Lucene search
K

887 matches found

Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.7 views

Pen-Strategist: A Reasoning Framework for Penetration Testing Strategy Formation and Analysis

Cyber threats are rapidly increasing, expanding their impact from large-scale enterprises to government services and individual users, making robust security systems increasingly essential. However, a significant shortage of skilled cybersecurity professionals exacerbates this challenge. While...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.27 views

AFL-ICP: Enhancing Industrial Control Protocol Reliability Via Specification-Guided Fuzzing

Industrial Control Protocols ICPs are critical to the reliability and stability of industrial infrastructure, yet their security is fundamentally compromised by a specification-blindness bottleneck. Modern fuzzers, constrained by observation-driven inference, struggle to penetrate deep protocol...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/05 12:0 a.m.9 views

The Infinite Mutation Engine? Measuring Polymorphism in LLM-Generated Offensive Code

Malware authors have traditionally relied on polymorphic techniques to produce variants in the same malware family, complicating signature-based detection. Integrating generative AI into offensive toolchains enables attackers to synthesize structurally diverse payloads with identical behavior,...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/01 12:0 a.m.6 views

CodeQL 2.25.3

Discover vulnerabilities across a codebase with CodeQL, an industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.10 views

WOOTdroid: Whole-System Online On-Device Tracing for Android

System auditing on Android faces two problems. First, existing syscall tracers lose events under load, silently overwriting entries faster than a user space reader can drain them. Second, security-relevant application behavior is mediated through Binder, Android's kernel IPC mechanism, and is...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/28 12:0 a.m.7 views

From CRUD to Autonomous Agents: Formal Validation and Zero-Trust Security for Semantic Gateways in AI-Native Enterprise Systems

Enterprise software engineering is shifting away from deterministic CRUD/REST architectures toward AI-native systems where large language models act as cognitive orchestrators. This transition introduces a critical security tension: probabilistic LLMs weaken classical mechanisms for validation,...

5.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/27 5:20 p.m.9 views

Malicious code in semantic_search_client (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2495e4537e60cafc5bc13f96987b82749fce367078ee036e3e4fb4421b5bdf4c The OpenSSF Package Analysis project identified 'semantic-search-client' @ 99.0.1 crates.io as malicious. It is considered malicious because: -...

5.3AI score
Exploits0
OSV
OSV
added 2026/04/27 5:20 p.m.6 views

MAL-2026-3102 Malicious code in semantic_search_client (crates.io)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2495e4537e60cafc5bc13f96987b82749fce367078ee036e3e4fb4421b5bdf4c The OpenSSF Package Analysis project identified 'semantic-search-client' @ 99.0.1 crates.io as malicious. It is considered malicious because: -...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.6 views

GoAT-X: A Graph of Auditing Thoughts for Securing Token Transactions in Cross-Chain Contracts

Cross-chain bridges, the critical infrastructure of the multi-chain ecosystem, have become a primary target for attackers, resulting in over $2.8 billion in losses due to subtle implementation flaws. Existing defenses, such as bytecode-level static analysis, are ill-equipped to handle the semanti...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.6 views

Vulnerability Identification by Harnessing Inter-Connected Multi-Source Information

The utilization of third-party open-source libraries is widespread in modern software development. Due to the dependency relationships, vulnerabilities within open-source libraries pose significant security threats to downstream software. However, the library vulnerabilities are usually implicitl...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.12 views

AgentVisor: Defending LLM Agents against Prompt Injection Via Semantic Virtualization

Large Language Model LLM agents are increasingly used to automate complex workflows, but integrating untrusted external data with privileged execution exposes them to severe security risks, particularly direct and indirect prompt injection. Existing defenses face significant challenges in balanci...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.5 views

DETOUR: A Practical Backdoor Attack against Object Detection

Object detection OD is critical to real-world vision systems, yet existing backdoor attacks on detection transformers DETRs for OD tasks rely on patch-wise triggers optimized at fixed locations with minimal perturbations. Such attacks overlook that backdoor triggers in the real world may appear a...

5.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.5 views

Structured Security Auditing and Robustness Enhancement for Untrusted Agent Skills

Agent Skills package SKILL.md files, scripts, reference documents, and repository context into reusable capability units, turning pre-load auditing from single-prompt filtering into cross-file security review. Existing guardrails often flag risk but recover malicious intent inconsistently under...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.48 views

Ghost in the Agent: Redefining Information Flow Tracking for LLM Agents

Autonomous Large Language Model LLM agents are increasingly deployed to conduct complex tasks by interacting with external tools, APIs, and memory stores. However, processing untrusted external data exposes these agents to severe security threats, such as indirect prompt injection and unauthorize...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/25 12:0 a.m.9 views

Semantic Denial of Service in LLM-Controlled Robots

Safety-oriented instruction-following is supposed to keep LLM-controlled robots safe. We show it also creates an availability attack surface. By injecting short safety-plausible phrases 1-5 tokens into a robots audio channel, an adversary can trigger the models safety reasoning to halt or disrupt...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.6 views

Mitigate or Fail: How Risk Management Shapes Cybersecurity Competency

Contemporary cybersecurity governance assumes that professionals apply risk reasoning. Yet major organisational failures persist despite investment in tools, staffing, and credentials. This study investigates the structural source of that paradox. Cybersecurity speaks the language of risk, but it...

5.3AI score
Exploits0
EUVD
EUVD
added 2026/04/21 3:32 p.m.5 views

EUVD-2025-209538

Cross-Site Scripting XSS vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploit...

5.1CVSS5.9AI score0.00285EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 3:16 p.m.9 views

CVE-2025-10354

Cross-Site Scripting XSS vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploit...

5.1CVSS0.00285EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 2:42 p.m.7 views

CVE-2025-10354

Cross-Site Scripting XSS vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploit...

5.1CVSS5.9AI score0.00285EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/21 2:42 p.m.29 views

CVE-2025-10354 Reflected Cross-Site Scripting (XSS) in Semantic MediaWiki

Cross-Site Scripting XSS vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the '/index.php/Speciaal:GefacetteerdZoeken' endpoint parameter. This vulnerability can be exploit...

5.1CVSS0.00285EPSS
Exploits0References1
Rows per page
Query Builder