Lucene search
K

20 matches found

Packet Storm News
Packet Storm News
added 2026/02/24 12:0 a.m.13 views

AdapTools: Adaptive Tool-Based Indirect Prompt Injection Attacks on Agentic LLMs

The integration of external data services e.g., Model Context Protocol, MCP has made large language model-based agents increasingly powerful for complex task execution. However, this advancement introduces critical security vulnerabilities, particularly indirect prompt injection IPI attacks...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/24 12:0 a.m.5 views

CoTDeceptor:Adversarial Code Obfuscation against CoT-Enhanced LLM Code Agents

LLM-based code agentse.g., ChatGPT Codex are increasingly deployed as detector for code review and security auditing tasks. Although CoT-enhanced LLM vulnerability detectors are believed to provide improved robustness against obfuscated malicious code, we find that their reasoning chains and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/14 12:0 a.m.4 views

One Leak Away: How Pretrained Model Exposure Amplifies Jailbreak Risks in Finetuned LLMs

Finetuning pretrained large language models LLMs has become the standard paradigm for developing downstream applications. However, its security implications remain unclear, particularly regarding whether finetuned LLMs inherit jailbreak vulnerabilities from their pretrained sources. We investigat...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/11/04 12:0 a.m.5 views

Jailbreaking in the Haystack

Recent advances in long-context language models LMs have enabled million-token inputs, expanding their capabilities across complex tasks like computer-use agents. Yet, the safety implications of these extended contexts remain unclear. To bridge this gap, we introduce NINJA short for...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/02 12:0 a.m.11 views

Evaluating the Robustness of a Production Malware Detection System to Transferable Adversarial Attacks

As deep learning models become widely deployed as components within larger production systems, their individual shortcomings can create system-level vulnerabilities with real-world impact. This paper studies how adversarial attacks targeting an ML component can degrade or bypass an entire...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/20 12:0 a.m.5 views

Foe for Fraud: Transferable Adversarial Attacks in Credit Card Fraud Detection

Credit card fraud detection CCFD is a critical application of Machine Learning ML in the financial sector, where accurately identifying fraudulent transactions is essential for mitigating financial losses. ML models have demonstrated their effectiveness in fraud detection task, in particular with...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/07/05 12:0 a.m.4 views

When Data-Free Knowledge Distillation Meets Non-Transferable Teacher: Escaping Out-Of-Distribution Trap Is All You Need

Data-free knowledge distillation DFKD transfers knowledge from a teacher to a student without access the real in-distribution ID data. Its common solution is to use a generator to synthesize fake data and use them as a substitute for real ID data. However, existing works typically assume teachers...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/22 12:0 a.m.6 views

MEraser: an Effective Fingerprint Erasure Approach for Large Language Models

Large Language Models LLMs have become increasingly prevalent across various sectors, raising critical concerns about model ownership and intellectual property protection. Although backdoor-based fingerprinting has emerged as a promising solution for model authentication, effective attacks for...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/20 12:0 a.m.4 views

A Smart Contract-Based Non-Transferable Signature Verification System Using Nominative Signatures

Nominative signatures allow us to indicate who can verify a signature, and they can be employed to construct a non-transferable signature verification system that prevents the signature verification by a third party in unexpected situations. For example, this system can prevent IOU/loan certifica...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/29 12:0 a.m.6 views

Hijacking Large Language Models Via Adversarial In-Context Learning

In-context learning ICL has emerged as a powerful paradigm leveraging LLMs for specific downstream tasks by utilizing labeled examples as demonstrations demos in the preconditioned prompts. Despite its promising performance, crafted adversarial attacks pose a notable threat to the robustness of...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/26 12:0 a.m.12 views

One Surrogate to Fool Them All: Universal, Transferable, and Targeted Adversarial Attacks with CLIP

Deep Neural Networks DNNs have achieved widespread success yet remain prone to adversarial attacks. Typically, such attacks either involve frequent queries to the target model or rely on surrogate models closely mirroring the target model -- often trained with subsets of the target model's traini...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/23 12:0 a.m.4 views

One Model Transfer to All: on Robust Jailbreak Prompts Generation against LLMs

Safety alignment in large language models LLMs is increasingly compromised by jailbreak attacks, which can manipulate these models to generate harmful or unintended content. Investigating these attacks is crucial for uncovering model vulnerabilities. However, many existing jailbreak strategies fa...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/17 12:0 a.m.3 views

Proof-Of-Social-Capital: Privacy-Preserving Consensus Protocol Replacing Stake for Social Capital

Consensus protocols used today in blockchains often rely on computational power or financial stakes - scarce resources. We propose a novel protocol using social capital - trust and influence from social interactions - as a non-transferable staking mechanism to ensure fairness and decentralization...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/11 12:0 a.m.2 views

DP-TRAE: a Dual-Phase Merging Transferable Reversible Adversarial Example for Image Privacy Protection

In the field of digital security, Reversible Adversarial Examples RAE combine adversarial attacks with reversible data hiding techniques to effectively protect sensitive data and prevent unauthorized analysis by malicious Deep Neural Networks DNNs. However, existing RAE techniques primarily focus...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/04/14 12:0 a.m.10 views

MaxContribution check can be bypassed to give a card high voting power

Lines of code Vulnerability details Proof of Concept ReraiseETHCrowdfund tries limit the voting power of each card by doing a min/maxContribution check in claim and claimMultiple. uint96 contribution = votingPower 1e4 / exchangeRateBps; uint96 maxContribution = maxContribution; // Check that the...

6.9AI score
Exploits0
OSV
OSV
added 2021/04/06 5:22 p.m.12 views

GHSA-MMHJ-4W6J-76H7 Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate

Versions of isolated-vm before v4.0.0, and especially before v3.0.0, have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to the underlying reference's full prototype chain. In an...

8CVSS9.3AI score0.00713EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2013/02/14 12:0 a.m.41 views

Transferable Remote 1.1 iPad iPhone - Multiple Vulnerabilities

Title: ====== Transferable Remote v1.1 iPad iPhone - Multiple Web Vulnerabilities Date: ===== 2013-02-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=863 VL-ID: ===== 863 Common Vulnerability Scoring System: ==================================== 8.5 Introduction:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/02/13 12:0 a.m.37 views

Transferable Remote 1.1 XSS / LFI / Command Injection

Title: ====== Transferable Remote v1.1 iPad iPhone - Multiple Web Vulnerabilities Date: ===== 2013-02-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=863 VL-ID: ===== 863 Common Vulnerability Scoring System: ==================================== 8.5 Introduction:...

0.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2013/02/09 12:0 a.m.32 views

Transferable Remote v1.1 iPad iPhone - Web Vulnerabilities

Document Title: =============== Transferable Remote v1.1 iPad iPhone - Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=863 Release Date: ============= 2013-02-09 Vulnerability Laboratory ID VL-ID: ====================================...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/11/06 12:0 a.m.27 views

OpenLDAP 2.2.29 - Remote Denial of Service (Metasploit)

OpenLDAP 2.2.29 - Remote Denial of Service Metasploit vdopenldap.pm The exploit is a part of VulnDisco Pack - use only under the license agreement specified in LICENSE.txt in your VulnDisco distribution VULNDISCO LICENSE Purchaser buys VulnDisco Pack "the Pack" and receives the right to use it...

7.4AI score
Exploits0
Rows per page
Query Builder