Lucene search
K

34 matches found

Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.9 views

Backdoor Unlearning Generalization: A Path toward the Removal of Unknown Triggers in LLMs

Backdoor attacks in Large Language Models LLMs are a growing security concern, where models can generate adversary-chosen content. Existing defenses target backdoors one at a time and typically require knowledge of the trigger, leaving the defender at a structural disadvantage when unknown...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.2 views

Game-Theoretic Modeling of Stealthy Intrusion Defense against MDP-Based Attackers

The rapid expansion of Internet use has increased system exposure to cyber threats, with advanced persistent threats APTs being especially challenging due to their stealth, prolonged duration, and multi-stage attacks targeting high-value assets. In this study, we model APT evolution as a strategi...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.4 views

When Skills Lie: Hidden-Comment Injection in LLM Agents

LLM agents often rely on Skills to describe available tools and recommended procedures. We study a hidden-comment prompt injection risk in this documentation layer: when a Markdown Skill is rendered to HTML, HTML comment blocks can become invisible to human reviewers, yet the raw text may still b...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/12/11 5:6 p.m.6 views

AIs Exploiting Smart Contracts

I have long maintained that smart contracts are a dumb idea: that a human process is actually a security feature. Here's some interesting research on training AIs to automatically exploit smart contracts: AI models are increasingly good at cyber tasks, as we've written about before. But what is t...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/25 12:0 a.m.49 views

BrowseSafe: Understanding and Preventing Prompt Injection within AI Browser Agents

The integration of artificial intelligence AI agents into web browsers introduces security challenges that go beyond traditional web application threat models. Prior work has identified prompt injection as a new attack vector for web agents, yet the resulting impact within real-world environments...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.3 views

Backdoor Attacks against Speech Language Models

Large Language Models LLMs and their multimodal extensions are becoming increasingly popular. One common approach to enable multimodality is to cascade domain-specific encoders with an LLM, making the resulting model inherit vulnerabilities from all of its components. In this work, we present the...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.3 views

SUAD: Solid-Channel Ultrasound Injection Attack and Defense to Voice Assistants

As a versatile AI application, voice assistants VAs have become increasingly popular, but are vulnerable to security threats. Attackers have proposed various inaudible attacks, but are limited by cost, distance, or LoS. Therefore, we propose \nameAttack, a long-range, cross-barrier, and...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/29 12:0 a.m.3 views

Strategic Deflection: Defending LLMs from Logit Manipulation

With the growing adoption of Large Language Models LLMs in critical areas, ensuring their security against jailbreaking attacks is paramount. While traditional defenses primarily rely on refusing malicious prompts, recent logit-level attacks have demonstrated the ability to bypass these safeguard...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/23 12:0 a.m.3 views

Automatic Selection of Protections to Mitigate Risks against Software Applications

This paper introduces a novel approach for the automated selection of software protections to mitigate MATE risks against critical assets within software applications. We formalize the key elements involved in protection decision-making - including code artifacts, assets, security requirements,...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/09 12:0 a.m.4 views

GradEscape: a Gradient-Based Evader against AI-Generated Text Detectors

In this paper, we introduce GradEscape, the first gradient-based evader designed to attack AI-generated text AIGT detectors. GradEscape overcomes the undifferentiable computation problem, caused by the discrete nature of text, by introducing a novel approach to construct weighted embeddings for t...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/15 12:0 a.m.5 views

Exploring Backdoor Attack and Defense for LLM-Empowered Recommendations

The fusion of Large Language Models LLMs with recommender systems RecSys has dramatically advanced personalized recommendations and drawn extensive attention. Despite the impressive progress, the safety of LLM-based RecSys against backdoor attacks remains largely under-explored. In this paper, we...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/17 10:52 a.m.5 views

5 Practical Techniques for Effective Cyber Threat Hunting

Addressing cyber threats before they have a chance to strike or inflict serious damage is by far the best security approach any company can embrace. Achieving this takes a lot of research and proactive threat hunting. The problem here is that it is easy to get stuck in endless arrays of data and...

6.9AI score
Exploits0
Trellix
Trellix
added 2024/11/14 12:0 a.m.6 views

Transforming Threat Actor Research into a Strong Defense Strategy

Transforming Threat Actor Research into a Strong Defense Strategy By James Murphy, Ale Houspanossian, Leandro Velasco LV and Ilya Kolmanovich · November 14, 2024 What does it take to transform threat actor research into detection engineering? If we look at threat intelligence at its core, then we...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/25 11:13 a.m.67 views

Network Threats: A Step-by-Step Attack Demonstration

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally...

8AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/04/12 3:29 p.m.28 views

De-risk the Software Supply Chain by Expanding Unparalleled Detection Coverage With Qualys VMDR and Software Composition Analysis

QIDs/CVEs When it comes to cybersecurity, speed is key in getting an edge over attackers. But when you consider that vulnerabilities weaponize 24 days faster than then they are remediated on average, cybersecurity stakeholders have a lot of catching up to do. While there are many ways defenders c...

7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/08/17 12:0 a.m.18 views

5 Types of Cyber Crime Groups

Discover the five main types of cyber crime groups: access as a service, ransomware as a service, bulletproof hosting, crowd sourcing, and phishing as a service as well as tips to strengthen your defense strategy...

7AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/04/18 12:0 a.m.21 views

5 Types of Cyber Crime Groups

Discover the five main types of cyber crime groups: access as a service, ransomware as a service, bulletproof hosting, crowd sourcing, and phishing as a service as well as tips to strengthen your defense strategy...

6.7AI score
Exploits0
ICS
ICS
added 2023/01/12 12:0 a.m.39 views

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Johnson Controls Equipment: Metasys ADS/ADX/OAS Servers Vulnerability: Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could result in exposed credentials in plain text...

7.8CVSS7.9AI score0.00418EPSS
Exploits0References4
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/11/10 12:0 a.m.19 views

4 Types of Cyber Crime Groups

Discover the four main types of cyber crime groups: access as a service, ransomware as a service, bulletproof hosting, and crowd sourcing as well as tips to strengthen your defense strategy...

1.1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/10/11 12:0 a.m.12 views

Enhance Cyber Defense with 2022 Cybersecurity Trends

Jon Clay, VP of Threat Intelligence, reviews cybersecurity trends from the first half of 2022 to help CISOs and security leaders enhance their cyber defense strategy and lower cyber risk...

2.3AI score
Exploits0
Rows per page
Query Builder