Lucene search
K

32 matches found

Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.34 views

Quality-Diversity Evolution for Discovering Diverse Vulnerabilities in LLM Safety

Current approaches to LLM adversarial testing suffer from coverage gaps: manual red-teaming does not scale, LLM-as-attacker methods exhibit mode collapse, and gradient-based approaches produce uninterpretable gibberish. We introduce a quality-diversity evolutionary framework that operates at the...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/19 12:0 a.m.9 views

MAL-2026-4072 Malicious code in @antv/narrative-text-editor (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.13 views

Malicious code in @antv/narrative-text-vis (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 12:0 a.m.12 views

Malicious code in @antv/narrative-text-schema (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/19 12:0 a.m.10 views

MAL-2026-4074 Malicious code in @antv/narrative-text-vis (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.5 views

@antv/narrative-text-editor (>=0.1.1 <=0.2.20), antv-site-demo-rc (>=0.1.0-alpha.16 <=0.1.0-alpha.22) potentially affected by unknown CVE via @antv/narrative-text-vis (>=0.1.8 <=0.3.16)

@antv/narrative-text-vis NPM version =0.1.8, =0.1.1, =0.1.0-alpha.16, =0.1.0-alpha.22 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVNARRATIVETEXTVIS-16755009...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.6 views

@antv/lite-insight (>=2.1.0 <=2.1.1), @antv/narrative-text-editor (>=0.1.1 <=0.2.20) +3 more potentially affected by unknown CVE via @antv/narrative-text-schema (>=0.1.5 <=0.3.7)

@antv/narrative-text-schema NPM version =0.1.5, =2.1.0, =0.1.1, =0.1.6, =2.0.0, =0.1.0-alpha.16, =0.1.0-alpha.22 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVNARRATIVETEXTSCHEMA-16755006...

5.5AI score
Exploits0
Snyk
Snyk
added 2026/05/18 9:0 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.5 views

@antv/narrative-text-vis (>=0.1.6 <=0.2.5), antv-site-demo-rc (>=0.1.0-alpha.16 <=0.1.0-alpha.22) potentially affected by unknown CVE via @antv/word-scale-chart (>=0.1.1 <=0.3.4)

@antv/word-scale-chart NPM version =0.1.1, =0.1.6, =0.1.0-alpha.16, =0.1.0-alpha.22 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVWORDSCALECHART-16754866...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.5 views

@antv/narrative-text-editor (>=0.1.1 <=0.2.20), antv-site-demo-rc (>=0.1.0-alpha.16 <=0.1.0-alpha.22) potentially affected by unknown CVE via @antv/narrative-text-vis (>=0.1.8 <=0.3.16)

@antv/narrative-text-vis NPM version =0.1.8, =0.1.1, =0.1.0-alpha.16, =0.1.0-alpha.22 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVNARRATIVETEXTVIS-16754840...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.7 views

@antv/lite-insight (>=2.1.0 <=2.1.1), @antv/narrative-text-editor (>=0.1.1 <=0.2.20) +3 more potentially affected by unknown CVE via @antv/narrative-text-schema (>=0.1.5 <=0.3.7)

@antv/narrative-text-schema NPM version =0.1.5, =2.1.0, =0.1.1, =0.1.6, =2.0.0, =0.1.0-alpha.16, =0.1.0-alpha.22 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVNARRATIVETEXTSCHEMA-16754837...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/04 12:0 a.m.8 views

Evaluating Retrieval-Augmented Generation for Explainable Malware Analysis

Large Language Models LLMs are increasingly being used as security engineering tools to summarize and explain malware behavior to analysts. A common assumption is that Retrieval-Augmented Generation RAG improves explanation quality by injecting external security knowledge. In this work, we...

5.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2026/03/24 10:0 a.m.8 views

‘Get Down! Get Down! They’re Gonna See Us!’: Six Months of Hiding From ICE

A family in Chicago has been terrified to leave their apartment. Agents could be anywhere...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.9 views

Now You Hear Me: Audio Narrative Attacks against Large Audio-Language Models

Large audio-language models increasingly operate on raw speech inputs, enabling more seamless integration across domains such as voice assistants, education, and clinical triage. This transition, however, introduces a distinct class of vulnerabilities that remain largely uncharacterized. We exami...

5.4AI score
Exploits0
OSV
OSV
added 2025/11/11 4:25 a.m.2 views

MAL-2025-91804 Malicious code in vida-kue41-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d5cad985c0f5a15044fe14dbb3ffa136d8bb3051bf76ed31a8cd29cbafd40ac This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.31 views

Jailbreak Mimicry: Automated Discovery of Narrative-Based Jailbreaks for Large Language Models

Large language models LLMs remain vulnerable to sophisticated prompt engineering attacks that exploit contextual framing to bypass safety mechanisms, posing significant risks in cybersecurity applications. We introduce Jailbreak Mimicry, a systematic methodology for training compact attacker mode...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/18 12:0 a.m.5 views

AutoBnB-RAG: Enhancing Multi-Agent Incident Response with Retrieval-Augmented Generation

Incident response IR requires fast, coordinated, and well-informed decision-making to contain and mitigate cyber threats. While large language models LLMs have shown promise as autonomous agents in simulated IR settings, their reasoning is often limited by a lack of access to external knowledge. ...

7AI score
Exploits0
hivepro
hivepro
added 2025/07/03 5:0 p.m.7 views

Threat Exposure as a Narrative: If Attackers Tell a Story, Why Don’t We?

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Security teams are losing the communication battle to cybercriminals who intuitively understand...

9.8CVSS9.6AI score0.99934EPSS
Exploits15
hivepro
hivepro
added 2025/07/03 5:0 p.m.7 views

Threat Exposure as a Narrative: If Attackers Tell a Story, Why Don’t We?

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Security teams are losing the communication battle to cybercriminals who intuitively understand...

9.8CVSS9.6AI score0.99934EPSS
Exploits15
Packet Storm News
Packet Storm News
added 2025/05/23 12:0 a.m.7 views

Chain-Of-Lure: a Synthetic Narrative-Driven Approach to Compromise Large Language Models

In the era of rapid generative AI development, interactions between humans and large language models face significant misusing risks. Previous research has primarily focused on black-box scenarios using human-guided prompts and white-box scenarios leveraging gradient-based LLM generation methods,...

7.3AI score
Exploits0
Rows per page
Query Builder