Lucene search
K

823 matches found

The Hacker News
The Hacker News
added 2026/03/18 11:58 a.m.9 views

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/14 2:42 p.m.143 views

Hybrid-Vulnerability-Analyzer

🛡️ Hybrid AI Vulnerability Analyzer & PoC/Exploit Generator A...

6.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/13 3:12 p.m.134 views

deep-code-security

deep-code-security Multi-language Static Application Security...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/13 12:0 a.m.10 views

Ransomware and Artificial Intelligence: A Comprehensive Systematic Review of Reviews

This study provides a comprehensive synthesis of Artificial Intelligence AI, especially Machine Learning ML and Deep Learning DL, in ransomware defense. Using a "review of reviews" methodology based on PRISMA, this paper gathers insights on how AI is transforming ransomware detection, prevention,...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/12 10:56 p.m.134 views

SentinelX

SentinelX SentinelX — статический анализатор безопасности...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.7 views

FP-Predictor - False Positive Prediction for Static Analysis Reports

Static Application Security Testing SAST tools play a vital role in modern software development by automatically detecting potential vulnerabilities in source code. However, their effectiveness is often limited by a high rate of false positives, which wastes developer's effort and undermines trus...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.18 views

MCP-In-SoS: Risk Assessment Framework for Open-Source MCP Servers

Model Context Protocol MCP servers have rapidly emerged over the past year as a widely adopted way to enable Large Language Model LLM agents to access dynamic, real-world tools. As MCP servers proliferate and become easy to adopt via open-source releases, understanding their security risks become...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/09 12:0 a.m.4 views

SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction

Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/27 12:0 a.m.8 views

Formal Analysis and Supply Chain Security for Agentic AI Skills

The rapid proliferation of agentic AI skill ecosystems -- exemplified by OpenClaw 228,000 GitHub stars and Anthropic Agent Skills 75,600 stars -- has introduced a critical supply chain attack surface. The ClawHavoc campaign January-February 2026 infiltrated over 1,200 malicious skills into the...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/25 12:0 a.m.6 views

APFuzz: Towards Automatic Greybox Protocol Fuzzing

Greybox protocol fuzzing is a random testing approach for stateful protocol implementations, where the input is protocol messages generated from mutations of seeds, and the search in the input space is driven by the feedback on coverage of both code and state. State model and message model are th...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/17 12:0 a.m.7 views

Can Adversarial Code Comments Fool AI Security Reviewers -- Large-Scale Empirical Study of Comment-Based Attacks and Defenses against LLM Code Analysis

AI-assisted code review is widely used to detect vulnerabilities before production release. Prior work shows that adversarial prompt manipulation can degrade large language model LLM performance in code generation. We test whether similar comment-based manipulation misleads LLMs during...

5.7AI score
Exploits0
OSV
OSV
added 2026/02/14 4:15 p.m.6 views

UBUNTU-CVE-2026-23160

In the Linux kernel, the following vulnerability has been resolved: octeonep: Fix memory leak in octepdevicesetup In octepdevicesetup, if octepctrlnetinit fails, the function returns directly without unmapping the mapped resources and freeing the allocated configuration memory. Fix this by jumpin...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References16
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.15 views

SecCodePRM: A Process Reward Model for Code Security

Large Language Models are rapidly becoming core components of modern software development workflows, yet ensuring code security remains challenging. Existing vulnerability detection pipelines either rely on static analyzers or use LLM/GNN-based detectors trained with coarse program-level...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/09 12:0 a.m.6 views

One RNG to Rule Them All: How Randomness Becomes an Attack Vector in Machine Learning

Machine learning relies on randomness as a fundamental component in various steps such as data sampling, data augmentation, weight initialization, and optimization. Most machine learning frameworks use pseudorandom number generators as the source of randomness. However, variations in design choic...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/08 11:37 a.m.146 views

atool

ATOOL - Android Static Analysis & Exploit Scanner v1.0 !Pyth...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/05 12:0 a.m.6 views

Persistent Human Feedback, LLMs, and Static Analyzers for Secure Code Generation and Vulnerability Detection

Existing literature heavily relies on static analysis tools to evaluate LLMs for secure code generation and vulnerability detection. We reviewed 1,080 LLM-generated code samples, built a human-validated ground-truth, and compared the outputs of two widely used static security tools, CodeQL and...

5.5AI score
Exploits0
OSV
OSV
added 2026/02/04 5:16 p.m.5 views

UBUNTU-CVE-2026-23092

In the Linux kernel, the following vulnerability has been resolved: iio: dac: ad3552r-hs: fix out-of-bound write in ad3552rhswritedatasource When simplewritetobuffer succeeds, it returns the number of bytes actually copied to the buffer. The code incorrectly uses 'count' as the index for null...

7.8CVSS5.9AI score0.00186EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/02/03 10:22 a.m.181 views

security-review-skill

Security Review Skill for Claude Code A comprehensive securit...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/03 12:0 a.m.5 views

I Can't Believe It's Not a Valid Exploit

Recently Large Language Models LLMs have been used in security vulnerability detection tasks including generating proof-of-concept PoC exploits. A PoC exploit is a program used to demonstrate how a vulnerability can be exploited. Several approaches suggest that supporting LLMs with additional...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/03 12:0 a.m.5 views

Mopri - an Analysis Framework for Unveiling Privacy Violations in Mobile Apps

Everyday services of society increasingly rely on mobile applications, resulting in a conflicting situation between the possibility of participation on the one side and user privacy and digital freedom on the other. In order to protect users' rights to informational self-determination, regulatory...

5.3AI score
Exploits0
Rows per page
Query Builder