Lucene search
+L
PacketstormnewsRecent

6894 matches found

Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•1 views

TrustConnect: an In-Vehicle Anomaly Detection Framework through Topology-Based Trust Rating

Modern vehicles are equipped with numerous in-vehicle components that interact with the external environment through remote communications and services, such as Bluetooth and vehicle-to-infrastructure communication. These components form a network, exchanging information to ensure the proper...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•7 views

Scoring the Unscorables: Cyber Risk Assessment beyond Internet Scans

In this paper we present a study on using novel data types to perform cyber risk quantification by estimating the likelihood of a data breach. We demonstrate that it is feasible to build a highly accurate cyber risk assessment model using public and readily available technology signatures obtaine...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•4 views

Towards Lifecycle Unlearning Commitment Management: Measuring Sample-Level Unlearning Completeness

Growing concerns over data privacy and security highlight the importance of machine unlearning--removing specific data influences from trained models without full retraining. Techniques like Membership Inference Attacks MIAs are widely used to externally assess successful unlearning. However,...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•6 views

GeoClip: Geometry-Aware Clipping for Differentially Private SGD

Differentially private stochastic gradient descent DP-SGD is the most widely used method for training machine learning models with provable privacy guarantees. A key challenge in DP-SGD is setting the per-sample gradient clipping threshold, which significantly affects the trade-off between privac...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•4 views

Dual-Conditional Deep Generation of Network Traffic Data for Network Intrusion Detection System Balancing

Whitepaper called Dual-Conditional Deep Generation Of Network Traffic Data For Network Intrusion Detection System Balancing...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•7 views

SDN-Based False Data Detection with Its Mitigation and Machine Learning Robustness for In-Vehicle Networks

As the development of autonomous and connected vehicles advances, the complexity of modern vehicles increases, with numerous Electronic Control Units ECUs integrated into the system. In an in-vehicle network, these ECUs communicate with one another using an standard protocol called Controller Are...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•7 views

Optimization-Free Universal Watermark Forgery with Regenerative Diffusion Models

Watermarking becomes one of the pivotal solutions to trace and verify the origin of synthetic images generated by artificial intelligence models, but it is not free of risks. Recent studies demonstrate the capability to forge watermarks from a target image onto cover images via adversarial...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•6 views

What Really Is a Member? Discrediting Membership Inference Via Poisoning

Membership inference tests aim to determine whether a particular data point was included in a language model's training set. However, recent works have shown that such tests often fail under the strict definition of membership based on exact matching, and have suggested relaxing this definition t...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•4 views

PoCGen: Generating Proof-Of-Concept Exploits for Vulnerabilities in Npm Packages

Security vulnerabilities in software packages are a significant concern for developers and users alike. Patching these vulnerabilities in a timely manner is crucial to restoring the integrity and security of software systems. However, previous work has shown that vulnerability reports often lack...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•5 views

SATversary: Adversarial Attacks on Satellite Fingerprinting

As satellite systems become increasingly vulnerable to physical layer attacks via SDRs, novel countermeasures are being developed to protect critical systems, particularly those lacking cryptographic protection, or those which cannot be upgraded to support modern cryptography. Among these is...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•5 views

Faraday 5.14.1

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•5 views

Securing Traffic Sign Recognition Systems in Autonomous Vehicles

Deep Neural Networks DNNs are widely used for traffic sign recognition because they can automatically extract high-level features from images. These DNNs are trained on large-scale datasets obtained from unknown sources. Therefore, it is important to ensure that the models remain secure and are n...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•5 views

Cyber Security of Sensor Systems for State Sequence Estimation: an AI Approach

Sensor systems are extremely popular today and vulnerable to sensor data attacks. Due to possible devastating consequences, counteracting sensor data attacks is an extremely important topic, which has not seen sufficient study. This paper develops the first methods that accurately...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•7 views

Stealix: Model Stealing Via Prompt Evolution

Model stealing poses a significant security risk in machine learning by enabling attackers to replicate a black-box model without access to its training data, thus jeopardizing intellectual property and exposing sensitive information. Recent methods that use pre-trained diffusion models for data...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•5 views

Falco 0.41.1

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•8 views

GNUnet P2P Framework 0.24.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•5 views

NIH BRICS 14.0.0-67 Predictable Tokens

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 generates predictable tokens that depend on username, time, and the fixed 7Dl9dj- string and thus allows unauthenticated users with a Common Access Card CAC to escalate privileges and compromise any account, includin...

7.5CVSS7.2AI score0.00619EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•2 views

Stochastic Training for Side-Channel Resilient AI

The confidentiality of trained AI models on edge devices is at risk from side-channel attacks exploiting power and electromagnetic emissions. This paper proposes a novel training methodology to enhance resilience against such threats by introducing randomized and interchangeable model...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•5 views

Membership Inference Attacks for Unseen Classes

Shadow model attacks are the state-of-the-art approach for membership inference attacks on machine learning models. However, these attacks typically assume an adversary has access to a background nonmember data distribution that matches the distribution the target model was trained on. We initiat...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•12 views

There'S Waldo: PCB Tamper Forensic Analysis Using Explainable AI on Impedance Signatures

The security of printed circuit boards PCBs has become increasingly vital as supply chain vulnerabilities, including tampering, present significant risks to electronic systems. While detecting tampering on a PCB is the first step for verification, forensics is also needed to identify the modified...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•8 views

Combating Reentrancy Bugs on Sharded Blockchains

Reentrancy is a well-known source of smart contract bugs on Ethereum, leading e.g. to double-spending vulnerabilities in DeFi applications. But less is known about this problem in other blockchains, which can have significantly different execution models. Sharded blockchains in particular general...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•6 views

Benchmarking Misuse Mitigation against Covert Adversaries

Existing language model safety evaluations focus on overt attacks and low-stakes tasks. Realistic attackers can subvert current safeguards by requesting help on small, benign-seeming tasks across many independent queries. Because individual queries do not appear harmful, the attack is hard to...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•6 views

The Complexity of the SupportMinors Modeling for the MinRank Problem

In this note, we provide proven estimates for the complexity of the SupportMinors Modeling, mostly confirming the heuristic complexity estimates contained in the original article...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•9 views

XWiki 15.10.10 Remote Code Execution

XWiki versions up to 15.10.10 proof of concept remote code execution exploit written in go...

9.8CVSS9.1AI score0.99898EPSS
Exploits51
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•6 views

PROVSYN: Synthesizing Provenance Graphs for Data Augmentation in Intrusion Detection Systems

Provenance graph analysis plays a vital role in intrusion detection, particularly against Advanced Persistent Threats APTs, by exposing complex attack patterns. While recent systems combine graph neural networks GNNs with natural language processing NLP to capture structural and semantic features...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•7 views

Web Intellectual Property at Risk: Preventing Unauthorized Real-Time Retrieval by Large Language Models

The protection of cyber Intellectual Property IP such as web content is an increasingly critical concern. The rise of large language models LLMs with online retrieval capabilities enables convenient access to information but often undermines the rights of original content creators. As users...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•19 views

PrivTru: a Privacy-By-Design Data Trustee Minimizing Information Leakage

Data trustees serve as intermediaries that facilitate secure data sharing between independent parties. This paper offers a technical perspective on Data trustees, guided by privacy-by-design principles. We introduce PrivTru, an instantiation of a data trustee that provably achieves optimal privac...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•3 views

A Systematic Review of Poisoning Attacks against Large Language Models

With the widespread availability of pretrained Large Language Models LLMs and their training datasets, concerns about the security risks associated with their usage has increased significantly. One of these security risks is the threat of LLM poisoning attacks where an attacker modifies some part...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•3 views

FIST: a Structured Threat Modeling Framework for Fraud Incidents

Fraudulent activities are rapidly evolving, employing increasingly diverse and sophisticated methods that pose serious threats to individuals, organizations, and society. This paper proposes the FIST Framework Fraud Incident Structured Threat Framework, an innovative structured threat modeling...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•6 views

Depermissioning Web3: a Permissionless Accountable RPC Protocol for Blockchain Networks

In blockchain networks, so-called "full nodes" serve data to and relay transactions from clients through an RPC interface. This serving layer enables integration of "Web3" data, stored on blockchains, with "Web2" mobile or web applications that cannot directly participate as peers in a blockchain...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•10 views

Obfuscation-Resilient Binary Code Similarity Analysis Using Dominance Enhanced Semantic Graph

Binary code similarity analysis BCSA serves as a core technique for binary analysis tasks such as vulnerability detection. While current graph-based BCSA approaches capture substantial semantics and show strong performance, their performance suffers under code obfuscation due to the unstable...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•1 views

To Protect the LLM Agent against the Prompt Injection Attack with Polymorphic Prompt

LLM agents are widely used as agents for customer support, content generation, and code assistance. However, they are vulnerable to prompt injection attacks, where adversarial inputs manipulate the model's behavior. Traditional defenses like input sanitization, guard models, and guardrails are...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•6 views

Rethinking Machine Unlearning in Image Generation Models

With the surge and widespread application of image generation models, data privacy and content safety have become major concerns and attracted great attention from users, service providers, and policymakers. Machine unlearning MU is recognized as a cost-effective and promising means to address...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•5 views

Differentially Private Explanations for Clusters

The dire need to protect sensitive data has led to various flavors of privacy definitions. Among these, Differential privacy DP is considered one of the most rigorous and secure notions of privacy, enabling data analysis while preserving the privacy of data contributors. One of the fundamental...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•5 views

HeavyWater and SimplexWater: Watermarking Low-Entropy Text Distributions

Large language model LLM watermarks enable authentication of text provenance, curb misuse of machine-generated text, and promote trust in AI systems. Current watermarks operate by changing the next-token predictions output by an LLM. The updated i.e., watermarked predictions depend on random side...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•11 views

WordPress HyperComments 1.2.2 Privilege Escalation

WordPress HyperComments plugin versions 1.2.2 and below suffer from an unauthenticated remote privilege escalation vulnerability...

9.8CVSS9.2AI score0.01779EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•42 views

Joint-GCG: Unified Gradient-Based Poisoning Attacks on Retrieval-Augmented Generation Systems

Retrieval-Augmented Generation RAG systems enhance Large Language Models LLMs by retrieving relevant documents from external corpora before generating responses. This approach significantly expands LLM capabilities by leveraging vast, up-to-date external knowledge. However, this reliance on...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•6 views

Wireshark Analyzer 4.4.7

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

7.8CVSS6.6AI score0.00297EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•6 views

Saffron-1: Towards an Inference Scaling Paradigm for LLM Safety Assurance

Existing safety assurance research has primarily focused on training-phase alignment to instill safe behaviors into LLMs. However, recent studies have exposed these methods' susceptibility to diverse jailbreak attacks. Concurrently, inference scaling has significantly advanced LLM reasoning...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•1 views

Conformal-DP: Data Density Aware Privacy on Riemannian Manifolds Via Conformal Transformation

Whitepaper called Conformal-DP: Data Density Aware Privacy On Riemannian Manifolds Via Conformal Transformation...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•7 views

A Certified Unlearning Approach without Access to Source Data

With the growing adoption of data privacy regulations, the ability to erase private or copyrighted information from trained models has become a crucial requirement. Traditional unlearning methods often assume access to the complete training dataset, which is unrealistic in scenarios where the...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/06 12:0 a.m.•7 views

Breaking the Gaussian Barrier: Residual-PAC Privacy for Automatic Privatization

The Probably Approximately Correct PAC Privacy framework 1 provides a powerful instance-based methodology for certifying privacy in complex data-driven systems. However, existing PAC Privacy algorithms rely on a Gaussian mutual information upper bound. We show that this is in general too...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/05 12:0 a.m.•5 views

Comprehensive Vulnerability Analysis Is Necessary for Trustworthy LLM-MAS

This paper argues that a comprehensive vulnerability analysis is essential for building trustworthy Large Language Model-based Multi-Agent Systems LLM-MAS. These systems, which consist of multiple LLM-powered agents working collaboratively, are increasingly deployed in high-stakes applications bu...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/05 12:0 a.m.•6 views

Explainer-Guided Targeted Adversarial Attacks against Binary Code Similarity Detection Models

Binary code similarity detection BCSD serves as a fundamental technique for various software engineering tasks, e.g., vulnerability detection and classification. Attacks against such models have therefore drawn extensive attention, aiming at misleading the models to generate erroneous predictions...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/05 12:0 a.m.•17 views

Sentinel: SOTA Model to Protect against Prompt Injections

Large Language Models LLMs are increasingly powerful but remain vulnerable to prompt injection attacks, where malicious inputs cause the model to deviate from its intended instructions. This paper introduces Sentinel, a novel detection model, qualifire/prompt-injection-sentinel, based on the...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/05 12:0 a.m.•4 views

Hermes: High-Performance Homomorphically Encrypted Vector Databases

Whitepaper called Hermes: High-Performance Homomorphically Encrypted Vector Databases...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/05 12:0 a.m.•6 views

Hybrid Stabilization Protocol for Cross-Chain Digital Assets Using Adaptor Signatures and AI-Driven Arbitrage

Stablecoins face an unresolved trilemma of balancing decentralization, stability, and regulatory compliance. We present a hybrid stabilization protocol that combines crypto-collateralized reserves, algorithmic futures contracts, and cross-chain liquidity pools to achieve robust price adherence...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/05 12:0 a.m.•5 views

Incentivizing Collaborative Breach Detection

Decoy passwords, or "honeywords," alert a site to its breach if they are ever entered in a login attempt on that site. However, an attacker can identify a user-chosen password from among the decoys, without risk of alerting the site to its breach, by performing credential stuffing, i.e., entering...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/05 12:0 a.m.•8 views

Privacy Amplification through Synthetic Data: Insights from Linear Regression

Synthetic data inherits the differential privacy guarantees of the model used to generate it. Additionally, synthetic data may benefit from privacy amplification when the generative model is kept hidden. While empirical studies suggest this phenomenon, a rigorous theoretical understanding is stil...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/05 12:0 a.m.•3 views

STOPA: a Database of Systematic VariaTion of DeePfake Audio for Open-Set Source Tracing and Attribution

A key research area in deepfake speech detection is source tracing - determining the origin of synthesised utterances. The approaches may involve identifying the acoustic model AM, vocoder model VM, or other generation-specific parameters. However, progress is limited by the lack of a dedicated,...

6.9AI score
Exploits0
Total number of security vulnerabilities6894