Lucene search
K

685 matches found

Packet Storm News
Packet Storm News
added 2025/10/15 12:0 a.m.26 views

Toward Cybersecurity-Expert Small Language Models

Large language models LLMs are transforming everyday applications, yet deployment in cybersecurity lags due to a lack of high-quality, domain-specific models and training datasets. To address this gap, we present CyberPal 2.0, a family of cybersecurity-expert small language models SLMs ranging fr...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/13 12:0 a.m.5 views

CTIArena: Benchmarking LLM Knowledge and Reasoning across Heterogeneous Cyber Threat Intelligence

Cyber threat intelligence CTI is central to modern cybersecurity, providing critical insights for detecting and mitigating evolving threats. With the natural language understanding and reasoning capabilities of large language models LLMs, there is increasing interest in applying them to CTI, whic...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/11 12:0 a.m.4 views

A Systematic Study on Generating Web Vulnerability Proof-Of-Concepts Using Large Language Models

Recent advances in Large Language Models LLMs have brought remarkable progress in code understanding and reasoning, creating new opportunities and raising new concerns for software security. Among many downstream tasks, generating Proof-of-Concept PoC exploits plays a central role in vulnerabilit...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/10 7:50 p.m.4 views

EUVD-2025-33778

Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...

9.6CVSS6.5AI score0.0043EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.4 views

RedTWIZ: Diverse LLM Red Teaming Via Adaptive Attack Planning

This paper presents the vision, scientific contributions, and technical details of RedTWIZ: an adaptive and diverse multi-turn red teaming framework, to audit the robustness of Large Language Models LLMs in AI-assisted software development. Our work is driven by three major research streams: 1...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.15 views

Distilling Lightweight Language Models for C/C++ Vulnerabilities

The increasing complexity of modern software systems exacerbates the prevalence of security vulnerabilities, posing risks of severe breaches and substantial economic loss. Consequently, robust code vulnerability detection is essential for software security. While Large Language Models LLMs have...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.3 views

Leveraging Large Language Models for Cybersecurity Risk Assessment -- a Case from Forestry Cyber-Physical Systems

In safety-critical software systems, cybersecurity activities become essential, with risk assessment being one of the most critical. In many software teams, cybersecurity experts are either entirely absent or represented by only a small number of specialists. As a result, the workload for these...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.4 views

A Survey on Agentic Security: Applications, Threats and Defenses

The rapid shift from passive LLMs to autonomous LLM-agents marks a new paradigm in cybersecurity. While these agents can act as powerful tools for both offensive and defensive operations, the very agentic context introduces a new class of inherent security risks. In this work we present the first...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/06 12:0 a.m.5 views

P2P: A Poison-To-Poison Remedy for Reliable Backdoor Defense in LLMs

During fine-tuning, large language models LLMs are increasingly vulnerable to data-poisoning backdoor attacks, which compromise their reliability and trustworthiness. However, existing defense strategies suffer from limited generalization: they only work on specific attack types or task settings...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/06 12:0 a.m.4 views

Imperceptible Jailbreaking against Large Language Models

Jailbreaking attacks on the vision modality typically rely on imperceptible adversarial perturbations, whereas attacks on the textual modality are generally assumed to require visible modifications e.g., non-semantic suffixes. In this paper, we introduce imperceptible jailbreaks that exploit a...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/05 12:0 a.m.4 views

Selecting Cybersecurity Requirements: Effects of LLM Use and Professional Software Development Experience

This study investigates how access to Large Language Models LLMs and varying levels of professional software development experience affect the prioritization of cybersecurity requirements for web applications. Twenty-three postgraduate students participated in a research study to prioritize...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-16518

Malicious code in bioql PyPI...

6.5CVSS6.2AI score0.00453EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-16189

Malicious code in bioql PyPI...

2.6CVSS6.3AI score0.00249EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/10/02 12:0 a.m.3 views

FalseCrashReducer: Mitigating False Positive Crashes in OSS-Fuzz-Gen Using Agentic AI

Fuzz testing has become a cornerstone technique for identifying software bugs and security vulnerabilities, with broad adoption in both industry and open-source communities. Directly fuzzing a function requires fuzz drivers, which translate random fuzzer inputs into valid arguments for the target...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/02 12:0 a.m.9 views

MALF: A Multi-Agent LLM Framework for Intelligent Fuzzing of Industrial Control Protocols

Industrial control systems ICS are vital to modern infrastructure but increasingly vulnerable to cybersecurity threats, particularly through weaknesses in their communication protocols. This paper presents MALF Multi-Agent LLM Fuzzing Framework, an advanced fuzzing solution that integrates large...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.3 views

Backdoor Attacks against Speech Language Models

Large Language Models LLMs and their multimodal extensions are becoming increasingly popular. One common approach to enable multimodality is to cascade domain-specific encoders with an LLM, making the resulting model inherit vulnerabilities from all of its components. In this work, we present the...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.6 views

Better Privilege Separation for Agents by Restricting Data Types

Large language models LLMs have become increasingly popular due to their ability to interact with unstructured content. As such, LLMs are now a key driver behind the automation of language processing systems, such as AI agents. Unfortunately, these advantages have come with a vulnerability to...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.4 views

CHAI: Command Hijacking against Embodied AI

Embodied Artificial Intelligence AI promises to handle edge cases in robotic vehicle systems where data is scarce by using common-sense reasoning grounded in perception and action to generalize beyond training distributions and adapt to novel real-world situations. These capabilities, however, al...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.5 views

FuncPoison: Poisoning Function Library to Hijack Multi-Agent Autonomous Driving Systems

Autonomous driving systems increasingly rely on multi-agent architectures powered by large language models LLMs, where specialized agents collaborate to perceive, reason, and plan. A key component of these systems is the shared function library, a collection of software tools that agents use to...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/28 12:0 a.m.6 views

Binary Diff Summarization Using Large Language Models

Security of software supply chains is necessary to ensure that software updates do not contain maliciously injected code or introduce vulnerabilities that may compromise the integrity of critical infrastructure. Verifying the integrity of software updates involves binary differential analysis...

7.2AI score
Exploits0
Rows per page
Query Builder