Honeyval: A Comprehensive Evaluation Framework for LLM-Powered HTTP Honeypots

Honeypots are decoy systems mimicking real system components designed to defend against cyber attacks. Recently, LLMs increasingly serve as simulation backbones for honeypots. They enable defenders to construct high-interaction honeypots with low system security risks. However, LLM-powered honeyp...

Detecting Offensive Cyber Agents: A Detection-In-Depth Approach

Artificial Intelligence AI agents can now orchestrate cyberattacks. This development is already increasing the speed and scale of cyber attacks, decreasing attack costs, and improving the operational autonomy of cyber capabilities. To defend against these emerging threats, actors must first devel...

AI-powered honeypots: Turning the tables on malicious AI agents

Generative AI allows defenders to instantly create diverse honeypots, like Linux shells or Internet of Things IoT devices, using simple text prompts. This makes deploying complex, convincing deceptive environments much easier and more scalable than traditional methods. AI-driven attacks often...

Measuring Onion Website Discovery and Tor Users' Interests with Honeypots

Tor enables anonymous web browsing and access to anonymous onion websites. Prior work has focused on crawling and content analysis rather than on what users actually try to access. Our honeypot approach measures engagement across onion-site categories, revealing behavioral interest rather than...

MemPot: Defending against Memory Extraction Attack with Optimized Honeypots

Large Language Model LLM-based agents employ external and internal memory systems to handle complex, goal-oriented tasks, yet this exposes them to severe extraction attacks, and effective defenses remain lacking. In this paper, we propose MemPot, the first theoretically verified defense framework...

PT-2026-5910

GreyNoise сообщает о детектировании скоординированной разведывательной кампании, нацеленной на инфраструктуру Citrix NetScaler, в которой задействовались десятки тысяч резидентных прокси-серверов для выявления панелей авторизации. Активность наблюдалась в период с 28 января по 2 февраля и также...

Enhanced Cyber Threat Intelligence by Network Forensic Analysis for Ransomware As a Service(RaaS) Malwares

In the current era of interconnected cyberspace, there is an adverse effect of ransomware on individuals, startups, and large companies. Cybercriminals hold digital assets till the demand for payment is made. The success of ransomware upsurged with the introduction of Ransomware as a ServiceRaaS...

SimProcess: High Fidelity Simulation of Noisy ICS Physical Processes

Industrial Control Systems ICS manage critical infrastructures like power grids and water treatment plants. Cyberattacks on ICSs can disrupt operations, causing severe economic, environmental, and safety issues. For example, undetected pollution in a water plant can put the lives of thousands at...

Blockchain Meets Adaptive Honeypots: a Trust-Aware Approach to Next-Gen IoT Security

Edge computing-based Next-Generation Wireless Networks NGWN-IoT offer enhanced bandwidth capacity for large-scale service provisioning but remain vulnerable to evolving cyber threats. Existing intrusion detection and prevention methods provide limited security as adversaries continually adapt the...

Watch where you point that cred! Part 1

TL;DR Poorly protected authentication requests from privileged automated tasks e.g. vulnerability scanners, health checks could be intercepted by rogue authentication servers planted in the internal network. Weak authentication methods, overly broad privileges and scopes, as well as poor network...

CVE-2018-15517

creationtimestamp| type| source ---|---|--- 2025-01-12 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-12 2025-03-09 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-03-09 2025-03-09 00:00:00+00:00| exploited| The Shadowserver...

CVE-2024-48455

creationtimestamp| type| source ---|---|--- 2025-01-06 21:43:04+00:00| seen| https://infosec.exchange/users/cve/statuses/113783589029330976 2025-01-06 22:15:32+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf45vs2etg2a 2025-01-07 00:28:31+00:00| seen|...

CVE-2022-40881

creationtimestamp| type| source ---|---|--- 2024-12-21 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-21 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-02-06 00:00:00+00:00| exploited| The Shadowserver...

CVE-2024-31750

creationtimestamp| type| source ---|---|--- 2024-12-15 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-15 2025-02-06 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-06 2025-02-21 00:00:00+00:00| seen| The Shadowserver...

CVE-2020-11991

creationtimestamp| type| source ---|---|--- 2024-12-09 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-09 2024-12-29 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-29 2025-01-26 00:00:00+00:00| seen| The Shadowserv...

CVE-2023-22478

creationtimestamp| type| source ---|---|--- 2024-11-12 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-11-12 2024-11-18 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-11-18 2024-11-19 00:00:00+00:00| exploited| The...

CVE-2018-0127

creationtimestamp| type| source ---|---|--- 2024-10-28 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-10-28 2024-10-29 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-10-29 2024-11-11 00:00:00+00:00| exploited| The Shadowserver...

CVE-2024-29895

creationtimestamp| type| source ---|---|--- 2024-05-14 14:35:15+00:00| published-proof-of-concept| https://t.me/HackingInsights/409 2024-05-14 14:37:41+00:00| published-proof-of-concept| https://t.me/itsecnews/4427 2024-05-14 17:28:38+00:00| published-proof-of-concept| https://t.me/proxybar/2073...

CVE-2024-24328

creationtimestamp| type| source ---|---|--- 2024-01-30 16:22:09+00:00| seen| https://t.me/ctinow/176042 2024-02-01 08:16:33+00:00| seen| https://t.me/ctinow/177365 2024-02-22 08:08:03+00:00| seen| https://t.me/ctinow/190518 2025-02-12 00:00:00+00:00| seen| The Shadowserver...

CVE-2020-12124

creationtimestamp| type| source ---|---|--- 2023-12-20 15:42:28+00:00| seen| https://t.me/arpsyndicate/2042 2025-03-23 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-03-23 2025-04-19 00:00:00+00:00| exploited| The Shadowserver...