Lucene search
K
PacketstormnewsRecent

6825 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.361 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/09/10 12:0 a.m.220 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added yesterday5 views

LifeOS 7.1.1

LifeOS is a Life Operating System. It knows your goals, the people who matter to you, and where you are right now, and it works to move you toward where you want to be. The engine underneath is a verifiable loop: turn any request into testable criteria, then climb until they pass. This is the fir...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added yesterday7 views

IronCurtain 0.13.0

IronCurtain is an early-stage research project exploring how to make AI agents safe enough to be genuinely useful. It is a runtime for autonomous AI agents, where security policy is derived from a human-readable constitution. APIs, configuration formats, and architecture may change...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added yesterday5 views

Nebula AI-Powered Penetration Testing 2.0.0

Nebula is an advanced, AI-powered penetration testing open-source tool that revolutionizes penetration testing by integrating state-of-the-art AI models into your command-line interface. Designed for cybersecurity professionals, ethical hackers, and developers, Nebula automates vulnerability...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added yesterday5 views

TestSSL 3.2.4

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in pure bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago3 views

Stegano 2.5.0

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit LSB technique. It is possible to use a more advanced LSB method based on integers sets. The sets Sieve of...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago3 views

Joern 4.0.579

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago3 views

Leveraging Interpretable Tsetlin Machine for PDF Malware Detection

In the digital era, Portable Document Format PDF is one of the most widely used file formats for storing and exchanging digital documents due to its platform independence and rich functionality. However, these same capabilities have also made PDF files an attractive attack vector for...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago3 views

SFDS: Selective File Disclosure System

Access control to networked resources has been a longstanding challenge. The conventional solution relies on authentication mechanisms, which introduce additional complexities associated with Identity and Access Management IAM. Such systems require user authentication, identity management, and...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago5 views

Impact of Benign Connectivity Variations on Intrusion Detection for Encrypted OPC UA Traffic in Industrial Private 5G Networks

Machine learning ML-based intrusion detection systems IDSs are increasingly used to monitor encrypted industrial communication. However, their behavior under realistic private 5G operating conditions remains insufficiently understood. This paper investigates the impact of benign connectivity...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago3 views

T3MP3ST Multi-Agent Offensive Security Framework

T3MP3ST is a multi-agent offensive-security framework, built to turn the AI coding agent you already run into a zero-day hunter...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago3 views

Malaika: Understanding Malware through Tri-Grounded Agentic Reasoning

Recent LLM-based systems have shown promising capabilities for security-focused code analysis. Malware understanding, however, poses a distinct challenge: analysts must reconstruct high-level malicious behaviors under partial observability from sparse, dispersed evidence intertwined with benign...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago3 views

Federated Learning Architecture: Data Privacy and System Security Approaches

This study explores the integration of homomorphic encryption and differential privacy techniques to enhance data privacy and security in Federated Learning FL systems. FL allows data to remain on local devices, eliminating the need for centralized data collection; however, sensitive information...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago5 views

VEXAIoT: Autonomous IoT Vulnerability EXploitation Using AI Agents

Internet of Things IoT systems are inherently vulnerable due to constrained hardware, outdated firmware, and insecure default configurations, creating a need for scalable and adaptive security testing approaches. While recent adoptions of Large Language Model LLM agents have demonstrated promise ...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago5 views

TSAI-MetaFraud: A Benchmark Dataset for Financial Fraud Transaction and Behavioral Risk Detection in Metaverse Ecosystems

The emergence of metaverse platforms has created virtual economies that introduce new challenges related to fraud, bot activity, and illicit financial behavior. Despite growing interest in trustworthy metaverse analytics, existing datasets typically focus on user behavior, authentication, or...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago3 views

Flounder 0.3.1

Flounder turns modern coding agents into an end-to-end security audit system. Give it an authorized target boundary - a repository, source tree, package, deployed clue, or prior run - and the agent can prepare the workspace, read the code and supporting material, map the attack surface, dig into...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago3 views

Xalgorix Autonomous AI Pentesting Agent 4.5.55

Most scanners detect. Xalgorix proves. An autonomous LLM agent works a full pentest methodology, then an independent verifier re-exploits every finding before it's reported - so you get proof, not a pile of maybes to triage. Self-hosted, private, and bring-your-own-LLM. Built in Go + TypeScript...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 4 days ago6 views

Statistically Undetectable Backdoors in Deep Neural Networks

We show how an adversarial model trainer can plant backdoors in a large class of deep, feedforward neural networks. These backdoors are statistically undetectable in the white-box setting, meaning that the backdoored and honestly trained models are close in total variation distance, even given th...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 5 days ago6 views

Securing Autonomous Vehicle Systems Via Twin-Aware Federated Reinforcement Learning

Federated reinforcement learning FRL is crucial for enabling collaborative learning across multiple agents without sharing raw data, thereby enhancing privacy and scalability in the decision-making process within dynamic vehicular environments. However, poisoning attacks pose a significant threat...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 5 days ago5 views

SeedSmith: LLM-Driven Seed Synthesis for Directed Fuzzing

Directed fuzzing steers fuzzers toward user-defined sink functions to identify vulnerabilities, but it frequently fails to trigger crashes even after long campaigns. We identify two challenges that prevent directed fuzzers from exposing crashes: incomplete static analysis of indirect calls, which...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 5 days ago3 views

WPProbe Plugin Enumeration Tool 0.12.5

A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 5 days ago5 views

Neuro-Agentic Control: A Deep Learning-Based LLM-Powered Agentic AI Framework for Controlling Security Controls

Cyberattacks on operational technology are increasingly causing costly downtime and physical damage, exposing the limitations of traditional rule-based monitoring in industrial IoT environments. While Large Language Models LLMs have strong semantic reasoning abilities to assist in decision suppor...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 5 days ago3 views

vulnx 2.0.2

vulnx is a command-line interface CLI tool designed to provide a structured and easily navigable interface to various vulnerability databases...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 5 days ago5 views

Entropy Bootstrapping for Wireless Embedded Systems

Weak randomness has broken deployed cryptography through implementation bugs, boot entropy scarcity, and backdoored generators. Inexpensive wireless sensors concentrate the risk because many boot or operate in highly deterministic conditions while relying on basic, rudimentary, or opaque RNGs. On...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 5 days ago5 views

Secret Scanner Agent: Extracting Secrets and Access Context from Unstructured Documents

Exposed documents such as emails, chat threads, tickets, and incident notes routinely leak credentials, but during incident response a leaked secret is only half the story. Responders also need to identify the "door'' the secret opens: the account, tenant, endpoint, database, cloud resource, or...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 5 days ago3 views

Prismata: Confining Cross-Site Prompt Injection in Web Agents

Autonomous web agents promise to automate everyday browsing tasks, but inherit one of the web's oldest attack surfaces. Cross-Site Scripting proved that mixing trusted and untrusted content is dangerous, even on benign pages. Agents resurface this risk by interpreting natural language as...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 5 days ago3 views

Reverse Engineering Compliance: A Dual-Graph Verification Framework for Auditing Legacy IT Security Concepts

The NIS-2 Directive increases the need for continuous, auditable compliance evidence and motivates a shift from document-based compliance toward machine-readable compliance artifacts. The Open Security Controls Assessment Language OSCAL is a standard for this purpose, which the German Federal...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 5 days ago3 views

Wireshark Analyzer 4.6.7

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 5 days ago3 views

Flounder 0.2.0

Flounder turns modern coding agents into an end-to-end security audit system. Give it an authorized target boundary - a repository, source tree, package, deployed clue, or prior run - and the agent can prepare the workspace, read the code and supporting material, map the attack surface, dig into...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago8 views

Oracle E-Business Suite 12.2.14 Vulnerability Detection Scanner

This is a scanner designed to assess Oracle E-Business Suite web environments affected by CVE-2025-61882. It performs basic connectivity checks, fingerprints Oracle EBS-specific paths such as /OAHTML/ endpoints, and verifies the accessibility of common application endpoints without sending...

9.8CVSS6.1AI score0.99722EPSS
Exploits15
Packet Storm News
Packet Storm News
added 6 days ago3 views

Certifying Ghosts: How Cybersecurity AI Agents Break the EU Cyber Resilience Act

The EU Cyber Resilience Act CRA makes a smart bet. It does not demand that products be free of vulnerabilities, but only that manufacturers run a process: assess risk, handle flaws, ship updates. The bet pays off if four things about the world stay true: P1 finding vulnerabilities is slow, skille...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago3 views

Monitoring Vulnerabilities in Next-Generation Automotive Operating Systems

Software-defined vehicles SDVs are revolutionizing transportation by integrating complex, interconnected hardware, and software systems. This evolution introduces significant security challenges. We present a comprehensive security analysis for SDVs, focusing on software vulnerabilities. We note...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago3 views

Entropy-Adaptive Multi-Map Chaotic Modulation for Physical-Layer Security

This paper presents a Multi-Map Dynamic-Entropy Intrusion-Aware Chaotic Modulation MU-DE-IAEACM-MM framework for adaptive physical-layer security in multi-user wireless systems. Unlike conventional chaos-based schemes that rely on static parameter secrecy, the proposed architecture treats entropy...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago8 views

Joern 4.0.578

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago8 views

ida_kernelcache: An IDA Toolkit for analyzing iOS kernelcaches

idakernelcache is an IDAPython module for IDA Pro to make working with iOS kernelcaches easier. idakernelcache has been tested with IDA Pro 6.95 on kernelcaches for iOS versions 10.1.1, 11.0, 11.2, 11.3.1, and 12.0 beta. Currently only Arm64 kernelcaches from iOS 10 and later are supported...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago3 views

Multi-Class Vs. Multi-Label BERT for CVE-To-CWE Mapping: How Taxonomy Structure Shapes the Errors

Assigning Common Weakness Enumeration CWE categories to Common Vulnerabilities and Exposures CVE records remains an important but largely manual step in vulnerability analysis. We study this task as a text classification problem and compare two modelling choices: a \emphmulti-class formulation th...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago3 views

KS-CFA: Control-Flow Attestation Via Symbolic Replay against Control-Flow Bending Attacks

Control-flow attestation CFA enables a remote entity to verify program execution on a target device by monitoring control-flow behaviour at runtime. However, control-flow bending CFB attacks remain difficult to detect, where an adversary steers execution along legal edges of the program's...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago3 views

Mechanistic Interpretability of LLM Jailbreaks Via Internal Attribution Graphs

Large language models LLMs exhibit remarkable capabilities but remain highly vulnerable to adversarial prompts and jailbreak attacks. Existing approaches primarily analyze these failures through input-output behaviors or attribution methods, offering limited insight into how adversarial...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago3 views

Beyond Attack-Success Rate: Action-Graded Severity Scale for Tool-Using AI Agents

Agentic red-teaming benchmarks report whether an injected agent was compromised as a single bit: the attack succeeded, or it did not. We argue that this binary attack-success rate discards the information a defender most needs, namely how harmful the resulting action was. We introduce an...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago3 views

Mitigating Taint-Style Vulnerabilities in MCP Servers Via Security-Aware Tool Descriptions

Large language models LLMs are increasingly deployed as autonomous agents that interact with external tools and services via the Model Context Protocol MCP, a standardized interface for dynamic tool invocation. While MCP simplifies integration, it also expands the attack surface and enables gener...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago3 views

An Automated Framework for Generating Stealthy Cell-Embedded Hardware Trojans

Hardware Trojans HTs pose significant threats across the Integrated Circuit IC design lifecycle because they can be inserted by untrusted entities at different stages under the zero-trust model. When triggered under rare conditions, HTs can compromise the functionality, reliability, or security o...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago3 views

ScopeJudge: Cost-Aware Pre-Execution Gating for Offensive Security Agents

As LLM agents take on offensive security work, a single out-of-scope tool call can breach a client's engagement boundary, disrupt production, or void a bug-bounty finding. Unlike a fixed safety policy, the boundary that matters is declared in the user's request and must be inferred from intent...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago5 views

Oracle E-Business Suite 12.2.15 Payments Vulnerability Scanner

This Python-based security assessment tool scans Oracle E-Business Suite EBS Payments deployments for indicators associated with CVE-2026-46817...

9.8CVSS6.1AI score0.00677EPSS
Exploits2
Packet Storm News
Packet Storm News
added 6 days ago3 views

Forensic Schema for Psychological Manipulation in Cyber Fraud: LLM-Driven Victim Reports Analysis

Existing cybercrime classification schemas capture contact metadata and financial transactions but omit the psychological manipulation techniques perpetrators employ. We present a forensic schema four categories, 35 questions adding 11 manipulation indicators and cryptocurrency evidence fields to...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago3 views

Beware What You Autocomplete: Forensic Attribution of Backdoored Code Completions

Large language models have enabled powerful code completion systems that assist developers by predicting subsequent lines of code. However, these models remain vulnerable to backdoor attacks, where malicious fine-tuning data covertly implants unsafe behaviors. Despite advances in defensive...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago10 views

CodeQL 2.26.0

Discover vulnerabilities across a codebase with CodeQL, an industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago6 views

Pardus Domain Joiner 0.5.2 Credential Disclosure

A security vulnerability has been identified in Pardus Domain Joiner version 0.5.2, where Active Directory administrative credentials are passed as plaintext command-line arguments during domain join and domain leave operations...

7.9CVSS5.8AI score0.00106EPSS
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago8 views

Git Hash Chain Malleability

This whitepaper demonstrates that signed Git commits are not uniquely bound to their commit hashes, even when they display a valid "Verified" badge on GitHub. The authors show that attackers can transform the signature encoding of an existing signed commit—without possessing the private signing...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 6 days ago7 views

angr 9.2.223

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

6AI score
Exploits0
Total number of security vulnerabilities6825