Attractive Metadata Attack: Inducing LLM Agents to Invoke Malicious Tools

Large language model LLM agents have demonstrated remarkable capabilities in complex reasoning and decision-making by leveraging external tools. However, this tool-centric paradigm introduces a previously underexplored attack surface: adversaries can manipulate tool metadata -- such as names,...

S-Leak: Leakage-Abuse Attack against Efficient Conjunctive SSE Via S-Term Leakage

Conjunctive Searchable Symmetric Encryption CSSE enables secure conjunctive searches over encrypted data. While leakage-abuse attacks LAAs against single-keyword SSE have been extensively studied, their extension to conjunctive queries faces a critical challenge: the combinatorial explosion of...

Doxing Via the Lens: Revealing Location-Related Privacy Leakage on Multi-Modal Large Reasoning Models

Recent advances in multi-modal large reasoning models MLRMs have shown significant ability to interpret complex visual content. While these models enable impressive reasoning capabilities, they also introduce novel and underexplored privacy risks. In this paper, we identify a novel category of...

A Large Language Model-Supported Threat Modeling Framework for Transportation Cyber-Physical Systems

Modern transportation systems rely on cyber-physical systems CPS, where cyber systems interact seamlessly with physical systems like transportation-related sensors and actuators to enhance safety, mobility, and energy efficiency. However, growing automation and connectivity increase exposure to...

Towards Effective Identification of Attack Techniques in Cyber Threat Intelligence Reports Using Large Language Models

This work evaluates the performance of Cyber Threat Intelligence CTI extraction methods in identifying attack techniques from threat reports available on the web using the MITRE ATT&CK framework. We analyse four configurations utilising state-of-the-art tools, including the Threat Report ATT&CK...

DoomArena: a Framework for Testing AI Agents against Evolving Security Threats

We present DoomArena, a security evaluation framework for AI agents. DoomArena is designed on three principles: 1 It is a plug-in framework and integrates easily into realistic agentic frameworks like BrowserGym for web agents and $τ$-bench for tool calling agents; 2 It is configurable and allows...

Robin Banks Phishing Service for Cybercriminals Returns with Russian Server

A phishing-as-a-service PhaaS platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day...

Linux, Windows and macOS Hit By New “Alchimist” Attack Framework

By Deeba Ahmed Alchimist is a single-file C2 framework discovered on a server hosting an active file listing on the root directory and a set of post-exploitation tools. This is a post from HackRead.com Read the original post: Linux, Windows and macOS Hit By New "Alchimist" Attack Framework...

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

A previously undocumented command-and-control C2 framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payloa...

Manjusaka – Cybercriminal’s new attack framework weapon

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary Manjusaka is a new attack framework that mimics Cobalt Strike and Sliver. The new malware family implants are written in the Rust programming language and are compatible with Windows and Linux. The command and...

Manjusaka: A Chinese sibling of Sliver and Cobalt Strike

By Asheer Malhotra and Vitor Ventura. Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants...

Teatime - An RPC Attack Framework For Blockchain Nodes

Teatime is an RPC attack framework aimed at making it easy to spot misconfigurations in blockchain nodes. It detects a large variety of issues, ranging from information leaks to open accounts, and configuration manipulation. The goal is to enable tools scanning for vulnerable nodes and minimizing...

SocialBox - A Bruteforce Attack Framework (Facebook, Gmail, Instagram, Twitter)

SocialBox is a Bruteforce Attack Framework Facebook, Gmail, Instagram,Twitter, Coded By Belahsan Ouerghi. Installation sudo apt-get install git sudo git clone https://github.com/TunisianEagles/SocialBox.git cd SocialBox chmod +x SocialBox.sh chmod +x install-sb.sh ./install-sb.sh ./SocialBox.sh...

DNS Rebinding Attack Framework: Singularity

Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine’s IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...

A Totally Tubular Treatise on TRITON and TriStation

Introduction In December 2017, FireEye's Mandiant discussed an incident response involving the TRITON framework. The TRITON attack and many of the publicly discussed ICS intrusions involved routine techniques where the threat actors used only what is necessary to succeed in their mission. For bot...

Triton Toolkit SIS Controllers Denial Of Service

TRITON is an attack framework kit built to interact with Triconex SIS controllers. Remote attackers use this framework in order to destroy and shutdown industrial systems...

TRITON Malware Targeting Critical Infrastructure Could Cause Physical Damage

Security researchers have uncovered another nasty piece of malware designed specifically to target industrial control systems ICS with a potential to cause health and life-threatening accidents. Dubbed Triton, also known as Trisis, the ICS malware has been designed to target Triconex Safety...

Exploit for Buffer Underflow in Microsoft

github 军火库 web，安全，渗透，军火库 漏洞及渗透练习平台： WebGoat漏洞练习环境 https://github.com/WebGoat/WebGoat https://github.com/WebGoat/WebGoat-Legacy Damn Vulnerable Web Application漏洞练习平台 https://github.com/RandomStorm/DVWA 数据库注入练习平台 https://github.com/Audi-1/sqli-labs 用node编写的漏洞练习平台，like OWASP Node Goat...

Windows 8 Picture Gesture Authentication Research

Typing on a smartphone or tablet keyboard lends itself to a lot of fat-fingered mistakes. Recent updates to mobile operating systems and desktop OSes such as Windows 8, however, have tried to better leverage the touch screen for things such as authentication. Users, for example, have the option o...

Stars Attack on Iran Was Early Version of Duqu

A few months after the hysteria around Stuxnet had died down, officials in Iran announced in April that some sensitive systems in the government’s networks had been attacked by a new piece of malware, known then as Stars. It now appears that attack was, in fact, the first appearance of an early...