Lucene search
K

71 matches found

Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.7 views

Keeping an Eye on LLM Unlearning: the Hidden Risk and Remedy

Although Large Language Models LLMs have demonstrated impressive capabilities across a wide range of tasks, growing concerns have emerged over the misuse of sensitive, copyrighted, or harmful data during training. To address these concerns, unlearning techniques have been developed to remove the...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:20 a.m.11 views

CVE-2023-38831

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file such as an ordinary .JPG file and also a folder that has the same name as the benign file, and the...

7.8CVSS8AI score0.97798EPSS
Exploits49References1
Packet Storm News
Packet Storm News
added 2025/05/22 12:0 a.m.25 views

CTRAP: Embedding Collapse Trap to Safeguard Large Language Models from Harmful Fine-Tuning

Fine-tuning-as-a-service, while commercially successful for Large Language Model LLM providers, exposes models to harmful fine-tuning attacks. As a widely explored defense paradigm against such attacks, unlearning attempts to remove malicious knowledge from LLMs, thereby essentially preventing th...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/21 12:0 a.m.6 views

Silent Leaks: Implicit Knowledge Extraction Attack on RAG Systems through Benign Queries

Retrieval-Augmented Generation RAG systems enhance large language models LLMs by incorporating external knowledge bases, but they are vulnerable to privacy risks from data extraction attacks. Existing extraction methods typically rely on malicious inputs such as prompt injection or jailbreaking,...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/14 12:0 a.m.5 views

Automated Alert Classification and Triage (AACT): an Intelligent System for the Prioritisation of Cybersecurity Alerts

Enterprise networks are growing ever larger with a rapidly expanding attack surface, increasing the volume of security alerts generated from security controls. Security Operations Centre SOC analysts triage these alerts to identify malicious activity, but they struggle with alert fatigue due to t...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/28 12:0 a.m.5 views

Phishing URL Detection Using Bi-LSTM

Phishing attacks threaten online users, often leading to data breaches, financial losses, and identity theft. Traditional phishing detection systems struggle with high false positive rates and are usually limited by the types of attacks they can identify. This paper proposes a deep learning-based...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/21 12:0 a.m.6 views

Zero Day Malware Detection with Alpha: Fast DBI with Transformer Models for Real World Application

The effectiveness of an AI model in accurately classifying novel malware hinges on the quality of the features it is trained on, which in turn depends on the effectiveness of the analysis tool used. Peekaboo, a Dynamic Binary Instrumentation DBI tool, defeats malware evasion techniques to capture...

6.8AI score
Exploits0
OSV
OSV
added 2025/02/13 1:18 p.m.9 views

MAL-2025-191797 Malicious code in multis (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d8dd7fcb7e4ce42262ad3ce89ed580a46e9a2f979c4e2c9db668fb374ae452b8 Infostealer with multiple possibilities, but not auto-activating on installation. There are already multiple attempts to publish it, with different...

7.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.3 views

kernel: bpf: Address KCSAN report on bpf_lru_list

A data race was found in the BPF LRU list implementation. Concurrent access to node-ref without proper memory barriers triggers KCSAN warnings, though the race is benign as the reference value does not need to be precise...

5.7AI score0.00177EPSS
Exploits0References5
hivepro
hivepro
added 2024/02/02 6:2 a.m.20 views

UNC4990 Leverage Hosting Platforms in USB Infection Chain

Summary: UNC4990, a financially motivated threat actor, has been observed targeting organizations in Italy by utilizing weaponized USB drives as an initial infection vector. Additionally, they are employing trusted websites such as Vimeo, GitHub, and Ars Technica to host encoded payloads disguise...

7.1AI score
Exploits0
GithubExploit
GithubExploit
added 2023/12/15 9:19 p.m.429 views

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 A scanning utility and PoC for CVE-2023-50164...

9.8CVSS9.4AI score0.80819EPSS
Exploits15
GithubExploit
GithubExploit
added 2023/09/21 6:8 a.m.424 views

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 WinRAR RARLabs WinRAR before 6.23 allows att...

7.8CVSS7.1AI score0.97798EPSS
Exploits49
OSV
OSV
added 2023/08/02 1:15 p.m.5 views

CVE-2023-26443

Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single...

9.8CVSS5.8AI score0.00683EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2023/07/10 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-38831

RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive...

7.8CVSS7AI score0.97798EPSS
Exploits49References1
Cvelist
Cvelist
added 2022/06/06 6:29 p.m.205 views

CVE-2022-32275

Grafana 8.4.3 allows reading files via for example a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content...

7.7AI score0.08606EPSS
Exploits1References6
OSV
OSV
added 2022/06/06 6:29 p.m.6 views

CVE-2022-32275

Grafana 8.4.3 allows reading files via for example a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content...

7.5CVSS7.5AI score0.08606EPSS
Exploits1References8
GithubExploit
GithubExploit
added 2022/05/31 2:50 p.m.2 views

Exploit for CVE-2022-30190

cve-2022-30190 Aka Follina = benig...

9.3CVSS7.3AI score0.99374EPSS
Exploits62
RedhatCVE
RedhatCVE
added 2022/05/20 10:43 p.m.21 views

CVE-2021-32679

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using DownloadResponse. When a user-supplied filename was passed unsanitized into a DownloadResponse, this could be used to...

8.8CVSS1.9AI score0.0137EPSS
Exploits0References1
Trellix
Trellix
added 2022/03/02 12:0 a.m.14 views

Digging into HermeticWiper

Digging into HermeticWiper By Max Kersten · March 2, 2022 A special thanks to Marc Elias for his help during my analysis. Additionally, I’d like to commend all researchers who have publicly shared their initial findings to help incident response teams; I hope this deep dive contributes to a furth...

1.3AI score
Exploits0
Trellix
Trellix
added 2022/03/02 12:0 a.m.6 views

Digging into HermeticWiper

Digging into HermeticWiper By Max Kersten · March 2, 2022 A special thanks toMarc Elias for his help during my analysis. Additionally, I’d like to commend all researchers who have publicly shared their initial findings to help incident response teams; I hope this deep dive contributes to a furthe...

7AI score
Exploits0
Rows per page
Query Builder