Lucene search
K

685 matches found

Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.6 views

Transient Turn Injection: Exposing Stateless Multi-Turn Vulnerabilities in Large Language Models

Large language models LLMs are increasingly integrated into sensitive workflows, raising the stakes for adversarial robustness and safety. This paper introduces Transient Turn InjectionTTI, a new multi-turn attack technique that systematically exploits stateless moderation by distributing...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.6 views

A Sociotechnical, Practitioner-Centered Approach to Technology Adoption in Cybersecurity Operations: An LLM Case

Technology for security operations centers SOCs has a storied history of slow adoption due to concerns about trust and reliability. These concerns are amplified with artificial intelligence, particularly large language models LLMs, which exhibit issues such as hallucinations and inconsistent...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/22 10:13 a.m.88 views

llm-security-lab

LLM Security Lab Laboratoire de sécurité pour application...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.10 views

AVISE: Framework for Evaluating the Security of AI Systems

As artificial intelligence AI systems are increasingly deployed across critical domains, their security vulnerabilities pose growing risks of high-profile exploits and consequential system failures. Yet systematic approaches to evaluating AI security remain underdeveloped. In this paper, we...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.6 views

DP-FlogTinyLLM: Differentially Private Federated Log Anomaly Detection Using Tiny LLMs

Modern distributed systems generate massive volumes of log data that are critical for detecting anomalies and cyber threats. However, in real world settings, these logs are often distributed across multiple organizations and cannot be centralized due to privacy and security constraints. Existing...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.5 views

Evaluating LLM-Generated Obfuscated XSS Payloads for Machine Learning-Based Detection

Cross-site scripting XSS remains a persistent web security vulnerability, especially because obfuscation can change the surface form of a malicious payload while preserving its behavior. These transformations make it difficult for traditional and machine learning-based detection systems to reliab...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.8 views

RAVEN: Retrieval-Augmented Vulnerability Exploration Network for Memory Corruption Analysis in User Code and Binary Programs

Large Language Models LLMs have demonstrated remarkable capabilities across various cybersecurity tasks, including vulnerability classification, detection, and patching. However, their potential in automated vulnerability report documentation and analysis remains underexplored. We present RAVEN...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.18 views

GuardPhish: Securing Open-Source LLMs from Phishing Abuse

The rapid adoption of open-source Large Language Models LLMs in offline and enterprise environments has introduced a largely unexamined security risk like susceptibility to adversarial phishing prompts under static safety configurations. In this work, we systematically investigate this...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/17 12:0 a.m.14 views

Surgical Repair of Insecure Code Generation in LLMs

Large language models write production code, and yet they routinely introduce well-known vulnerabilities. We show that this is not a knowledge deficit: the same models that generate insecure code, correctly identify and explain the vulnerability when asked directly, this is a gap we call the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/16 12:0 a.m.6 views

LLM4C2Rust: Large Language Models for Automated Memory-Safe Code Transpilation

Memory safety has long been a critical challenge in software engineering, particularly for legacy systems written in memory-unsafe languages such as C and C++. Rust, one of the youngest modern programming languages, offers built-in memory-safety guarantees that make it a strong candidate for secu...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.5 views

Challenges and Future Directions in Agentic Reverse Engineering Systems

Agentic systems built on large language models LLMs are increasingly being used for complex security tasks, including binary reverse engineering RE. Despite recent growth in popularity and capability, these systems continue to face limitations in realistic settings. Cutting-edge systems still fai...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from the use of storage-oriented cross-site scripting in the application name or icon...

6.9CVSS5.9AI score0.00216EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.5 views

LogicEval: A Systematic Framework for Evaluating Automated Repair Techniques for Logical Vulnerabilities in Real-World Software

Logical vulnerabilities in software stem from flaws in program logic rather than memory safety, which can lead to critical security failures. Although existing automated program repair techniques primarily focus on repairing memory corruption vulnerabilities, they struggle with logical...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.8 views

LLM-Guided Prompt Evolution for Password Guessing

Passwords still remain a dominant authentication method, yet their security is routinely subverted by predictable user choices and large-scale credential leaks. Automated password guessing is a key tool for stress-testing password policies and modeling attacker behavior. This paper applies...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.4 views

Towards Automated Pentesting with Large Language Models

Large Language Models LLMs are redefining offensive cybersecurity by allowing the generation of harmful machine code with minimal human intervention. While attackers take advantage of dark LLMs such as XXXGPT and WolfGPT to produce malicious code, ethical hackers can follow similar approaches to...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.5 views

DeepGuard Secure Code Generation

Large Language Models LLMs for code generation can replicate insecure patterns from their training data. To mitigate this, a common strategy for security hardening is to fine-tune models using supervision derived from the final transformer layer. However, this design may suffer from a final-layer...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/12 12:0 a.m.6 views

The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution

Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.7 views

MaxKB 代码注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.2.1 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file...

5.1CVSS5.7AI score0.00266EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.3 views

Like a Hammer, It Can Build, It Can Break: Large Language Model Uses, Perceptions, and Adoption in Cybersecurity Operations on Reddit

Large language models LLMs have recently emerged as promising tools for augmenting Security Operations Center SOC workflows, with vendors increasingly marketing autonomous AI solutions for SOCs. However, there remains a limited empirical understanding of how such tools are used, perceived, and...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/04/07 2:49 p.m.6 views

EUVD-2026-19671

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access clo...

7.5CVSS5.9AI score0.004EPSS
Exploits1References1
Rows per page
Query Builder