Lucene search
K

34557 matches found

Packet Storm News
Packet Storm News
added 2026/04/08 12:0 a.m.28 views

System Card: Claude Mythos Preview

This System Card describes Claude Mythos Preview, a large language model from Anthropic. Mythos Preview is their most capable frontier model to date, and shows a striking leap in scores on many evaluation benchmarks compared to their previous frontier model, Claude Opus 4.6. This System Card...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/30 6:5 p.m.7 views

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltration channel,...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/26 12:0 a.m.4 views

Unveiling the Resilience of LLM-Enhanced Search Engines against Black-Hat SEO Manipulation

The emergence of Large Language Model-enhanced Search Engines LLMSEs has revolutionized information retrieval by integrating web-scale search capabilities with AI-powered summarization. While these systems demonstrate improved efficiency over traditional search engines, their security implication...

5.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/24 4:49 p.m.12 views

Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Summary The DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file directives e.g. $INCLUDE into the zone file that gets written to disk when th...

8.8CVSS5.9AI score0.00544EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/24 4:49 p.m.2 views

GHSA-X6W6-2XWP-3JH6 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Summary The DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file directives e.g. $INCLUDE into the zone file that gets written to disk when th...

8.8CVSS5.9AI score0.00544EPSS
Exploits1References5
Malwarebytes
Malwarebytes
added 2026/03/18 5:16 p.m.12 views

Researchers found font-rendering trick to hide malicious commands

Researchers have published a proof-of-concept PoC that uses custom fonts to fool many popular Artificial Intelligence AI assistants, including ChatGPT, Claude, Copilot, Gemini, Leo, Grok, Perplexity, Sigma, Dia, Fellou, and Genspark. Imagine a book where the visible text is harmless, but hidden...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/13 1:41 a.m.161 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE Exploitation Arsenal Professional penetration testing too...

10CVSS5.8AI score0.99562EPSS
Exploits402
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.6 views

Keys on Doormats: Exposed API Credentials on the Web

Application programming interfaces APIs have become a central part of the modern IT environment, allowing developers to enrich the functionality of applications and interact with third parties such as cloud and payment providers. This interaction often occurs through authentication mechanisms tha...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.10 views

Highly Autonomous Cyber-Capable Agents: Anticipating Capabilities, Tactics, and Strategic Implications

This report introduces the concept of "Highly Autonomous Cyber-Capable Agents" HACCAs, AI systems capable of autonomously conducting multi-stage cyber campaigns at a level comparable to today's top criminal hacking groups or state-affiliated threat actors, and analyzes the security implications o...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.9 views

PT-2026-24811

The report circulating about "LDN-2026-0301" is false and based on manipulated screenshots. There is no such vulnerability in Ledger's transport layer, and no firmware update like the one described. The real research from the Ledger Donjon relates to CVE-2025-20435 https://t.co/Hx0yDcPxSk, a...

5.8AI score
Exploits0References7
OSV
OSV
added 2026/02/26 7:45 p.m.9 views

GHSA-WPPC-7CQ7-CGFV Weblate: Missing access control for the AddonViewSet API exposes all addon configurations

Impact Users were able to obtain add-on configuration via API. Patches https://github.com/WeblateOrg/weblate/pull/18107 https://github.com/WeblateOrg/weblate/pull/18164 References Weblate thanks @lighthousekeeper1212 for responsible disclosure...

4.3CVSS5.4AI score0.00303EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/02/20 12:0 a.m.8 views

Can AI Lower the Barrier to Cybersecurity? A Human-Centered Mixed-Methods Study of Novice CTF Learning

Capture-the-Flag CTF competitions serve as gateways into offensive cybersecurity, yet they often present steep barriers for novices due to complex toolchains and opaque workflows. Recently, agentic AI frameworks for cybersecurity promise to lower these barriers by automating and coordinating...

6.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/13 2:1 p.m.10 views

Malicious code in responsible-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05c11d73745aba3675053c5e949e3d5cf48ec050f6c5df589f613c094a8a038e The package responsible-ai was found to contain malicious code. Source: ghsa-malware 9b9159173d856834d97152b44c3f78779ff8f3dd4368b5d113920865417044c3...

5.6AI score
Exploits0References1
Snyk
Snyk
added 2026/02/13 2:1 p.m.7 views

Malicious Package

Overview responsible-ai is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2026/02/13 2:1 p.m.6 views

MAL-2026-890 Malicious code in responsible-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 05c11d73745aba3675053c5e949e3d5cf48ec050f6c5df589f613c094a8a038e The package responsible-ai was found to contain malicious code. Source: ghsa-malware 9b9159173d856834d97152b44c3f78779ff8f3dd4368b5d113920865417044c3...

5.6AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/28 2:37 p.m.63 views

thoropass-vuln-research-program

Thoropass Vulnerability Research Program 🔐 Security Researc...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/21 1:43 p.m.60 views

cve-disclosures

Public repository containing security vulnerabilities CVEs...

5.8AI score0.00595EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/01/15 3:9 p.m.9 views

Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot

Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence AI chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls entirely. "Only a single...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2025/12/18 10:58 p.m.9 views

Weblate has an arbitrary file read via symbolic links

Impact It was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Resources Thanks to Jason Marcello for responsible disclosure...

7.7CVSS6.9AI score0.00344EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/12/18 6:49 p.m.5 views

GHSA-8452-54WP-RMV6 Storybook manager bundle may expose environment variables during build

On December 11th, the Storybook team received a responsible disclosure alerting them to a potential vulnerability in certain built and published Storybooks. The vulnerability is a bug in how Storybook handles environment variables defined in a .env file, which could, in specific circumstances, le...

7.3CVSS5.8AI score0.00235EPSS
Exploits0References4
Rows per page
Query Builder