Lucene search
K

71 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in ujson

UltraJSON is a fast JSON encoder and decoder written in pure C, with bindings for Python 3.7+. It was found that affected versions incorrectly decoded certain characters. JSON strings containing escaped surrogate characters that were not part of a valid surrogate pair were decoded incorrectly. Th...

7.5CVSS7AI score0.02283EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/04/29 12:0 a.m.8 views

Formulating Subgroup Discovery As a Quantum Optimization Problem for Network Security

While current network intrusion detection systems achieve satisfactory accuracy, they often lack explainability. Subgroup Discovery SD addresses this by building interpretable rules that characterize feature interactions associated with attack traffic. With large datasets, classical heuristic bea...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.11 views

ExAI5G: A Logic-Based Explainable AI Framework for Intrusion Detection in 5G Networks

Intrusion detection systems IDSs for 5G networks must handle complex, high-volume traffic. Although opaque "black-box" models can achieve high accuracy, their lack of transparency hinders trust and effective operational response. We propose ExAI5G, a framework that prioritizes interpretability by...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/24 12:0 a.m.7 views

Not All Tokens Are Created Equal: Query-Efficient Jailbreak Fuzzing for LLMs

Large Language ModelsLLMs are widely deployed, yet are vulnerable to jailbreak prompts that elicit policy-violating outputs. Although prior studies have uncovered these risks, they typically treat all tokens as equally important during prompt mutation, overlooking the varying contributions of...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.7 views

The Role of Learning in Attacking Intrusion Detection Systems

Recent work on network attacks have demonstrated that ML-based network intrusion detection systems NIDS can be evaded with adversarial perturbations. However, these attacks rely on complex optimizations that have large computational overheads, making them impractical in many real-world settings. ...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/24 12:0 a.m.9 views

FedPoisonTTP: A Threat Model and Poisoning Attack for Federated Test-Time Personalization

Test-time personalization in federated learning enables models at clients to adjust online to local domain shifts, enhancing robustness and personalization in deployment. Yet, existing federated learning work largely overlooks the security risks that arise when local adaptation occurs at test tim...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/15 12:0 a.m.22 views

BackWeak: Backdooring Knowledge Distillation Simply with Weak Triggers and Fine-Tuning

Knowledge Distillation KD is essential for compressing large models, yet relying on pre-trained "teacher" models downloaded from third-party repositories introduces serious security risks -- most notably backdoor attacks. Existing KD backdoor methods are typically complex and computationally...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/07 12:0 a.m.4 views

Quantifying the Risk of Transferred Black Box Attacks

Neural networks have become pervasive across various applications, including security-related products. However, their widespread adoption has heightened concerns regarding vulnerability to adversarial attacks. With emerging regulations and standards emphasizing security, organizations must...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/06 12:0 a.m.8 views

Black-Box Guardrail Reverse-Engineering Attack

Large language models LLMs increasingly employ guardrails to enforce ethical, legal, and application-specific constraints on their outputs. While effective at mitigating harmful responses, these guardrails introduce a new class of vulnerabilities by exposing observable decision patterns. In this...

7.3AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2021-27532

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00585EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-6438

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.02283EPSS
Exploits1References12
Packet Storm News
Packet Storm News
added 2025/07/23 12:0 a.m.12 views

Learning-Based Privacy-Preserving Graph Publishing against Sensitive Link Inference Attacks

Publishing graph data is widely desired to enable a variety of structural analyses and downstream tasks. However, it also potentially poses severe privacy leakage, as attackers may leverage the released graph data to launch attacks and precisely infer private information such as the existence of...

6.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.7 views

The vulnerability of the Dataease database management system, related to improper elimination of surrogate characters, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Dataease database management system is related to the improper elimination of surrogate characters when connecting to PostgreSQL and Redshift databases. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the...

8.8CVSS5.5AI score0.00543EPSS
Exploits1References2Affected Software1
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.6 views

A Crack in the Bark: Leveraging Public Knowledge to Remove Tree-Ring Watermarks

We present a novel attack specifically designed against Tree-Ring, a watermarking technique for diffusion models known for its high imperceptibility and robustness against removal attacks. Unlike previous removal attacks, which rely on strong assumptions about attacker capabilities, our attack on...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/06 12:0 a.m.6 views

A Certified Unlearning Approach without Access to Source Data

With the growing adoption of data privacy regulations, the ability to erase private or copyrighted information from trained models has become a crucial requirement. Traditional unlearning methods often assume access to the complete training dataset, which is unrealistic in scenarios where the...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/04 12:0 a.m.6 views

BESA: Boosting Encoder Stealing Attack with Perturbation Recovery

To boost the encoder stealing attack under the perturbation-based defense that hinders the attack performance, we propose a boosting encoder stealing attack with perturbation recovery named BESA. It aims to overcome perturbation-based defenses. The core of BESA consists of two modules: perturbati...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/22 12:0 a.m.6 views

An End-To-End Model for Logits Based Large Language Models Watermarking

The rise of LLMs has increased concerns over source tracing and copyright protection for AIGC, highlighting the need for advanced detection technologies. Passive detection methods usually face high false positives, while active watermarking techniques using logits or sampling manipulation offer...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/08 12:0 a.m.5 views

MTL-UE: Learning to Learn Nothing for Multi-Task Learning

Most existing unlearnable strategies focus on preventing unauthorized users from training single-task learning STL models with personal data. Nevertheless, the paradigm has recently shifted towards multi-task data and multi-task learning MTL, targeting generalist and foundation models that can...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/02 12:0 a.m.6 views

Constrained Network Adversarial Attacks: Validity, Robustness, and Transferability

While machine learning has significantly advanced Network Intrusion Detection Systems NIDS, particularly within IoT environments where devices generate large volumes of data and are increasingly susceptible to cyber threats, these models remain vulnerable to adversarial attacks. Our research...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/19 12:0 a.m.10 views

Do You Really Need Public Data? Surrogate Public Data for Differential Privacy on Tabular Data

Differentially private DP machine learning often relies on the availability of public data for tasks like privacy-utility trade-off estimation, hyperparameter tuning, and pretraining. While public data assumptions may be reasonable in text and image domains, they are less likely to hold for tabul...

6.8AI score
Exploits0
Rows per page
Query Builder