Lucene search
K

1655 matches found

Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.11 views

Prompt Overflow: What the Guardrail Inspects Is Not What the Model Infers

Guardrail models a.k.a. safety checkers are widely deployed to screen user inputs before they reach large language models LLMs, serving as a primary defense against prompt injection attacks. Due to strict context constraints, these models handle overlength prompts through truncation or...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/17 1:54 p.m.97 views

XSS-Payload-Generator

XSS-Payload-Generator user guide 0. This script is an XSS payl...

5.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2026/05/15 11:6 a.m.12 views

Bypassing On-Camera Age-Verification Checks

Some AI-based video age-verification checks can be fooled with a fake mustache...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/15 12:0 a.m.9 views

STRIKE: A Structured Taxonomy of Cybercrime for Risk, Impact, Knowledge, and Evolution

Cybercrime has grown exponentially in both scale and sophistication, posing significant threats. As attack methods evolve rapidly, traditional classification schemes often fail to capture the complexity and diversity of modern threats. To address this gap, we introduce STRIKE,a Structured Taxonom...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.13 views

Toward Securing AI Agents like Operating Systems

Autonomous agents based on large language models LLMs are rapidly emerging as a general-purpose technology, with recent systems such as OpenClaw extending their capabilities through broad tool use, third-party skills, and deeper integration into user environments. At the same time, these agentic...

5.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/05/12 10:53 p.m.11 views

Accelerating detection engineering using AI-assisted synthetic attack logs generation

In this article 1. Core Idea: From TTPs to Logs 2. Approaches for Synthetic Attack Log Generation 3. Evaluation Datasets 4. References 5. Learn more Logs and telemetry are the foundation of modern cybersecurity. They enable threat detection, incident response, forensic investigation, and complian...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/09 5:9 p.m.13 views

Malicious code in python-bittensor-config-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6f2ecdbc9e024d6dc51c8e5d48941c5aac432db65ad733317aed159d480973cd During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/05/08 10:11 p.m.9 views

EUVD-2026-28855

FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a fullUrl.startsWith check against a hardcoded list. This check can be bypassed using at least 7 different...

7.7CVSS5.8AI score0.00213EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/07 10:44 a.m.73 views

01-Pentesting-and-Offensive-Security

No d...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.10 views

Age Verification in the Web -- Holy Grail to Control Access to Restricted Content

Age verification before accessing restricted content is critical to protecting minors from exposure to harmful material such as pornography, gambling, violence, hateful speech, and substance purchases like alcohol and tobacco. Currently, the absence of reliable age-checking mechanisms allows...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/05 12:0 a.m.4 views

Internet of Things Security: A Survey on Common Attacks

The exponential growth of the Internet of Things IoT has integrated connected devices into various sectors like smart cities, digital health, and Industry 4.0, generating vast amounts of real-time data to support intelligent decision-making. However, this widespread adoption is fundamentally...

5.8AI score
Exploits0
Securelist
Securelist
added 2026/05/04 10:0 a.m.10 views

“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security

Introduction The primary goal for attackers in a phishing campaign is to bypass email security and trick the potential victim into revealing their data. To achieve this, scammers employ a wide range of tactics, from redirect links to QR codes. Additionally, they heavily rely on legitimate sources...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/01 4:36 p.m.92 views

OWASP-Pentest-Suite

OWASP Web Application Penetration Testing University of t...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.4 views

Integrating Log-Based Security Analytics in Agile Workflows: A Real-World Experience Report

Modern organizations increasingly rely on log data and monitoring signals to protect products against account takeovers and abuse, yet integrating security analytics into fast-moving Agile workflows remains challenging. While it is important to understand how security practices are developed and...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/27 8:14 a.m.91 views

xss

CSS Style Sheet Mutation alert"This is a test" alert"...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/26 12:0 a.m.5 views

SMSI: System Model Security Inference: Automated Threat Modeling for Cyber-Physical Systems

Threat modeling for cyber-physical systems CPS remains a largely manual exercise. This project presents SMSI System Model Security Inference, a hybrid neuro-symbolic pipeline that starts from a SysML architecture model and produces a prioritized list of NIST 800-53 security controls. The prototyp...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/26 12:0 a.m.5 views

Safeguarding Skies: Airport Cybersecurity in the Digital Age

The aviation industry faces significant vulnerabilities from both physical and cybersecurity threats, highlighting the urgent need for enhanced cybersecurity measures amid increasingly sophisticated attacks. This paper systematically reviews emerging threats at airports, analyzing real-world...

5.3AI score
Exploits0
OSV
OSV
added 2026/04/23 12:22 a.m.7 views

MAL-2026-3002 Malicious code in lyrox (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a758a1be229d0656a639cd9e76cb14b3224260a08da87b6de28ff2bc4c1d48ba Heavy obfuscate code for extracting further obfuscate binaries and executing them using file less techniques. Some versions contain the executable embedded,...

5.8AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/21 12:0 a.m.22 views

Cyber Defense Benchmark: Agentic Threat Hunting Evaluation for LLMs in SecOps

We introduce the Cyber Defense Benchmark, a benchmark for measuring how well large language model LLM agents perform the core SOC analyst task of threat hunting: given a database of raw Windows event logs with no guided questions or hints, identify the exact timestamps of malicious events. The...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/16 9:36 a.m.98 views

exploit_kernel

e...

5.8AI score
Exploits0
Rows per page
Query Builder