Lucene search
K

569 matches found

packetstormnews
packetstormnews
added 2026/05/04 12:0 a.m.8 views

FunFuzz: An LLM-Powered Evolutionary Fuzzing Framework

Modern fuzzers increasingly use Large Language Models LLMs to generate structured inputs, but LLM-driven fuzzing is sensitive to prompt initialization and sampling variance, which can reduce exploration efficiency and lead to redundant inputs. We present FunFuzz, a multi-island evolutionary fuzzi...

5.8AI score
Exploits0
packetstormnews
packetstormnews
added 2026/05/04 12:0 a.m.6 views

Stable Agentic Control: Tool-Mediated LLM Architecture for Autonomous Cyber Defense

Agentic systems involved in high-stake decision-making under adversarial pressure need formal guarantees not offered by existing approaches. Motivated by the operational needs of security operations centers SOCs that must configure endpoint detection and response EDR policies under adversarial...

5.8AI score
Exploits0
packetstormnews
packetstormnews
added 2026/05/03 12:0 a.m.8 views

QASecClaw: A Multi-Agent LLM Approach for False Positive Reduction in Static Application Security Testing

Static Application Security Testing tools help developers find security vulnerabilities before release, but they often produce many false positives. This increases manual review effort, reduces developer trust, and may cause real vulnerabilities to be ignored among noisy reports. We present...

5.8AI score
Exploits0
packetstormnews
packetstormnews
added 2026/05/01 12:0 a.m.8 views

Self-Adaptive Multi-Agent LLM-Based Security Pattern Selection for IoT Systems

The adoption of Internet of Things IoT systems at the network edge of smart architectures is increasing rapidly, intensifying the need for security mechanisms that are both adaptive and resource-efficient. In such environments, runtime defence mechanisms are no longer limited to detection alone b...

5.9AI score
Exploits0
githubexploit
githubexploit
added 2026/04/30 6:47 p.m.91 views

hunter-max-oss

hunter-max A bug-bounty research framework. Two pieces: 1...

5.6AI score
Exploits0
redhatcve
redhatcve
added 2026/04/29 11:3 p.m.10 views

CVE-2026-42208

A flaw was found in LiteLLM. A database query used for proxy API key checks incorrectly incorporated caller-supplied key values directly into the query. This vulnerability allows an unauthenticated attacker to send a specially crafted Authorization header to any Large Language Model LLM API route...

9.8CVSS5.7AI score0.86607EPSS
Exploits7References5
packetstormnews
packetstormnews
added 2026/04/28 12:0 a.m.13 views

Large Language Models As Explainable Cyberattack Detectors for Energy Industrial Control Systems

In modern energy systems, industrial control systems ICS and power-system SCADA require intrusion detection that is not only accurate but also auditable by operators. The ICS intrusion-detection landscape is currently dominated by established supervised detectors. In this paper, we study whether ...

5.3AI score
Exploits0
packetstormnews
packetstormnews
added 2026/04/28 12:0 a.m.7 views

MARD: A Multi-Agent Framework for Robust Android Malware Detection

With the rapid evolution of Android applications, traditional machine learning-based detection models suffer from concept drift. Additionally, they are constrained by shallow features, lacking deep semantic understanding and interpretability of decisions. Although Large Language Models LLMs...

5.7AI score
Exploits0
vulnrichment
vulnrichment
added 2026/04/27 4:45 p.m.5 views

CVE-2026-7141 vllm KV Block kv_cache_interface.py has_mamba_layers uninitialized resource

A vulnerability was found in vllm up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...

6.3CVSS4.8AI score0.00288EPSS
Exploits0References7
packetstormnews
packetstormnews
added 2026/04/27 12:0 a.m.8 views

System-Aware Contextual Digital Twin for ICS Anomaly Diagnosis

Industrial Control Systems ICS integrate computing, physical processes, and communication to operate critical infrastructures such as power grids, water treatment plants, and oil and gas facilities. As ICS become increasingly targeted by cyberattacks, timely and reliable anomaly diagnosis is...

5.2AI score
Exploits0
ptsecurity
ptsecurity
added 2026/04/27 12:0 a.m.12 views

PT-2026-35512

A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performing a manipulation of the argument req.query.base url results in server-side request forgery. Remot...

7.5CVSS7.1AI score0.00278EPSS
Exploits0References8
packetstormnews
packetstormnews
added 2026/04/27 12:0 a.m.25 views

Dynamic Cyber Ranges

As LLM-driven agents advance in cybersecurity, Jeopardy CTF benchmarks are approaching saturation and cyber ranges, the natural next evaluation frontier, offer diminishing resistance under their current static design. We validate this observation by deploying an LLM-driven Advanced Persistent...

5.3AI score
Exploits0
nvd
nvd
added 2026/04/26 6:16 a.m.12 views

CVE-2026-7021

A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the attack remotely. The...

5.1CVSS0.0018EPSS
Exploits0References4
packetstormnews
packetstormnews
added 2026/04/25 12:0 a.m.19 views

UNSEEN: A Cross-Stack LLM Unlearning Defense against AR-LLM Social Engineering Attacks

Emerging AR-LLM-based Social Engineering attack e.g., SEAR is at the edge of posing great threats to real-world social life. In such AR-LLM-SE attack, the attacker can leverage AR Augmented Reality glass to capture the image and vocal information of the target, using the LLM to identify the targe...

5.4AI score
Exploits0
packetstormnews
packetstormnews
added 2026/04/25 12:0 a.m.46 views

Semantic Denial of Service in LLM-Controlled Robots

Safety-oriented instruction-following is supposed to keep LLM-controlled robots safe. We show it also creates an availability attack surface. By injecting short safety-plausible phrases 1-5 tokens into a robots audio channel, an adversary can trigger the models safety reasoning to halt or disrupt...

5.6AI score
Exploits0
packetstormnews
packetstormnews
added 2026/04/24 12:0 a.m.7 views

Training a General Purpose Automated Red Teaming Model

Automated methods for red teaming LLMs are an important tool to identify LLM vulnerabilities that may not be covered in static benchmarks, allowing for more thorough probing. They can also adapt to each specific LLM to discover weaknesses unique to it. Most current automated red teaming methods a...

5.6AI score
Exploits0
packetstormnews
packetstormnews
added 2026/04/24 12:0 a.m.11 views

Automation-Exploit: A Multi-Agent LLM Framework for Adaptive Offensive Security with Digital Twin-Based Risk-Mitigated Exploitation

The offensive security landscape is highly fragmented: enterprise platforms avoid memory-corruption vulnerabilities due to Denial of Service DoS risks, Automatic Exploit Generation AEG systems suffer from semantic blindness, and Large Language Model LLM agents face safety alignment filters and...

5.5AI score
Exploits0
ptsecurity
ptsecurity
added 2026/04/23 12:0 a.m.18 views

PT-2026-34780

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description An agentic consent bypass allows LLM agents to silently disable execution approval. Remote attackers can exploit this by using the config.patch parameter to bypass security controls and execute...

8.8CVSS5.6AI score0.00473EPSS
Exploits0References7
osv
osv
added 2026/04/22 10:6 p.m.7 views

GHSA-J5W5-568X-RQ53 Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution

Summary A command injection vulnerability in the extractLLM function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to execSync without proper sanitization, enabling remote code execution when the...

9.8CVSS6.8AI score0.01305EPSS
Exploits0References4
packetstormnews
packetstormnews
added 2026/04/22 12:0 a.m.21 views

Text Steganography with Dynamic Codebook and Multimodal Large Language Model

With the popularity of the large language models LLMs, text steganography has achieved remarkable performance. However, existing methods still have some issues: 1 For the white-box paradigm, this steganography behavior is prone to exposure due to sharing the off-the-shelf language model between...

5.8AI score
Exploits0
Rows per page
Query Builder