Lucene search
+L

380 matches found

The Hacker News
The Hacker News
added 2025/07/21 3:0 a.m.14 views

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive. Although the service has since shuttered after browser makers took steps to ban...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/15 10:53 a.m.5 views

AsyncRAT's Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe

Cybersecurity researchers have charted the evolution of a widely used remote access trojan called AsyncRAT , which was first released on GitHub in January 2019 and has since served as the foundation for several other variants. "AsyncRAT has cemented its place as a cornerstone of modern malware an...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/07 12:0 a.m.5 views

Phantom Subgroup Poisoning: Stealth Attacks on Federated Recommender Systems

Federated recommender systems FedRec have emerged as a promising solution for delivering personalized recommendations while safeguarding user privacy. However, recent studies have demonstrated their vulnerability to poisoning attacks. Existing attacks typically target the entire user group, which...

6.7AI score
Exploits0
Trellix
Trellix
added 2025/06/24 12:0 a.m.22 views

OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure

OneClik: A ClickOnce-Based APT Campaign Targeting Energy, Oil and Gas Infrastructure By Nico Paulo Yturriaga and Pham Duy Phuc · June 24, 2025 The Trellix Advanced Research Center has uncovered a sophisticated APT malware campaign that we’ve dubbed OneClik. It specifically targets the energy, oil...

8AI score
Exploits0
HackRead
HackRead
added 2025/06/23 9:27 p.m.10 views

China-linked LapDogs Campaign Drops ShortLeash Backdoor with Fake Certs

ShortLeash backdoor, used in the China-linked LapDogs campaign since 2023, enables stealth access, persistence, and data theft via compromised SOHO routers and fake certs...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/21 12:0 a.m.5 views

LexiMark: Robust Watermarking via Lexical Substitutions to Enhance Membership Verification of an LLM's Textual Training Data

Large language models LLMs can be trained or fine-tuned on data obtained without the owner's consent. Verifying whether a specific LLM was trained on particular data instances or an entire dataset is extremely challenging. Dataset watermarking addresses this by embedding identifiable modification...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/11 7:46 a.m.47 views

Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild

Microsoft has released patches to fix 67 security flaws, including one zero-day bug in Web Distributed Authoring and Versioning WebDAV that it said has come under active exploitation in the wild. Of the 67 vulnerabilities, 11 are rated Critical and 56 are rated Important in severity. This include...

9.8CVSS9AI score0.81558EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2025/06/10 8:8 p.m.51 views

Patch Tuesday - June 2025

Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for one other freshly...

9.8CVSS9.5AI score0.81558EPSS
Exploits36
Packet Storm News
Packet Storm News
added 2025/06/10 12:0 a.m.4 views

One Patch to Rule Them All: Transforming Static Patches into Dynamic Attacks in the Physical World

Numerous methods have been proposed to generate physical adversarial patches PAPs against real-world machine learning systems. However, each existing PAP typically supports only a single, fixed attack goal, and switching to a different objective requires re-generating and re-deploying a new PAP...

6.7AI score
Exploits0
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.6 views

Stormshield Network Security (SNS) Security Vulnerabilities

Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security SNS, which stems from the fact that disabling stealth mode could lead to a denial of service attack...

5.8AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/06/03 12:0 a.m.8 views

TherMod Communication: Low Power or Hot Air?

The Kirchhoff-Law-Johnson-Noise KLJN secure key exchange scheme leverages statistical physics to enable secure communication with zero average power flow in a wired channel. While the original KLJN scheme requires significant power for operation, a recent wireless modification, TherMod, proposed ...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/26 12:0 a.m.5 views

Poison in the Well: Feature Embedding Disruption in Backdoor Attacks

Backdoor attacks embed malicious triggers into training data, enabling attackers to manipulate neural network behavior during inference while maintaining high accuracy on benign inputs. However, existing backdoor attacks face limitations manifesting in excessive reliance on training data, poor...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:42 a.m.12 views

CVE-2024-23758

An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstallermsi.log file...

7.5CVSS6.4AI score0.00468EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 p.m.8 views

CVE-2021-35056

Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. An unintended executable might run...

6.7CVSS7AI score0.00251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:32 p.m.10 views

CVE-2021-3141

In Unisys Stealth core before 6.0.025.0, the Keycloak password is stored in a recoverable format that might be accessible by a local attacker, who could gain access to the Management Server and change the Stealth configuration...

7.8CVSS6.8AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:14 a.m.9 views

CVE-2005-2861

Cross-site scripting XSS vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report...

4.3CVSS6AI score0.01271EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/05/22 12:0 a.m.5 views

When Safety Detectors Aren'T Enough: a Stealthy and Effective Jailbreak Attack on LLMs Via Steganographic Techniques

Jailbreak attacks pose a serious threat to large language models LLMs by bypassing built-in safety mechanisms and leading to harmful outputs. Studying these attacks is crucial for identifying vulnerabilities and improving model security. This paper presents a systematic survey of jailbreak method...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/19 2:38 p.m.37 views

Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access

Several ransomware actors are using a malware called Skitnet as part of their post-exploitation efforts to steal sensitive data and establish remote control over compromised hosts. "Skitnet has been sold on underground forums like RAMP since April 2024," Swiss cybersecurity company PRODAFT told T...

8.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2025/05/15 4:22 p.m.33 views

Fileless Execution: PowerShell Based Shellcode Loader Executes Remcos RAT

Cybercriminals are progressively turning PowerShell to launch stealthy attacks that evade traditional antivirus and endpoint defenses. By running code directly in memory, these threats leave minimal evidence on disk, making them particularly challenging to detect. A recent example is Remcos RAT, ...

7.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/13 12:0 a.m.6 views

Where the Devil Hides: Deepfake Detectors Can No Longer Be Trusted

With the advancement of AI generative techniques, Deepfake faces have become incredibly realistic and nearly indistinguishable to the human eye. To counter this, Deepfake detectors have been developed as reliable tools for assessing face authenticity. These detectors are typically developed on De...

7.2AI score
Exploits0
Rows per page
Query Builder