Lucene search
K

685 matches found

Packet Storm News
Packet Storm News
added 2025/04/25 12:0 a.m.3 views

Revisiting Data Auditing in Large Vision-Language Models

With the surge of large language models LLMs, Large Vision-Language Models VLMs--which integrate vision encoders with LLMs for accurate visual grounding--have shown great potential in tasks like generalist agents and robotic control. However, VLMs are typically trained on massive web-scraped...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/23 12:0 a.m.3 views

Case Study: Fine-Tuning Small Language Models for Accurate and Private CWE Detection in Python Code

Large Language Models LLMs have demonstrated significant capabilities in understanding and analyzing code for security vulnerabilities, such as Common Weakness Enumerations CWEs. However, their reliance on cloud infrastructure and substantial computational requirements pose challenges for analyzi...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/23 12:0 a.m.4 views

Automatically Generating Rules of Malicious Software Packages Via Large Language Model

Today's security tools predominantly rely on predefined rules crafted by experts, making them poorly adapted to the emergence of software supply chain attacks. To tackle this limitation, we propose a novel tool, RuleLLM, which leverages large language models LLMs to automate rule generation for O...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/23 12:0 a.m.3 views

Private Federated Learning Using Preference-Optimized Synthetic Data

In practical settings, differentially private Federated learning DP-FL is the dominant method for training models from private, on-device client data. Recent work has suggested that DP-FL may be enhanced or outperformed by methods that use DP synthetic data Wu et al., 2024; Hou et al., 2024. The...

6.8AI score
Exploits0
OSV
OSV
added 2025/04/22 4:56 p.m.6 views

GO-2025-3622 Mattermost doesn't restrict domains LLM can request to contact upstream in github.com/mattermost/mattermost-server

Mattermost doesn't restrict domains LLM can request to contact upstream in github.com/mattermost/mattermost-server...

6.5CVSS6.8AI score0.00226EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/04/22 12:0 a.m.4 views

DoomArena: a Framework for Testing AI Agents against Evolving Security Threats

We present DoomArena, a security evaluation framework for AI agents. DoomArena is designed on three principles: 1 It is a plug-in framework and integrates easily into realistic agentic frameworks like BrowserGym for web agents and $τ$-bench for tool calling agents; 2 It is configurable and allows...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/21 12:0 a.m.3 views

DualBreach: Efficient Dual-Jailbreaking Via Target-Driven Initialization and Multi-Target Optimization

Recent research has focused on exploring the vulnerabilities of Large Language Models LLMs, aiming to elicit harmful and/or sensitive content from LLMs. However, due to the insufficient research on dual-jailbreaking -- attacks targeting both LLMs and Guardrails, the effectiveness of existing...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/19 12:0 a.m.6 views

Do You Really Need Public Data? Surrogate Public Data for Differential Privacy on Tabular Data

Differentially private DP machine learning often relies on the availability of public data for tasks like privacy-utility trade-off estimation, hyperparameter tuning, and pretraining. While public data assumptions may be reasonable in text and image domains, they are less likely to hold for tabul...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/19 12:0 a.m.5 views

A Data-Centric Approach for Safe and Secure Large Language Models against Threatening and Toxic Content

Large Language Models LLM have made remarkable progress, but concerns about potential biases and harmful content persist. To address these apprehensions, we introduce a practical solution for ensuring LLM's safe and ethical use. Our novel approach focuses on a post-generation correction mechanism...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/18 12:0 a.m.109 views

Everything You Wanted to Know about LLM-Based Vulnerability Detection but Were Afraid to Ask

Large Language Models are a promising tool for automated vulnerability detection, thanks to their success in code generation and repair. However, despite widespread adoption, a critical question remains: Are LLMs truly effective at detecting real-world vulnerabilities? Current evaluations, which...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/18 12:0 a.m.2 views

Multi-Stage Retrieval for Operational Technology Cybersecurity Compliance Using Large Language Models: a Railway Casestudy

Operational Technology Cybersecurity OTCS continues to be a dominant challenge for critical infrastructure such as railways. As these systems become increasingly vulnerable to malicious attacks due to digitalization, effective documentation and compliance processes are essential to protect these...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/17 11:26 a.m.15 views

Artificial Intelligence – What's all the fuss?

Talking about AI: Definitions Artificial Intelligence AI — AI refers to the simulation of human intelligence in machines, enabling them to perform tasks that typically require human intelligence, such as decision-making and problem-solving. AI is the broadest concept in this field, encompassing...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/16 12:0 a.m.11 views

On the Feasibility of Using MultiModal LLMs to Execute AR Social Engineering Attacks

Augmented Reality AR and Multimodal Large Language Models LLMs are rapidly evolving, providing unprecedented capabilities for human-computer interaction. However, their integration introduces a new attack surface for social engineering. In this paper, we systematically investigate the feasibility...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/16 12:0 a.m.8 views

InjectLab: a Tactical Framework for Adversarial Threat Modeling against Large Language Models

Large Language Models LLMs are changing the way people interact with technology. Tools like ChatGPT and Claude AI are now common in business, research, and everyday life. But with that growth comes new risks, especially prompt-based attacks that exploit how these models process language. InjectLa...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/16 12:0 a.m.4 views

Provable Secure Steganography Based on Adaptive Dynamic Sampling

The security of private communication is increasingly at risk due to widespread surveillance. Steganography, a technique for embedding secret messages within innocuous carriers, enables covert communication over monitored channels. Provably Secure Steganography PSS is state of the art for making...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/15 12:0 a.m.4 views

Making Acoustic Side-Channel Attacks on Noisy Keyboards Viable with LLM-Assisted Spectrograms' "Typo" Correction

The large integration of microphones into devices increases the opportunities for Acoustic Side-Channel Attacks ASCAs, as these can be used to capture keystrokes' audio signals that might reveal sensitive information. However, the current State-Of-The-Art SOTA models for ASCAs, including...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/15 12:0 a.m.2 views

R-TPT: Improving Adversarial Robustness of Vision-Language Models through Test-Time Prompt Tuning

Vision-language models VLMs, such as CLIP, have gained significant popularity as foundation models, with numerous fine-tuning methods developed to enhance performance on downstream tasks. However, due to their inherent vulnerability and the common practice of selecting from a limited set of...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/14 12:0 a.m.3 views

Can LLMs Handle WebShell Detection? Overcoming Detection Challenges with Behavioral Function-Aware Framework

WebShell attacks, in which malicious scripts are injected into web servers, are a major cybersecurity threat. Traditional machine learning and deep learning methods are hampered by issues such as the need for extensive training data, catastrophic forgetting, and poor generalization. Recently, Lar...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/14 12:0 a.m.4 views

Investigating Cybersecurity Incidents Using Large Language Models in Latest-Generation Wireless Networks

The purpose of research: Detection of cybersecurity incidents and analysis of decision support and assessment of the effectiveness of measures to counter information security threats based on modern generative models. The methods of research: Emulation of signal propagation data in MIMO systems,...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.2 views

Lunary 安全漏洞

lunary is lunary open source a production toolkit for LLM . An access control error vulnerability exists in lunary that stems from improper access control on the /prompts/promptid endpoint, and no detailed vulnerability details are provided at this time...

8.8CVSS6.8AI score0.00671EPSS
Exploits1References2
Rows per page
Query Builder