Lucene search
K

81 matches found

Packet Storm News
Packet Storm News
added 2025/06/14 12:0 a.m.3 views

Monitoring Decomposition Attacks in LLMs with Lightweight Sequential Monitors

Current LLM safety defenses fail under decomposition attacks, where a malicious goal is decomposed into benign subtasks that circumvent refusals. The challenge lies in the existing shallow safety alignment techniques: they only detect harm in the immediate prompt and do not reason about long-rang...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/10 12:0 a.m.3 views

What Is the Cost of Differential Privacy for Deep Learning-Based Trajectory Generation?

While location trajectories offer valuable insights, they also reveal sensitive personal information. Differential Privacy DP offers formal protection, but achieving a favourable utility-privacy trade-off remains challenging. Recent works explore deep learning-based generative models to produce...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/09 12:0 a.m.3 views

Interpreting Agent Behaviors in Reinforcement-Learning-Based Cyber-Battle Simulation Platforms

We analyze two open source deep reinforcement learning agents submitted to the CAGE Challenge 2 cyber defense challenge, where each competitor submitted an agent to defend a simulated network against each of several provided rules-based attack agents. We demonstrate that one can gain...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/06 12:0 a.m.9 views

WordPress HyperComments 1.2.2 Privilege Escalation

WordPress HyperComments plugin versions 1.2.2 and below suffer from an unauthenticated remote privilege escalation vulnerability...

9.8CVSS9.2AI score0.01718EPSS
Exploits4
Packet Storm News
Packet Storm News
added 2025/06/06 12:0 a.m.4 views

Towards Lifecycle Unlearning Commitment Management: Measuring Sample-Level Unlearning Completeness

Growing concerns over data privacy and security highlight the importance of machine unlearning--removing specific data influences from trained models without full retraining. Techniques like Membership Inference Attacks MIAs are widely used to externally assess successful unlearning. However,...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/03 12:0 a.m.3 views

Attention Knows Whom to Trust: Attention-Based Trust Management for LLM Multi-Agent Systems

Large Language Model-based Multi-Agent Systems LLM-MAS have demonstrated strong capabilities in solving complex tasks but remain vulnerable when agents receive unreliable messages. This vulnerability stems from a fundamental gap: LLM agents treat all incoming messages equally without evaluating...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/28 12:0 a.m.4 views

Does Johnny Get the Message? Evaluating Cybersecurity Notifications for Everyday Users

Due to the increasing presence of networked devices in everyday life, not only cybersecurity specialists but also end users benefit from security applications such as firewalls, vulnerability scanners, and intrusion detection systems. Recent approaches use large language models LLMs to rewrite...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/27 12:0 a.m.3 views

IRCopilot: Automated Incident Response with Large Language Models

Incident response plays a pivotal role in mitigating the impact of cyber attacks. In recent years, the intensity and complexity of global cyber threats have grown significantly, making it increasingly challenging for traditional threat detection and incident response methods to operate effectivel...

6.8AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/05/23 7:19 a.m.1 views

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching bsc1242006. CVE-2024-35840: mptcp: use OPTIONMPTCPMPJSYNACK in subflowfinishconnect...

8.7CVSS8.4AI score0.13944EPSS
Exploits0References494
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.3 views

A Private Approximation of the 2nd-Moment Matrix of Any Subsamplable Input

We study the problem of differentially private second moment estimation and present a new algorithm that achieve strong privacy-utility trade-offs even for worst-case inputs under subsamplability assumptions on the data. We call an input $m,α,β$-subsamplable if a random subsample of size $m$ or...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.3 views

Ensure That the Group Names Are Unique

The user group names in /etc/group must be unique. If user group names in /etc/group are duplicate, only the GID of the first user group in /etc/group is valid. If the administrator runs commands such as useradd or groupadd to add users or user groups, duplicate user group names typically do not...

7AI score
Exploits0References4
Packet Storm News
Packet Storm News
added 2025/05/06 12:0 a.m.2 views

AI-Driven Security in Cloud Computing: Enhancing Threat Detection, Automated Response, and Cyber Resilience

Cloud security concerns have been greatly realized in recent years due to the increase of complicated threats in the computing world. Many traditional solutions do not work well in real-time to detect or prevent more complex threats. Artificial intelligence is today regarded as a revolution in...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/23 12:0 a.m.2 views

Give LLMs a Security Course: Securing Retrieval-Augmented Code Generation Via Knowledge Injection

Retrieval-Augmented Code Generation RACG leverages external knowledge to enhance Large Language Models LLMs in code synthesis, improving the functional correctness of the generated code. However, existing RACG systems largely overlook security, leading to substantial risks. Especially, the...

7.2AI score
Exploits0
OSV
OSV
added 2025/02/11 5:57 a.m.3 views

BELL-CVE-2025-1152

Bulletin has no description...

3.7CVSS7AI score0.00564EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/01/16 12:0 a.m.3 views

CISA: Microsoft Expanded Cloud Logs Implementation Playbook

This playbook provides a detailed overview of the newly introduced logging capabilities in Microsoft Purview Audit Standard. These capabilities enable organizations to conduct forensic and compliance investigations by accessing critical events...

6.8AI score
Exploits0
OSV
OSV
added 2024/05/24 11:8 a.m.5 views

OESA-2024-1647 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbfi2csmbusstarttransaction memcpy is called in a loop while 'operation-length' upper bound is not checked and 'dataidx'...

8.4CVSS6AI score0.00828EPSS
Exploits0References77
GithubExploit
GithubExploit
added 2024/03/04 3:37 a.m.78 views

Exploit for Cross-site Scripting in Ritecms

🛡️ CVE-2024-28623 – XSS Vulnerability in RiteCMS v3.0.0 🔍...

6.1CVSS6.7AI score0.01317EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2023/12/07 12:37 p.m.6 views

openssl: Possible DoS translating ASN.1 object identifiers

A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when...

6.5CVSS6.8AI score0.73461EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2023/09/17 11:17 p.m.43 views

Exploit for Incorrect Authorization in Canonical Ubuntu_Linux

PoC exploit for CVE-2023-2640 and CVE-2023-32629, two vulnerabil...

7.8CVSS8.2AI score0.15783EPSS
Exploits14
GithubExploit
GithubExploit
added 2023/08/10 1:15 p.m.13 views

Exploit for Command Injection in Totolink A3700R_Firmware

repo POC: - CVE-2023-46574 - CVE-2023-6612...

9.8CVSS7.3AI score0.65412EPSS
Exploits4
Rows per page
Query Builder