Lucene search
K

429 matches found

Packet Storm News
Packet Storm News
added 2026/03/19 12:0 a.m.19 views

Measuring and Exploiting Confirmation Bias in LLM-Assisted Security Code Review

Security code reviews increasingly rely on systems integrating Large Language Models LLMs, ranging from interactive assistants to autonomous agents in CI/CD pipelines. We study whether confirmation bias i.e., the tendency to favor interpretations that align with prior expectations affects LLM-bas...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/17 12:0 a.m.2 views

Security Assessment and Mitigation Strategies for Large Language Models: A Comprehensive Defensive Framework

Large Language Models increasingly power critical infrastructure from healthcare to finance, yet their vulnerability to adversarial manipulation threatens system integrity and user safety. Despite growing deployment, no comprehensive comparative security assessment exists across major LLM...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/16 12:0 a.m.16 views

PISmith: Reinforcement Learning-Based Red Teaming for Prompt Injection Defenses

Prompt injection poses serious security risks to real-world LLM applications, particularly autonomous agents. Although many defenses have been proposed, their robustness against adaptive attacks remains insufficiently evaluated, potentially creating a false sense of security. In this work, we...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.3 views

FalconEYE 2.1.0

FalconEYE represents a paradigm shift in static code analysis. Instead of relying on predefined vulnerability patterns, it leverages large language models to reason about your code the same way a security expert would, understanding context, intent, and subtle security implications that tradition...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.3 views

Why LLMs Fail: A Failure Analysis and Partial Success Measurement for Automated Security Patch Generation

Large Language Models LLMs show promise for Automated Program Repair APR, yet their effectiveness on security vulnerabilities remains poorly characterized. This study analyzes 319 LLM-generated security patchesacross 64 Java vulnerabilities from the Vul4J benchmark. Using tri-axis evaluation...

5.9AI score
Exploits0
CVE
CVE
added 2026/03/09 9:1 p.m.14 views

CVE-2026-25960

Summary of CVE-2026-25960 (vLLM) : The SSRF protection added in 0.15.1 (fix tied to CVE-2026-24779) can be bypassed in vLLM’s load_from_url_async due to inconsistent URL parsing between the validation layer (urllib3.util.parse_url) and the HTTP client (aiohttp with yarl). The vulnerability arises...

9.8CVSS5.8AI score0.00485EPSS
Exploits1References8Affected Software1
The Hacker News
The Hacker News
added 2026/03/06 3:11 p.m.10 views

Transparent Tribe Uses AI to Mass-Produce Malware Implants in Campaign Targeting India

The Pakistan-aligned threat actor known as Transparent Tribe has become the latest hacking group to embrace artificial intelligence AI-powered coding tools to strike targets with various implants. The activity is designed to produce a "high-volume, mediocre mass of implants" that are developed...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/05 12:0 a.m.5 views

SecureRAG-RTL: A Retrieval-Augmented, Multi-Agent, Zero-Shot LLM-Driven Framework for Hardware Vulnerability Detection

Large language models LLMs have shown remarkable capabilities in natural language processing tasks, yet their application in hardware security verification remains limited due to scarcity of publicly available hardware description language HDL datasets. This knowledge gap constrains LLM performan...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/04 12:0 a.m.8 views

CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts

Log data are essential for intrusion detection and forensic investigations. However, manual log analysis is tedious due to high data volumes, heterogeneous event formats, and unstructured messages. Even though many automated methods for log analysis exist, they usually still rely on domain-specif...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/02 12:0 a.m.3 views

Can LLMs Hack Enterprise Networks? -- Replicated Computational Results (RCR) Report

This is the Replicated Computational Results RCR Report for the paper "Can LLMs Hack Enterprise Networks?" The paper empirically investigates the efficacy and effectiveness of different LLMs for penetration-testing enterprise networks, i.e., Microsoft Active Directory Assumed-Breach Simulations...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/02 12:0 a.m.48 views

ZeroDayBench: Evaluating LLM Agents on Unseen Zero-Day Vulnerabilities for Cyberdefense

Large language models LLMs are increasingly being deployed as software engineering agents that autonomously contribute to repositories. A major benefit these agents present is their ability to find and patch security vulnerabilities in the codebases they oversee. To estimate the capability of...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/01 12:0 a.m.5 views

VEcho: A Paradigm Shift from Vulnerability Verification to Proactive Discovery with Large Language Models

Static Application Security Testing SAST tools often suffer from high false positive rates, leading to alert fatigue that consumes valuable auditing resources. Recent efforts leveraging Large Language Models LLMs as filters offer limited improvements; however, these methods treat LLMs as passive,...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/01 12:0 a.m.6 views

A Systematic Study of LLM-Based Architectures for Automated Patching

Large language models LLMs have shown promise for automated patching, but their effectiveness depends strongly on how they are integrated into patching systems. While prior work explores prompting strategies and individual agent designs, the field lacks a systematic comparison of patching...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.12 views

AdapTools: Adaptive Tool-Based Indirect Prompt Injection Attacks on Agentic LLMs

The integration of external data services e.g., Model Context Protocol, MCP has made large language model-based agents increasingly powerful for complex task execution. However, this advancement introduces critical security vulnerabilities, particularly indirect prompt injection IPI attacks...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.6 views

Analysis of LLMs against Prompt Injection and Jailbreak Attacks

Large Language Models LLMs are widely deployed in real-world systems. Given their broader applicability, prompt engineering has become an efficient tool for resource-scarce organizations to adopt LLMs for their own purposes. At the same time, LLMs are vulnerable to prompt-based attacks. Thus,...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/23 12:0 a.m.25 views

LLM-Enabled Applications Require System-Level Threat Monitoring

LLM-enabled applications are rapidly reshaping the software ecosystem by using large language models as core reasoning components for complex task execution. This paradigm shift, however, introduces fundamentally new reliability challenges and significantly expands the security attack surface, du...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/19 12:0 a.m.5 views

TFL: Targeted Bit-Flip Attack on Large Language Model

Large language models LLMs are increasingly deployed in safety and security critical applications, raising concerns about their robustness to model parameter fault injection attacks. Recent studies have shown that bit-flip attacks BFAs, which exploit computer main memory i.e., DRAM vulnerabilitie...

5.9AI score
Exploits0
Wiz blog
Wiz blog
added 2026/02/18 7:9 p.m.6 views

Would You Click ‘Accept’? Automatically detecting malicious Azure OAuth applications using LLMs

How Wiz Research automates detection of emerging malicious Azure app and consent phishing campaigns...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/18 12:0 a.m.10 views

Mind the Gap: Evaluating LLMs for High-Level Malicious Package Detection Vs. Fine-Grained Indicator Identification

The prevalence of malicious packages in open-source repositories, such as PyPI, poses a critical threat to the software supply chain. While Large Language Models LLMs have emerged as a promising tool for automated security tasks, their effectiveness in detecting malicious packages and indicators...

5.7AI score
Exploits0
The Hacker News
The Hacker News
added 2026/02/13 5:27 p.m.10 views

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs

A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group GTIG described the hacking group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have...

6AI score
Exploits0
Rows per page
Query Builder