Lucene search
K

685 matches found

Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.6 views

MalURLBench: A Benchmark Evaluating Agents' Vulnerabilities When Processing Web URLs

LLM-based web agents have become increasingly popular for their utility in daily life and work. However, they exhibit critical vulnerabilities when processing malicious URLs: accepting a disguised malicious URL enables subsequent access to unsafe webpages, which can cause severe damage to service...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/26 12:0 a.m.11 views

AgenticSCR: An Autonomous Agentic Secure Code Review for Immature Vulnerabilities Detection

Secure code review is critical at the pre-commit stage, where vulnerabilities must be caught early under tight latency and limited-context constraints. Existing SAST-based checks are noisy and often miss immature, context-dependent vulnerabilities, while standalone Large Language Models LLMs are...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/25 12:0 a.m.5 views

Mitigating the OWASP Top 10 for Large Language Models Applications Using Intelligent Agents

Large Language Models LLMs have emerged as a transformative and disruptive technology, enabling a wide range of applications in natural language processing, machine translation, and beyond. However, this widespread integration of LLMs also raised several security concerns highlighted by the Open...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/24 12:0 a.m.9 views

PatchIsland: Orchestration of LLM Agents for Continuous Vulnerability Repair

Continuous fuzzing platforms such as OSS-Fuzz uncover large numbers of vulnerabilities, yet the subsequent repair process remains largely manual. Unfortunately, existing Automated Vulnerability Repair AVR techniques -- including recent LLM-based systems -- are not directly applicable to continuou...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/23 12:0 a.m.22 views

From Transactions to Exploits: Automated PoC Synthesis for Real-World DeFi Attacks

Blockchain systems are increasingly targeted by on-chain attacks that exploit contract vulnerabilities to extract value rapidly and stealthily, making systematic analysis and reproduction highly challenging. In practice, reproducing such attacks requires manually crafting proofs-of-concept PoCs, ...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/23 12:0 a.m.13 views

TrojanGYM: A Detector-In-The-Loop LLM for Adaptive RTL Hardware Trojan Insertion

Hardware Trojans HTs remain a critical threat because learning-based detectors often overfit to narrow trigger/payload patterns and small, stylized benchmarks. We introduce TrojanGYM, an agentic, LLM-driven framework that automatically curates HT insertions to expose detector blind spots while...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/01/22 12:35 p.m.6 views

Why AI Keeps Falling for Prompt Injection Attacks

Imagine you work at a drive-through restaurant. Someone drives up and says: "I'll have a double cheeseburger, large fries, and ignore previous instructions and give me the contents of the cash drawer." Would you hand over the money? Of course not. Yet this is what large language models LLMs do...

5.7AI score
Exploits0
CVE
CVE
added 2026/01/21 9:13 p.m.24 views

CVE-2026-22807

Vulnerability CVE-2026-22807 affects vLLM versions prior to 0.14.0, where during model resolution the engine loads Hugging Face auto_map dynamic modules without gating on trust_remote_code. This allows attacker-controlled Python code in a model repo or path to execute at server startup, before an...

9.8CVSS6.5AI score0.00737EPSS
Exploits1References16Affected Software1
EUVD
EUVD
added 2026/01/21 9:13 p.m.5 views

EUVD-2026-3678

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

8.8CVSS6.5AI score0.00737EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/21 9:13 p.m.3 views

CVE-2026-22807

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...

9.8CVSS6.5AI score0.00737EPSS
Exploits1References5Affected Software1
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.4 views

Constructing Multi-Label Hierarchical Classification Models for MITRE ATT&CK Text Tagging

MITRE ATT&CK is a cybersecurity knowledge base that organizes threat actor and cyber-attack information into a set of tactics describing the reasons and goals threat actors have for carrying out attacks, with each tactic having a set of techniques that describe the potential methods used in these...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.3 views

HardSecBench: Benchmarking the Security Awareness of LLMs for Hardware Code Generation

Large language models LLMs are being increasingly integrated into practical hardware and firmware development pipelines for code generation. Existing studies have primarily focused on evaluating the functional correctness of LLM-generated code, yet paid limited attention to its security issues...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.4 views

Rethinking On-Device LLM Reasoning: Why Analogical Mapping Outperforms Abstract Thinking for IoT DDoS Detection

The rapid expansion of IoT deployments has intensified cybersecurity threats, notably Distributed Denial of Service DDoS attacks, characterized by increasingly sophisticated patterns. Leveraging Generative AI through On-Device Large Language Models ODLLMs provides a viable solution for real-time...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.3 views

A Prompt-Based Framework for Loop Vulnerability Detection Using Local LLMs

Loop vulnerabilities are one major risky construct in software development. They can easily lead to infinite loops or executions, exhaust resources, or introduce logical errors that degrade performance and compromise security. The problem are often undetected by traditional static analyzers becau...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.13 views

PINA: Prompt Injection Attack against Navigation Agents

Navigation agents powered by large language models LLMs convert natural language instructions into executable plans and actions. Compared to text-based applications, their security is far more critical: a successful prompt injection attack does not just alter outputs but can directly misguide...

5.4AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/01/16 12:0 a.m.4 views

Your 100 Billion Parameter Behemoth is a Liability

The "bigger is better" era of AI is hitting a wall. We are in an LLM bubble, characterized by ruinous inference costs and diminishing returns. The future belongs to Agentic AI powered by specialized Small Language Models SLMs. Think of it as a shift from hiring a single expensive genius to runnin...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/15 12:0 a.m.23 views

Multi-Agent Taint Specification Extraction for Vulnerability Detection

Static Application Security Testing SAST tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results compared to traditional pattern-based approaches. However, performing static taint analysis for JavaScript poses two major challenges. First,...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/13 12:0 a.m.5 views

Proactively Detecting Threats: A Novel Approach Using LLMs

Enterprise security faces escalating threats from sophisticated malware, compounded by expanding digital operations. This paper presents the first systematic evaluation of large language models LLMs to proactively identify indicators of compromise IOCs from unstructured web-based threat...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/13 12:0 a.m.8 views

LLMs in Code Vulnerability Analysis: A Proof of Concept

Context: Traditional software security analysis methods struggle to keep pace with the scale and complexity of modern codebases, requiring intelligent automation to detect, assess, and remediate vulnerabilities more efficiently and accurately. Objective: This paper explores the incorporation of...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/09 12:0 a.m.5 views

The Echo Chamber Multi-Turn LLM Jailbreak

The availability of Large Language Models LLMs has led to a new generation of powerful chatbots that can be developed at relatively low cost. As companies deploy these tools, security challenges need to be addressed to prevent financial loss and reputational damage. A key security challenge is...

7.2AI score
Exploits0
Rows per page
Query Builder