Lucene search
K

429 matches found

CVE
CVE
added 2026/01/21 9:13 p.m.29 views

CVE-2026-22807

Vulnerability CVE-2026-22807 affects vLLM versions prior to 0.14.0, where during model resolution the engine loads Hugging Face auto_map dynamic modules without gating on trust_remote_code. This allows attacker-controlled Python code in a model repo or path to execute at server startup, before an...

9.8CVSS6.5AI score0.00737EPSS
Exploits1References16Affected Software1
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.3 views

HardSecBench: Benchmarking the Security Awareness of LLMs for Hardware Code Generation

Large language models LLMs are being increasingly integrated into practical hardware and firmware development pipelines for code generation. Existing studies have primarily focused on evaluating the functional correctness of LLM-generated code, yet paid limited attention to its security issues...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.5 views

Constructing Multi-Label Hierarchical Classification Models for MITRE ATT&CK Text Tagging

MITRE ATT&CK is a cybersecurity knowledge base that organizes threat actor and cyber-attack information into a set of tactics describing the reasons and goals threat actors have for carrying out attacks, with each tactic having a set of techniques that describe the potential methods used in these...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/15 12:0 a.m.37 views

Multi-Agent Taint Specification Extraction for Vulnerability Detection

Static Application Security Testing SAST tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results compared to traditional pattern-based approaches. However, performing static taint analysis for JavaScript poses two major challenges. First,...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/13 12:0 a.m.7 views

Proactively Detecting Threats: A Novel Approach Using LLMs

Enterprise security faces escalating threats from sophisticated malware, compounded by expanding digital operations. This paper presents the first systematic evaluation of large language models LLMs to proactively identify indicators of compromise IOCs from unstructured web-based threat...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/13 12:0 a.m.9 views

LLMs in Code Vulnerability Analysis: A Proof of Concept

Context: Traditional software security analysis methods struggle to keep pace with the scale and complexity of modern codebases, requiring intelligent automation to detect, assess, and remediate vulnerabilities more efficiently and accurately. Objective: This paper explores the incorporation of...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/09 12:0 a.m.11 views

The Echo Chamber Multi-Turn LLM Jailbreak

The availability of Large Language Models LLMs has led to a new generation of powerful chatbots that can be developed at relatively low cost. As companies deploy these tools, security challenges need to be addressed to prevent financial loss and reputational damage. A key security challenge is...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/07 12:0 a.m.17 views

HoneyTrap: Deceiving Large Language Model Attackers to Honeypot Traps with Resilient Multi-Agent Defense

Jailbreak attacks pose significant threats to large language models LLMs, enabling attackers to bypass safeguards. However, existing reactive defense approaches struggle to keep up with the rapidly evolving multi-turn jailbreaks, where attackers continuously deepen their attacks to exploit...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/07 12:0 a.m.9 views

Jailbreaking LLMs and VLMs: Mechanisms, Evaluation, and Unified Defense

This paper provides a systematic survey of jailbreak attacks and defenses on Large Language Models LLMs and Vision-Language Models VLMs, emphasizing that jailbreak vulnerabilities stem from structural factors such as incomplete training data, linguistic ambiguity, and generative uncertainty. It...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/29 12:0 a.m.10 views

Agentic AI for Autonomous Defense in Software Supply Chain Security: Beyond Provenance to Vulnerability Mitigation

The software supply chain attacks are becoming more and more focused on trusted development and delivery procedures, so the conventional post-build integrity mechanisms cannot be used anymore. The available frameworks like SLSA, SBOM and in toto are majorly used to offer provenance and traceabili...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/28 12:0 a.m.8 views

EquaCode: A Multi-Strategy Jailbreak Approach for Large Language Models Via Equation Solving and Code Completion

Large language models LLMs, such as ChatGPT, have achieved remarkable success across a wide range of fields. However, their trustworthiness remains a significant concern, as they are still susceptible to jailbreak attacks aimed at eliciting inappropriate or harmful responses. However, existing...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/24 12:0 a.m.4 views

AutoBaxBuilder: Bootstrapping Code Security Benchmarking

As LLMs see wide adoption in software engineering, the reliable assessment of the correctness and security of LLM-generated code is crucial. Notably, prior work has demonstrated that security is often overlooked, exposing that LLMs are prone to generating code with security vulnerabilities. These...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/24 12:0 a.m.6 views

The Imitation Game: Using Large Language Models As Chatbots to Combat Chat-Based Cybercrimes

Chat-based cybercrime has emerged as a pervasive threat, with attackers leveraging real-time messaging platforms to conduct scams that rely on trust-building, deception, and psychological manipulation. Traditional defense mechanisms, which operate on static rules or shallow content filters,...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/12/19 12:0 a.m.6 views

PT-2025-52494

Name of the Vulnerable Software and Affected Versions Dive versions prior to 0.11.1 Description Dive is an open-source MCP Host Desktop Application that integrates with function-calling LLMs. A critical Stored Cross-Site Scripting XSS issue exists in the Mermaid diagram rendering component. The...

9.6CVSS6.4AI score0.00478EPSS
Exploits1References10
Packet Storm News
Packet Storm News
added 2025/12/18 12:0 a.m.30 views

A Systematic Study of Code Obfuscation against LLM-Based Vulnerability Detection

As large language models LLMs are increasingly adopted for code vulnerability detection, their reliability and robustness across diverse vulnerability types have become a pressing concern. In traditional adversarial settings, code obfuscation has long been used as a general strategy to bypass...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/18 12:0 a.m.8 views

Jailbreak-Zero: A Path to Pareto Optimal Red Teaming for Large Language Models

This paper introduces Jailbreak-Zero, a novel red teaming methodology that shifts the paradigm of Large Language Model LLM safety evaluation from a constrained example-based approach to a more expansive and effective policy-based framework. By leveraging an attack LLM to generate a high volume of...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/18 12:0 a.m.4 views

Large Language Models As a (Bad) Security Norm in the Context of Regulation and Compliance

The use of Large Language Models LLM by providers of cybersecurity and digital infrastructures of all kinds is an ongoing development. It is suggested and on an experimental basis used to write the code for the systems, and potentially fed with sensitive data or what would otherwise be considered...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.13 views

Security and Detectability Analysis of Unicode Text Watermarking Methods against Large Language Models

Securing digital text is becoming increasingly relevant due to the widespread use of large language models. Individuals' fear of losing control over data when it is being used to train such machine learning models or when distinguishing model-generated output from text written by humans. Digital...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/13 12:0 a.m.5 views

The Role of AI in Modern Penetration Testing

Penetration testing is a cornerstone of cybersecurity, traditionally driven by manual, time-intensive processes. As systems grow in complexity, there is a pressing need for more scalable and efficient testing methodologies. This systematic literature review examines how Artificial Intelligence AI...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.4 views

Persistent Backdoor Attacks under Continual Fine-Tuning of LLMs

Backdoor attacks embed malicious behaviors into Large Language Models LLMs, enabling adversaries to trigger harmful outputs or bypass safety controls. However, the persistence of the implanted backdoors under user-driven post-deployment continual fine-tuning has been rarely examined. Most prior...

7.2AI score
Exploits0
Rows per page
Query Builder