Lucene search
K

3094 matches found

Packet Storm News
Packet Storm News
added 2026/02/09 12:0 a.m.5 views

One RNG to Rule Them All: How Randomness Becomes an Attack Vector in Machine Learning

Machine learning relies on randomness as a fundamental component in various steps such as data sampling, data augmentation, weight initialization, and optimization. Most machine learning frameworks use pseudorandom number generators as the source of randomness. However, variations in design choic...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/09 12:0 a.m.4 views

Empirical Evaluation of SMOTE in Android Malware Detection with Machine Learning: Challenges and Performance in CICMalDroid 2020

Malware, malicious software designed to damage computer systems and perpetrate scams, is proliferating at an alarming rate, with thousands of new threats emerging daily. Android devices, prevalent in smartphones, smartwatches, tablets, and IoTs, represent a vast attack surface, making malware...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/08 12:0 a.m.6 views

Evasion of IoT Malware Detection Via Dummy Code Injection

The Internet of Things IoT has revolutionized connectivity by linking billions of devices worldwide. However, this rapid expansion has also introduced severe security vulnerabilities, making IoT devices attractive targets for malware such as the Mirai botnet. Power side-channel analysis has...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/29 12:0 a.m.10 views

A Systematic Literature Review on LLM Defenses against Prompt Injection and Jailbreaking: Expanding NIST Taxonomy

The rapid advancement and widespread adoption of generative artificial intelligence GenAI and large language models LLMs has been accompanied by the emergence of new security vulnerabilities and challenges, such as jailbreaking and other prompt injection attacks. These maliciously crafted inputs...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/29 12:0 a.m.4 views

Hardware-Triggered Backdoors

Machine learning models are routinely deployed on a wide range of computing hardware. Although such hardware is typically expected to produce identical results, differences in its design can lead to small numerical variations during inference. In this work, we show that these variations can be...

5.9AI score
Exploits0
AlpineLinux
AlpineLinux
added 2026/01/27 4:1 p.m.6 views

CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

5.5CVSS5.8AI score0.00176EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/01/26 12:0 a.m.3 views

Benchmarking Machine Learning Models for IoT Malware Detection under Data Scarcity and Drift

The rapid expansion of the Internet of Things IoT in domains such as smart cities, transportation, and industrial systems has heightened the urgency of addressing their security vulnerabilities. IoT devices often operate under limited computational resources, lack robust physical safeguards, and...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.4 views

Constructing Multi-Label Hierarchical Classification Models for MITRE ATT&CK Text Tagging

MITRE ATT&CK is a cybersecurity knowledge base that organizes threat actor and cyber-attack information into a set of tactics describing the reasons and goals threat actors have for carrying out attacks, with each tactic having a set of techniques that describe the potential methods used in these...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.3 views

Techniques of Modern Attacks

The techniques used in modern attacks have become an important factor for investigation. As we advance further into the digital age, cyber attackers are employing increasingly sophisticated and highly threatening methods. These attacks target not only organizations and governments but also extend...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/17 12:0 a.m.4 views

Hybrid IDS Using Signature-Based and Anomaly-Based Detection

Intrusion detection systems IDS are essential for protecting computer systems and networks against a wide range of cyber threats that continue to evolve over time. IDS are commonly categorized into two main types, each with its own strengths and limitations, such as difficulty in detecting...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2026-22705

RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature...

6.4CVSS7AI score0.00173EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/13 3:10 p.m.5 views

EUVD-2026-1867

RustCrypto: Signatures has timing side-channel in ML-DSA decomposition...

6.4CVSS6.2AI score0.00173EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/10 6:14 a.m.27 views

CVE-2026-22705 RustCrypto: Signatures has timing side-channel in ML-DSA decomposition

RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature...

6.4CVSS0.00173EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/01/10 12:0 a.m.5 views

Behavioral Analytics for Continuous Insider Threat Detection in Zero-Trust Architectures

Insider threats are a particularly tricky cybersecurity issue, especially in zero-trust architectures ZTA where implicit trust is removed. Although the rule of thumb is never trust, always verify, attackers can still use legitimate credentials and impersonate the standard user activity. In...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.9 views

CVE-2021-41200

TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.createfilewriter is called with non-scalar arguments code crashes due to a CHECK-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS6.8AI score0.0023EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.6 views

CVE-2022-23564

Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow...

6.5CVSS6.6AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.5 views

CVE-2022-35991

TensorFlow is an open source platform for machine learning. When TensorListScatter and TensorListScatterV2 receive an elementshape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.6 views

CVE-2022-35992

TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...

7.5CVSS6.7AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:2 a.m.11 views

CVE-2023-25676

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.6 views

CVE-2021-41206

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS6.8AI score0.00174EPSS
Exploits0References1
Rows per page
Query Builder