. Thus,...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.10 views

AdapTools: Adaptive Tool-Based Indirect Prompt Injection Attacks on Agentic LLMs

The integration of external data services e.g., Model Context Protocol, MCP has made large language model-based agents increasingly powerful for complex task execution. However, this advancement introduces critical security vulnerabilities, particularly indirect prompt injection IPI attacks...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.23 views

LLM-Enabled Applications Require System-Level Threat Monitoring

LLM-enabled applications are rapidly reshaping the software ecosystem by using large language models as core reasoning components for complex task execution. This paradigm shift, however, introduces fundamentally new reliability challenges and significantly expands the security attack surface, du...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.4 views

An Explainable Memory Forensics Approach for Malware Analysis

Memory forensics is an effective methodology for analyzing living-off-the-land malware, including threats that employ evasion, obfuscation, anti-analysis, and steganographic techniques. By capturing volatile system state, memory analysis enables the recovery of transient artifacts such as decrypt...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/19 12:0 a.m.5 views

TFL: Targeted Bit-Flip Attack on Large Language Model

Large language models LLMs are increasingly deployed in safety and security critical applications, raising concerns about their robustness to model parameter fault injection attacks. Recent studies have shown that bit-flip attacks BFAs, which exploit computer main memory i.e., DRAM vulnerabilitie...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/02/18 7:9 p.m.6 views

Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMs

How Wiz Research automates detection of emerging malicious Azure app and consent phishing campaigns...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/18 12:0 a.m.8 views

Recursive Language Models for Jailbreak Detection: A Procedural Defense for Tool-Augmented Agents

Jailbreak prompts are a practical and evolving threat to large language models LLMs, particularly in agentic systems that execute tools over untrusted content. Many attacks exploit long-context hiding, semantic camouflage, and lightweight obfuscations that can evade single-pass guardrails. We...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/18 12:0 a.m.7 views

Mind the Gap: Evaluating LLMs for High-Level Malicious Package Detection Vs. Fine-Grained Indicator Identification

The prevalence of malicious packages in open-source repositories, such as PyPI, poses a critical threat to the software supply chain. While Large Language Models LLMs have emerged as a promising tool for automated security tasks, their effectiveness in detecting malicious packages and indicators...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/18 12:0 a.m.8 views

Discovering Universal Activation Directions for PII Leakage in Language Models

Modern language models exhibit rich internal structure, yet little is known about how privacy-sensitive behaviors, such as personally identifiable information PII leakage, are represented and modulated within their hidden states. We present UniLeak, a mechanistic-interpretability framework that...

5.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/02/17 12:1 p.m.9 views

Side-Channel Attacks Against LLMs

Here are three papers describing different side-channel attacks against LLMs. "Remote Timing Attacks on Efficient Language Model Inference": Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/17 12:0 a.m.2 views

DARTH-PUM: A Hybrid Processing-Using-Memory Architecture

Analog processing-using-memory PUM; a.k.a. in-memory computing makes use of electrical interactions inside memory arrays to perform bulk matrix-vector multiplication MVM operations. However, many popular matrix-based kernels need to execute non-MVM operations, which analog PUM cannot directly...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/13 5:27 p.m.7 views

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group GTIG described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/12 12:0 a.m.1 views

Automatic Simplification of Common Vulnerabilities and Exposures Descriptions

Understanding cyber security is increasingly important for individuals and organizations. However, a lot of information related to cyber security can be difficult to understand to those not familiar with the topic. In this study, we focus on investigating how large language models LLMs could be...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.4 views

TRACE: Timely Retrieval and Alignment for Cybersecurity Knowledge Graph Construction and Expansion

The rapid evolution of cyber threats has highlighted significant gaps in security knowledge integration. Cybersecurity Knowledge Graphs CKGs relying on structured data inherently exhibit hysteresis, as the timely incorporation of rapidly evolving unstructured data remains limited, potentially...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/11 12:0 a.m.4 views

GoodVibe: Security-By-Vibe for LLM-Based Code Generation

Large language models LLMs are increasingly used for code generation in fast, informal development workflows, often referred to as vibe coding, where speed and convenience are prioritized, and security requirements are rarely made explicit. In this setting, models frequently produce functionally...

5.7AI score
Exploits0
Rows per page
Query Builder