Lucene search
+L

358 matches found

OSV
OSV
added 2026/07/03 11:50 p.m.7 views

MAL-2026-6751 Malicious code in bytekit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bbaea22b635a4a8425964572b733b806f45714a9090492d1c39d545088fe336 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6.3AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 11:50 p.m.10 views

Malicious code in bytekit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bbaea22b635a4a8425964572b733b806f45714a9090492d1c39d545088fe336 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6.1AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 11:47 p.m.9 views

Malicious code in schemavault (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ae0aa9efa2a8389cfe9d5c41d5ab3689f4965c945a24613493f94f9de033ab1 schemavault 4.1.0 is presented as a schema-validation library but ships capabilities and data that have no relationship to schema validation...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/07/03 11:47 p.m.6 views

MAL-2026-6753 Malicious code in schemavault (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ae0aa9efa2a8389cfe9d5c41d5ab3689f4965c945a24613493f94f9de033ab1 schemavault 4.1.0 is presented as a schema-validation library but ships capabilities and data that have no relationship to schema validation...

6.3AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 11:44 p.m.11 views

Malicious code in confighub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 805d9b5848999d2ba85368446cb12d90bf350b8201a78dd475079c04f180dd81 confighub 7.0.1 declares installrequires='procwire' and imports procwire at package load in init.py under a version gate that silently swallows...

6.1AI score
Exploits0References4
OSV
OSV
added 2026/07/03 11:44 p.m.15 views

MAL-2026-6752 Malicious code in confighub (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 805d9b5848999d2ba85368446cb12d90bf350b8201a78dd475079c04f180dd81 confighub 7.0.1 declares installrequires='procwire' and imports procwire at package load in init.py under a version gate that silently swallows...

6.3AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 11:38 p.m.11 views

Malicious code in procwire (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42f7077b3fb95ad31689f096805811e51afe78e7f21c2123d5dcc25343a11ff2 setup.py auto-executes on pip install only guarded by an internal PWDIST env var check and, on Windows, reconstructs an attacker C2 URL and XOR key a...

6.2AI score
Exploits0References6
OSV
OSV
added 2026/07/03 11:38 p.m.6 views

MAL-2026-6750 Malicious code in procwire (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42f7077b3fb95ad31689f096805811e51afe78e7f21c2123d5dcc25343a11ff2 setup.py auto-executes on pip install only guarded by an internal PWDIST env var check and, on Windows, reconstructs an attacker C2 URL and XOR key a...

6.3AI score
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.13 views

Steganography without Modification: Hidden Communication Via LLM Seeds

We demonstrate that widely deployed Large Language Model LLM inference stacks harbor a steganographic channel that requires no modification to model weights, sampling code, or output distributions. The channel exploits a structural property of deterministic decoding: pseudo-random number generato...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.10 views

Now You (Still) See Me: Detecting Evasive Steganographic Payloads in LLMs

Large language models can be fine-tuned to encode prompt-borne secrets into fluent, seemingly benign outputs. This creates a steganographic exfiltration risk that is difficult to detect with output-level steganalysis. Recent work proposes mechanistic detection using linear probes that recover the...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/06 12:0 a.m.12 views

Hiding in Plain Floats: Steganographic Carriers for Indirect Prompt and Content Injection

Text-centered prompt-injection defenses assume that the malicious signal is visible in one of the inspected text views. We study a reproducible LLM01-style indirect prompt/content-injection failure mode where that assumption breaks: a payload caught in plain English slips past the same detector...

5.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/11 11:4 a.m.17 views

LLMs and Text-in-Text Steganography

Turns out that LLMs are really good at hiding text messages in other text messages...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.18 views

Stego Battlefield: Evaluating Image Steganography Attacks and Steganalysis Defenses

Image steganography is widely used to protect user privacy and enable covert communication. However, it can also be abused by the adversary as a covert channel to bypass content moderation, disseminate harmful semantics, and even hide malicious instructions in images to elicit dangerous outputs...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/22 12:0 a.m.21 views

Text Steganography with Dynamic Codebook and Multimodal Large Language Model

With the popularity of the large language models LLMs, text steganography has achieved remarkable performance. However, existing methods still have some issues: 1 For the white-box paradigm, this steganography behavior is prone to exposure due to sharing the off-the-shelf language model between...

5.8AI score
Exploits0
Trellix
Trellix
added 2026/04/20 12:0 a.m.12 views

PureRAT: A Multi-Stage, Fileless RAT Utilizing Image Steganography and Process Hollowing

PureRAT: A Multi-Stage, Fileless RAT Utilizing Image Steganography and Process Hollowing By Prashanth A N and Mallikarjun Wali · April 20, 2026 PureRAT is an advanced remote access trojan RAT characterized by its complex infection stages. The intrusion sequence is initiated by a malicious .LNK fi...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.5 views

RRC Steganography

This is a proof of concept tool called Rotation Range-Coding RRC Steganography - an efficient and provably secure linguistic steganographic method that embeds secret messages into natural-language text generated by large language models. Included is the whitepaper discussing this tool called...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/08 1:50 p.m.25 views

APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies

The Russian threat actor known as APT28 aka Forest Blizzard and Pawn Storm has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography, component object model COM...

8.8CVSS7.3AI score0.72152EPSS
Exploits12
Cvelist
Cvelist
added 2026/04/06 4:16 p.m.22 views

CVE-2026-34977 Aperi'Solve Affected by Unauthenticated RCE via JPSeek Analyzer Command

Aperi'Solve is an open-source steganalysis web platform. In versions 3.1.3 through 3.2.0, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is then directly passed into an expect command, which is then subsequently passed into a bash -c command,...

9.3CVSS0.00775EPSS
Exploits1References7
OSV
OSV
added 2026/03/31 11:43 p.m.3 views

GHSA-VFGX-5Q85-58Q3 openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection

Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...

8.7CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/31 11:43 p.m.8 views

openssl-encrypt has non-cryptographic PRNG used for steganography pixel selection

Summary The generatepseudorandomsequence function in opensslencrypt/plugins/steganography/core/utils.py at lines 89-91 uses Python's random module Mersenne Twister for steganographic pixel/sample selection. Affected Code python random.seedseed sequence = random.samplerangemaxvalue, minlength,...

5.9AI score
Exploits0References3Affected Software1
Rows per page
Query Builder