Lucene search
+L
PacketstormnewsRecent

6894 matches found

Packet Storm News
Packet Storm News
added 2025/06/15 12:0 a.m.0 views

Can We Infer Confidential Properties of Training Data from LLMs?

Large language models LLMs are increasingly fine-tuned on domain-specific datasets to support applications in fields such as healthcare, finance, and law. These fine-tuning datasets often have sensitive and confidential dataset-level properties -- such as patient demographics or disease prevalenc...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/15 12:0 a.m.3 views

Optimal Piecewise-Based Mechanism for Collecting Bounded Numerical Data under Local Differential Privacy

Numerical data with bounded domains is a common data type in personal devices, such as wearable sensors. While the collection of such data is essential for third-party platforms, it raises significant privacy concerns. Local differential privacy LDP has been shown as a framework providing provabl...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/14 12:0 a.m.3 views

Monitoring Decomposition Attacks in LLMs with Lightweight Sequential Monitors

Current LLM safety defenses fail under decomposition attacks, where a malicious goal is decomposed into benign subtasks that circumvent refusals. The challenge lies in the existing shallow safety alignment techniques: they only detect harm in the immediate prompt and do not reason about long-rang...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/14 12:0 a.m.5 views

Social Media Reactions to Open Source Promotions: AI-Powered GitHub Projects on Hacker News

Social media platforms have become more influential than traditional news sources, shaping public discourse and accelerating the spread of information. With the rapid advancement of artificial intelligence AI, open-source software OSS projects can leverage these platforms to gain visibility and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/14 12:0 a.m.7 views

Step-By-Step Reasoning Attack: Revealing 'Erased' Knowledge in Large Language Models

Whitepaper called Step-By-Step Reasoning Attack: Revealing 'Erased' Knowledge In Large Language Models...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/14 12:0 a.m.6 views

SOSBENCH: Benchmarking Safety Alignment on Scientific Knowledge

Large language models LLMs exhibit advancing capabilities in complex tasks, such as reasoning and graduate-level question answering, yet their resilience against misuse, particularly involving scientifically sophisticated risks, remains underexplored. Existing safety benchmarks typically focus...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/14 12:0 a.m.4 views

A New Representation of Binary Sequences by Means of Boolean Functions

Boolean functions and binary sequences are main tools used in cryptography. In this work, we introduce a new bijection between the set of Boolean functions and the set of binary sequences with period a power of two. We establish a connection between them which allows us to study some properties o...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/14 12:0 a.m.7 views

Parallel Repetition for Post-Quantum Arguments

In this work, we show that parallel repetition of public-coin interactive arguments reduces the soundness error at an exponential rate even in the post-quantum setting. Moreover, we generalize this result to hold for threshold verifiers, where the parallel repeated verifier accepts if and only if...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.5 views

Computational Attestations of Polynomial Integrity Towards Verifiable Machine-Learning

Machine-learning systems continue to advance at a rapid pace, demonstrating remarkable utility in various fields and disciplines. As these systems continue to grow in size and complexity, a nascent industry is emerging which aims to bring machine-learning-as-a-service MLaaS to market. Outsourcing...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.10 views

WordPress Traffic Monitor 3.2.2 Unauthenticated Bot Logging Disable

This repository features a Nuclei template specifically designed to detect an unauthenticated bot logging disable vulnerability in the Traffic Monitor WordPress plugin. This issue allows unauthenticated attackers to remotely disable bot logging via a vulnerable AJAX action. It affects versions up...

5.3CVSS5.2AI score0.00388EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.4 views

Graph-Based Floor Separation Using Node Embeddings and Clustering of WiFi Trajectories

Indoor positioning systems IPSs are increasingly vital for location-based services in complex multi-storey environments. This study proposes a novel graph-based approach for floor separation using Wi-Fi fingerprint trajectories, addressing the challenge of vertical localization in indoor settings...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.3 views

Disclosure Audits for LLM Agents

Large Language Model agents have begun to appear as personal assistants, customer service bots, and clinical aides. While these applications deliver substantial operational benefits, they also require continuous access to sensitive data, which increases the likelihood of unauthorized disclosures...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.2 views

Bhatt Conjectures: on Necessary-But-Not-Sufficient Benchmark Tautology for Human like Reasoning

The Bhatt Conjectures framework introduces rigorous, hierarchical benchmarks for evaluating AI reasoning and understanding, moving beyond pattern matching to assess representation invariance, robustness, and metacognitive self-awareness. The agentreasoning-sdk demonstrates practical implementatio...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.5 views

Towards Understanding the Cognitive Habits of Large Reasoning Models

Large Reasoning Models LRMs, which autonomously produce a reasoning Chain of Thought CoT before producing final responses, offer a promising approach to interpreting and monitoring model behaviors. Inspired by the observation that certain CoT patterns -- e.g., "Wait, did I miss anything?'' --...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.4 views

Training RL Agents for Multi-Objective Network Defense Tasks

Open-ended learning OEL -- which emphasizes training agents that achieve broad capability over narrow competency -- is emerging as a paradigm to develop artificial intelligence AI agents to achieve robustness and generalization. However, despite promising results that demonstrate the benefits of...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.12 views

Custom API Generator for Cross Platform and Import Export in WP 2.0.3 Privilege Escalation

WordPress REST API | Custom API Generator For Cross Platform And Import Export In WP plugin versions 1.0.0 through 2.0.3 are susceptible to a privilege escalation vulnerability due to a missing capability check on the processhandler...

9.8CVSS8.6AI score0.00532EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.5 views

AgentVigil: Generic Black-Box Red-Teaming for Indirect Prompt Injection against LLM Agents

The strong planning and reasoning capabilities of Large Language Models LLMs have fostered the development of agent-based systems capable of leveraging external tools and interacting with increasingly complex environments. However, these powerful features also introduce a critical security risk:...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.6 views

Firefox JavaScript Use-After-Free

Firefox has an issues where JavaScript can run during XSLTProcessor transform, leading to a use-after-free condition...

6.5CVSS7.9AI score0.00824EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/06/13 12:0 a.m.6 views

GaussMarker: Robust Dual-Domain Watermark for Diffusion Models

As Diffusion Models DM generate increasingly realistic images, related issues such as copyright and misuse have become a growing concern. Watermarking is one of the promising solutions. Existing methods inject the watermark into the single-domain of initial Gaussian noise for generation, which...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.5 views

ObfusBFA: a Holistic Approach to Safeguarding DNNs from Different Types of Bit-Flip Attacks

Bit-flip attacks BFAs represent a serious threat to Deep Neural Networks DNNs, where flipping a small number of bits in the model parameters or binary code can significantly degrade the model accuracy or mislead the model prediction in a desired way. Existing defenses exclusively focus on...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.3 views

GOLIATH: a Decentralized Framework for Data Collection in Intelligent Transportation Systems

Intelligent Transportation Systems ITSs technology has advanced during the past years, and it is now used for several applications that require vehicles to exchange real-time data, such as in traffic information management. Traditionally, road traffic information has been collected using on-site...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.3 views

Adaptive Chosen-Ciphertext Security of Distributed Broadcast Encryption

Distributed broadcast encryption DBE is a specific kind of broadcast encryption BE where users independently generate their own public and private keys, and a sender can efficiently create a ciphertext for a subset of users by using the public keys of the subset users. Previously proposed DBE...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.4 views

ChineseHarm-Bench: a Chinese Harmful Content Detection Benchmark

Large language models LLMs have been increasingly applied to automated harmful content detection tasks, assisting moderators in identifying policy violations and improving the overall efficiency and accuracy of content review. However, existing resources for harmful content detection are...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.7 views

SMB NTLM Hash Leakage

This is a proof of concept for exploiting CVE-2025-24071, a vulnerability in Windows that allows NTLM hash leakage via .library-ms files. This version diverges slightly from others by using a .tar archive instead of a .zip, which improves compatibility in SMB-only environments...

6.5CVSS7.1AI score0.25068EPSS
Exploits21
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.3 views

TED-LaST: Towards Robust Backdoor Defense against Adaptive Attacks

Deep Neural Networks DNNs are vulnerable to backdoor attacks, where attackers implant hidden triggers during training to maliciously control model behavior. Topological Evolution Dynamics TED has recently emerged as a powerful tool for detecting backdoor attacks in DNNs. However, TED can be...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.4 views

Single Block On

In the digital age, individuals increasingly maintain active presences across multiple platforms ranging from social media and messaging applications to professional and communication tools. However, the current model for managing user level privacy and abuse is siloed, requiring users to block...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.4 views

SoK: Evaluating Jailbreak Guardrails for Large Language Models

Large Language Models LLMs have achieved remarkable progress, but their deployment has exposed critical vulnerabilities, particularly to jailbreak attacks that circumvent safety mechanisms. Guardrails--external defense mechanisms that monitor and control LLM interaction--have emerged as a promisi...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.3 views

Commitment Schemes for Multi-Party Computation

The paper presents an analysis of Commitment Schemes CSs used in Multi-Party Computation MPC protocols. While the individual properties of CSs and the guarantees offered by MPC have been widely studied in isolation, their interrelation in concrete protocols and applications remains mostly...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.6 views

Differentially Private Relational Learning with Entity-Level Privacy Guarantees

Learning with relational and network-structured data is increasingly vital in sensitive domains where protecting the privacy of individual entities is paramount. Differential Privacy DP offers a principled approach for quantifying privacy risks, with DP-SGD emerging as a standard mechanism for...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.4 views

Chain-Of-Code Collapse: Reasoning Failures in LLMs Via Adversarial Prompting in Code Generation

Large Language Models LLMs have achieved remarkable success in tasks requiring complex reasoning, such as code generation, mathematical problem solving, and algorithmic synthesis -- especially when aided by reasoning tokens and Chain-of-Thought prompting. Yet, a core question remains: do these...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.3 views

ME: Trigger Element Combination Backdoor Attack on Copyright Infringement

The capability of generative diffusion models DMs like Stable Diffusion SD in replicating training data could be taken advantage of by attackers to launch the Copyright Infringement Attack, with duplicated poisoned image-text pairs. SilentBadDiffusion SBD is a method proposed recently, which shew...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.4 views

TimberStrike: Dataset Reconstruction Attack Revealing Privacy Leakage in Federated Tree-Based Systems

Federated Learning has emerged as a privacy-oriented alternative to centralized Machine Learning, enabling collaborative model training without direct data sharing. While extensively studied for neural networks, the security and privacy implications of tree-based models remain underexplored. This...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.4 views

Byzantine Outside, Curious Inside: Reconstructing Data through Malicious Updates

Federated learning FL enables decentralized machine learning without sharing raw data, allowing multiple clients to collaboratively learn a global model. However, studies reveal that privacy leakage is possible under commonly adopted FL protocols. In particular, a server with access to client...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.7 views

Bias Amplification in RAG: Poisoning Knowledge Retrieval to Steer LLMs

In Large Language Models, Retrieval-Augmented Generation RAG systems can significantly enhance the performance of large language models by integrating external knowledge. However, RAG also introduces new security risks. Existing research focuses mainly on how poisoning attacks in RAG systems affe...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.4 views

TooBadRL: Trigger Optimization to Boost Effectiveness of Backdoor Attacks on Deep Reinforcement Learning

Deep reinforcement learning DRL has achieved remarkable success in a wide range of sequential decision-making domains, including robotics, healthcare, smart grids, and finance. Recent research demonstrates that attackers can efficiently exploit system vulnerabilities during the training phase to...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.3 views

User Perceptions and Attitudes toward Untraceability in Messaging Platforms

Mainstream messaging platforms offer a variety of features designed to enhance user privacy, such as disappearing messages, password-protected chats, and end-to-end encryption E2EE, which primarily protect message contents. Beyond contents, the transmission of messages generates metadata that can...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.6 views

A Crack in the Bark: Leveraging Public Knowledge to Remove Tree-Ring Watermarks

We present a novel attack specifically designed against Tree-Ring, a watermarking technique for diffusion models known for its high imperceptibility and robustness against removal attacks. Unlike previous removal attacks, which rely on strong assumptions about attacker capabilities, our attack on...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.3 views

From IOCs to Group Profiles: on the Specificity of Threat Group Behaviors in CTI Knowledge Bases

Indicators of Compromise IOCs such as IP addresses, file hashes, and domain names are commonly used for threat detection and attribution. However, IOCs tend to be short-lived as they are easy to change. As a result, the cybersecurity community is shifting focus towards more persistent behavioral...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.4 views

MAYA: Addressing Inconsistencies in Generative Password Guessing through a Unified Benchmark

Recent advances in generative models have led to their application in password guessing, with the aim of replicating the complexity, structure, and patterns of human-created passwords. Despite their potential, inconsistencies and inadequate evaluation methodologies in prior research have hindered...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.10 views

Multi-Modal Multi-Task Federated Foundation Models for Next-Generation Extended Reality Systems: Towards Privacy-Preserving Distributed Intelligence in AR/VR/MR

Extended reality XR systems, which consist of virtual reality VR, augmented reality AR, and mixed reality XR, offer a transformative interface for immersive, multi-modal, and embodied human-computer interaction. In this paper, we envision that multi-modal multi-task M3T federated foundation model...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.6 views

CyFence: Securing Cyber-Physical Controllers Via Trusted Execution Environment

In the last decades, Cyber-physical Systems CPSs have experienced a significant technological evolution and increased connectivity, at the cost of greater exposure to cyber-attacks. Since many CPS are used in safety-critical systems, such attacks entail high risks and potential safety harms...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.4 views

SOFT: Selective Data Obfuscation for Protecting LLM Fine-Tuning against Membership Inference Attacks

Whitepaper called SOFT: Selective Data Obfuscation For Protecting LLM Fine-Tuning Against Membership Inference Attacks...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.1 views

Quantifying Azure RBAC Wildcard Overreach

Azure RBAC leverages wildcard permissions to simplify policy authoring, but this abstraction often obscures the actual set of allowed operations and undermines least-privilege guarantees. We introduce Belshazaar, a two-stage framework that targets both the effective permission set problem and the...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.8 views

FicGCN: Unveiling the Homomorphic Encryption Efficiency from Irregular Graph Convolutional Networks

Graph Convolutional Neural Networks GCNs have gained widespread popularity in various fields like personal healthcare and financial systems, due to their remarkable performance. Despite the growing demand for cloud-based GCN services, privacy concerns over sensitive graph data remain significant...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.3 views

Assessing the Resilience of Automotive Intrusion Detection Systems to Adversarial Manipulation

The security of modern vehicles has become increasingly important, with the controller area network CAN bus serving as a critical communication backbone for various Electronic Control Units ECUs. The absence of robust security measures in CAN, coupled with the increasing connectivity of vehicles,...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.2 views

WebKit Cross Site CSS Rule / Redirect URL Disclosure

WebKit suffers from a cross site CSS rule and redirect URL disclosure vulnerability...

6.5CVSS7.1AI score0.00373EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/12 12:0 a.m.4 views

Uncovering Reliable Indicators: Improving IoC Extraction from Threat Reports

Indicators of Compromise IoCs are critical for threat detection and response, marking malicious activity across networks and systems. Yet, the effectiveness of automated IoC extraction systems is fundamentally limited by one key issue: the lack of high-quality ground truth. Current extraction too...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/11 12:0 a.m.5 views

Guardians of the Regime: When and Why Autocrats Create Secret Police

Autocrats use secret police to stay in power, as these organizations deter and suppress opposition to their rule. Existing research shows that secret police are very good at this but, surprisingly, also that they are not as ubiquitous in autocracies as one may assume, existing in less than 50% of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/11 12:0 a.m.5 views

AI-Based Software Vulnerability Detection: a Systematic Literature Review

Software vulnerabilities in source code pose serious cybersecurity risks, prompting a shift from traditional detection methods e.g., static analysis, rule-based matching to AI-driven approaches. This study presents a systematic review of software vulnerability detection SVD research from 2018 to...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/11 12:0 a.m.3 views

Physical Layer-Based Device Fingerprinting for Wireless Security: from Theory to Practice

The identification of the devices from which a message is received is part of security mechanisms to ensure authentication in wireless communications. Conventional authentication approaches are cryptography-based, which, however, are usually computationally expensive and not adequate in the...

6.8AI score
Exploits0
Total number of security vulnerabilities6894