Lucene search
K

685 matches found

Packet Storm News
Packet Storm News
added 2025/12/16 12:0 a.m.51 views

PentestEval: Benchmarking LLM-Based Penetration Testing with Modular and Stage-Level Design

Penetration testing is essential for assessing and strengthening system security against real-world threats, yet traditional workflows remain highly manual, expertise-intensive, and difficult to scale. Although recent advances in Large Language Models LLMs offer promising opportunities for...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/16 12:0 a.m.3 views

SeBERTis: A Framework for Producing Classifiers of Security-Related Issue Reports

Monitoring issue tracker submissions is a crucial software maintenance activity. A key goal is the prioritization of high risk, security-related bugs. If such bugs can be recognized early, the risk of propagation to dependent products and endangerment of stakeholder benefits can be mitigated. To...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.10 views

Security and Detectability Analysis of Unicode Text Watermarking Methods against Large Language Models

Securing digital text is becoming increasingly relevant due to the widespread use of large language models. Individuals' fear of losing control over data when it is being used to train such machine learning models or when distinguishing model-generated output from text written by humans. Digital...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/13 12:0 a.m.3 views

The Role of AI in Modern Penetration Testing

Penetration testing is a cornerstone of cybersecurity, traditionally driven by manual, time-intensive processes. As systems grow in complexity, there is a pressing need for more scalable and efficient testing methodologies. This systematic literature review examines how Artificial Intelligence AI...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.4 views

Persistent Backdoor Attacks under Continual Fine-Tuning of LLMs

Backdoor attacks embed malicious behaviors into Large Language Models LLMs, enabling adversaries to trigger harmful outputs or bypass safety controls. However, the persistence of the implanted backdoors under user-driven post-deployment continual fine-tuning has been rarely examined. Most prior...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/12/11 5:0 p.m.6 views

Scale AI Securely with Qualys TotalAI’s Streamlined Onboarding, Deeper Risk Detection, and Compliance-Ready Reporting

Executive Summary Enterprises are entering a phase where AI systems function as decision engines that shape customer interactions, operational workflows, and business outcomes. This creates a new class of risk that is behavioral, contextual, and dynamic, driven by how models interpret instruction...

6.8AI score
Exploits0
Akamai Blog
Akamai Blog
added 2025/12/10 1:0 p.m.6 views

Patch Wednesday: Root Cause Analysis with LLMs

...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.12 views

Chasing Shadows: Pitfalls in LLM Security Research

Large language models LLMs are increasingly prevalent in security research. Their unique characteristics, however, introduce challenges that undermine established paradigms of reproducibility, rigor, and evaluation. Prior work has identified common pitfalls in traditional machine learning researc...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.7 views

Defining Cost Function of Steganography with Large Language Models

In this paper, we make the first attempt towards defining cost function of steganography with large language models LLMs, which is totally different from previous works that rely heavily on expert knowledge or require large-scale datasets for cost learning. To achieve this goal, a two-stage...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/09 1:34 p.m.6 views

Prompt injection is a problem that may never be fixed, warns NCSC

Prompt injection is shaping up to be one of the most stubborn problems in AI security, and the UK’s National Cyber Security Centre NCSC has warned that it may never be “fixed” in the way SQL injection was. Two years ago, the NCSC said prompt injection might turn out to be the “SQL injection of th...

8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/08 12:0 a.m.7 views

A Practical Framework for Evaluating Medical AI Security: Reproducible Assessment of Jailbreaking and Privacy Vulnerabilities across Clinical Specialties

Medical Large Language Models LLMs are increasingly deployed for clinical decision support across diverse specialties, yet systematic evaluation of their robustness to adversarial misuse and privacy leakage remains inaccessible to most researchers. Existing security benchmarks require GPU cluster...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/07 12:0 a.m.4 views

Towards Small Language Models for Security Query Generation in SOC Workflows

Analysts in Security Operations Centers routinely query massive telemetry streams using Kusto Query Language KQL. Writing correct KQL requires specialized expertise, and this dependency creates a bottleneck as security teams scale. This paper investigates whether Small Language Models SLMs can...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/07 12:0 a.m.19 views

ThinkTrap: Denial-Of-Service Attacks against Black-Box LLM Services Via Infinite Thinking

Large Language Models LLMs have become foundational components in a wide range of applications, including natural language understanding and generation, embodied intelligence, and scientific discovery. As their computational requirements continue to grow, these models are increasingly deployed as...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/04 12:0 a.m.4 views

Beyond Detection: A Comprehensive Benchmark and Study on Representation Learning for Fine-Grained Webshell Family Classification

Malicious WebShells pose a significant and evolving threat by compromising critical digital infrastructures and endangering public services in sectors such as healthcare and finance. While the research community has made significant progress in WebShell detection i.e., distinguishing malicious...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/04 12:0 a.m.2 views

Safe2Harm: Semantic Isomorphism Attacks for Jailbreaking Large Language Models

Large Language Models LLMs have demonstrated exceptional performance across various tasks, but their security vulnerabilities can be exploited by attackers to generate harmful content, causing adverse impacts across various societal domains. Most existing jailbreak methods revolve around Prompt...

6.9AI score
Exploits0
CISA
CISA
added 2025/12/03 12:0 p.m.8 views

CISA, Australia, and Partners Author Joint Guidance on Securely Integrating Artificial Intelligence in Operational Technology

CISA and the Australian Signals Directorate’s Australian Cyber Security Centre, in collaboration with federal and international partners, have released new cybersecurity guidance: Principles for the Secure Integration of Artificial Intelligence in Operational Technology. This guidance aims to hel...

6.8AI score
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/12/02 12:0 a.m.6 views

Learning the Wrong Lessons: Syntactic-Domain Spurious Correlations in Language Models

Whitepaper from researchers at MIT, Northeastern University, and Meta. For an LLM to correctly respond to an instruction it must understand both the semantics and the domain i.e., subject area of a given task-instruction pair. However, syntax can also convey implicit information Recent work shows...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/01 12:0 a.m.2 views

LeechHijack: Covert Computational Resource Exploitation in Intelligent Agent Systems

Large Language Model LLM-based agents have demonstrated remarkable capabilities in reasoning, planning, and tool usage. The recently proposed Model Context Protocol MCP has emerged as a unifying framework for integrating external tools into agent systems, enabling a thriving open ecosystem of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/01 12:0 a.m.4 views

COGNITION: From Evaluation to Defense against Multimodal LLM CAPTCHA Solvers

This paper studies how multimodal large language models MLLMs undermine the security guarantees of visual CAPTCHA. We identify the attack surface where an adversary can cheaply automate CAPTCHA solving using off-the-shelf models. We evaluate 7 leading commercial and open-source MLLMs across 18...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/30 12:0 a.m.30 views

Large Language Models Cannot Reliably Detect Vulnerabilities in JavaScript: The First Systematic Benchmark and Evaluation

Researchers have proposed numerous methods to detect vulnerabilities in JavaScript, especially those assisted by Large Language Models LLMs. However, the actual capability of LLMs in JavaScript vulnerability detection remains questionable, necessitating systematic evaluation and comprehensive...

6.8AI score
Exploits0
Rows per page
Query Builder