Lucene search
K

685 matches found

Schneier on Security
Schneier on Security
added 2025/11/28 2:54 p.m.6 views

Prompt Injection Through Poetry

In a new paper, "Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models," researchers found that turning LLM prompts into poetry resulted in jailbreaking the models: Abstract : We present evidence that adversarial poetry functions as a universal single-turn...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/26 12:0 a.m.3 views

Constructing and Benchmarking: A Labeled Email Dataset for Text-Based Phishing and Spam Detection Framework

Phishing and spam emails remain a major cybersecurity threat, with attackers increasingly leveraging Large Language Models LLMs to craft highly deceptive content. This study presents a comprehensive email dataset containing phishing, spam, and legitimate messages, explicitly distinguishing betwee...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/25 6:32 p.m.6 views

EUVD-2025-199609

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

7.8CVSS6.6AI score0.00176EPSS
Exploits0References3
OSV
OSV
added 2025/11/25 6:15 p.m.6 views

CVE-2025-33204

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

7.8CVSS7AI score0.00176EPSS
Exploits0References3
CVE
CVE
added 2025/11/25 6:6 p.m.16 views

CVE-2025-33204

CVE-2025-33204 affects NVIDIA NeMo Framework (all platforms). The vulnerability lies in the NLP/LLM components, where malicious input data can lead to code injection, with potential outcomes including code execution, privilege escalation, information disclosure, and data tampering. According to R...

7.8CVSS6.7AI score0.00176EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/25 6:6 p.m.4 views

CVE-2025-33204

NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data...

7.8CVSS6.7AI score0.00176EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/11/24 12:0 a.m.1 views

Defending Large Language Models against Jailbreak Exploits with Responsible AI Considerations

Large Language Models LLMs remain susceptible to jailbreak exploits that bypass safety filters and induce harmful or unethical behavior. This work presents a systematic taxonomy of existing jailbreak defenses across prompt-level, model-level, and training-time interventions, followed by three...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/24 12:0 a.m.4 views

LLM-CSEC: Empirical Evaluation of Security in C/C++ Code Generated by Large Language Models

The security of code generated by large language models LLMs is a significant concern, as studies indicate that such code often contains vulnerabilities and lacks essential defensive programming constructs. This work focuses on examining and evaluating the security of LLM-generated code,...

7.1AI score
Exploits0
CERT
CERT
added 2025/11/24 12:0 a.m.13 views

Lack of Sufficient Guardrails Lead to Excessive Agency (LLM08) in Some LLM Applications

Overview Retell AI's API creates AI voice agents that have excessive permissions and functionality, as a result of insufficient amounts of guardrails. As a result, attackers can exploit this and conduct large scale social engineering, phishing, and misinformation campaigns. Description Retell AI...

6.4AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/11/24 12:0 a.m.5 views

Cross-LLM Generalization of Behavioral Backdoor Detection in AI Agent Supply Chains

As AI agents become integral to enterprise workflows, their reliance on shared tool libraries and pre-trained components creates significant supply chain vulnerabilities. While previous work has demonstrated behavioral backdoor detection within individual LLM architectures, the critical question ...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/23 12:0 a.m.12 views

From Reviewers' Lens: Understanding Bug Bounty Report Invalid Reasons with LLMs

Bug bounty platforms e.g., HackerOne, BugCrowd leverage crowd-sourced vulnerability discovery to improve continuous coverage, reduce the cost of discovery, and serve as an integral complement to internal red teams. With the rise of AI-generated bug reports, little work exists to help bug hunters...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/23 12:0 a.m.7 views

TASO: Jailbreak LLMs Via Alternative Template and Suffix Optimization

Many recent studies showed that LLMs are vulnerable to jailbreak attacks, where an attacker can perturb the input of an LLM to induce it to generate an output for a harmful question. In general, existing jailbreak techniques either optimize a semantic template intended to induce the LLM to produc...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/22 12:0 a.m.6 views

Think Fast: Real-Time IoT Intrusion Reasoning Using IDS and LLMs at the Edge Gateway

As the number of connected IoT devices continues to grow, securing these systems against cyber threats remains a major challenge, especially in environments with limited computational and energy resources. This paper presents an edge-centric Intrusion Detection System IDS framework that integrate...

6.9AI score
Exploits0
CVE
CVE
added 2025/11/21 1:21 a.m.16 views

CVE-2025-62426

Summary: CVE-2025-62426 affects vLLM up to versions before 0.11.1. The /v1/chat/completions and /tokenize endpoints accept a chat_template_kwargs parameter that is used before validation, allowing an attacker to block the API server by forcing large tokenization tasks and delaying all other reque...

6.5CVSS6.8AI score0.00319EPSS
Exploits0References5Affected Software1
Packet Storm News
Packet Storm News
added 2025/11/21 12:0 a.m.3 views

Steering in the Shadows: Causal Amplification for Activation Space Attacks in Large Language Models

Modern large language models LLMs are typically secured by auditing data, prompts, and refusal policies, while treating the forward pass as an implementation detail. We show that intermediate activations in decoder-only LLMs form a vulnerable attack surface for behavioral control. Building on...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/20 12:0 a.m.3 views

"To Survive, I Must Defect": Jailbreaking LLMs Via the Game-Theory Scenarios

As LLMs become more common, non-expert users can pose risks, prompting extensive research into jailbreak attacks. However, most existing black-box jailbreak attacks rely on hand-crafted heuristics or narrow search spaces, which limit scalability. Compared with prior attacks, we propose Game-Theor...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/20 12:0 a.m.5 views

Password Strength Analysis through Social Network Data Exposure: A Combined Approach Relying on Data Reconstruction and Generative Models

Although passwords remain the primary defense against unauthorized access, users often tend to use passwords that are easy to remember. This behavior significantly increases security risks, also due to the fact that traditional password strength evaluation methods are often inadequate. In this...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/20 12:0 a.m.8 views

Multi-Faceted Attack: Exposing Cross-Model Vulnerabilities in Defense-Equipped Vision-Language Models

The growing misuse of Vision-Language Models VLMs has led providers to deploy multiple safeguards, including alignment tuning, system prompts, and content moderation. However, the real-world robustness of these defenses against adversarial attacks remains underexplored. We introduce Multi-Faceted...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.6 views

PT-2025-47649

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. Users can cause the vLLM engine to crash when serving multimodal models by providing multimodal embedding inputs with a...

8.3CVSS6.5AI score0.00331EPSS
Exploits0References13
Packet Storm News
Packet Storm News
added 2025/11/19 12:0 a.m.10 views

Small Language Models for Phishing Website Detection: Cost, Performance, and Privacy Trade-Offs

Phishing websites pose a major cybersecurity threat, exploiting unsuspecting users and causing significant financial and organisational harm. Traditional machine learning approaches for phishing detection often require extensive feature engineering, continuous retraining, and costly infrastructur...

6.5AI score
Exploits0
Rows per page
Query Builder