Lucene search
+L
PacketstormnewsRecent

6894 matches found

Packet Storm News
Packet Storm News
•added 2025/06/04 12:0 a.m.•6 views

Design, Implementation, and Analysis of Fair Faucets for Blockchain Ecosystems

The present dissertation addresses the problem of fairly distributing shared resources in non-commercial blockchain networks. Blockchains are distributed systems that order and timestamp records of a given network of users, in a public, cryptographically secure, and consensual way. The records,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/04 12:0 a.m.•5 views

Spanning-Tree-Packing Protocol for Conference Key Propagation in Quantum Networks

We consider a network of users connected by pairwise quantum key distribution QKD links. Using these pairwise secret keys and public classical communication, the users want to generate a common conference secret key at the maximal rate. We propose an algorithm based on spanning tree packing a kno...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/04 12:0 a.m.•7 views

FERRET: Private Deep Learning Faster and Better Than DPSGD

We revisit 1-bit gradient compression through the lens of mutual-information differential privacy MI-DP. Building on signSGD, we propose FERRET--Fast and Effective Restricted Release for Ethical Training--which transmits at most one sign bit per parameter group with Bernoulli masking. Theory: We...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/04 12:0 a.m.•6 views

Towards Trustworthy Federated Learning with Untrusted Participants

Resilience against malicious participants and data privacy are essential for trustworthy federated learning, yet achieving both with good utility typically requires the strong assumption of a trusted central server. This paper shows that a significantly weaker assumption suffices: each pair of...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•7 views

Request-Baskets Server-Side Request Forgery

Request-Baskets versions up to 1.2.1 proof of concept server-side request forgery exploit...

6.5CVSS6.2AI score0.06976EPSS
Exploits29
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•6 views

ATAG: AI-Agent Application Threat Assessment with Attack Graphs

Evaluating the security of multi-agent systems MASs powered by large language models LLMs is challenging, primarily because of the systems' complex internal dynamics and the evolving nature of LLM vulnerabilities. Traditional attack graph AG methods often lack the specific capabilities to model...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•6 views

Keyed Chaotic Dynamics for Privacy-Preserving Neural Inference

Neural network inference typically operates on raw input data, increasing the risk of exposure during preprocessing and inference. Moreover, neural architectures lack efficient built-in mechanisms for directly authenticating input data. This work introduces a novel encryption method for ensuring...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•6 views

Samsung S24 VC1 Decoder Out-Of-Bounds Write

There is an out-of-bounds write to a heap buffer in the Samsung S24 VC1 decoder. The function svc1drrfrm can write outside of the allocated frame buffers in several locations due to incorrect calculations of buffer offsets...

7.8CVSS7.2AI score0.00142EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•4 views

An Algorithmic Pipeline for GDPR-Compliant Healthcare Data Anonymisation: Moving toward Standardisation

High-quality real-world data RWD is essential for healthcare but must be transformed to comply with the General Data Protection Regulation GDPR. GDPRs broad definitions of quasi-identifiers QIDs and sensitive attributes SAs complicate implementation. We aim to standardise RWD anonymisation for GD...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•6 views

Robust Anti-Backdoor Instruction Tuning in LVLMs

Large visual language models LVLMs have demonstrated excellent instruction-following capabilities, yet remain vulnerable to stealthy backdoor attacks when finetuned using contaminated data. Existing backdoor defense techniques are usually developed for single-modal visual or language models under...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•7 views

Mind the Gap: a Practical Attack on GGUF Quantization

With the increasing size of frontier LLMs, post-training quantization has become the standard for memory-efficient deployment. Recent work has shown that basic rounding-based quantization schemes pose security risks, as they can be exploited to inject malicious behaviors into quantized models tha...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•2 views

How Stealthy Is Stealthy? Studying the Efficacy of Black-Box Adversarial Attacks in the Real World

Deep learning systems, critical in domains like autonomous vehicles, are vulnerable to adversarial examples crafted inputs designed to mislead classifiers. This study investigates black-box adversarial attacks in computer vision. This is a realistic scenario, where attackers have query-only acces...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•2 views

Measuring Likelihood in Cybersecurity

In cybersecurity risk is commonly measured by impact and probability, the former is objectively measured based on the consequences from the use of technology to obtain business gains, or by achieving business objectives. The latter has been measured, in sectors such as financial or insurance, bas...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•5 views

SAP GuiXT Scripting Issues

Multiple vulnerabilities have been discovered in SAP GuiXT scripting, which could allow an attacker to perform remote code execution, steal NTLM hashes, conduct client-side request forgery attacks, and launch denial of service DoS attacks. These vulnerabilities arise from insecure design principl...

7.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•4 views

Differentially Private Distribution Release of Gaussian Mixture Models Via KL-Divergence Minimization

Gaussian Mixture Models GMMs are widely used statistical models for representing multi-modal data distributions, with numerous applications in data mining, pattern recognition, data simulation, and machine learning. However, recent research has shown that releasing GMM parameters poses significan...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•4 views

Decentralized COVID-19 Health System Leveraging Blockchain

With the development of the Internet, the amount of data generated by the medical industry each year has grown exponentially. The Electronic Health Record EHR manages the electronic data generated during the user's treatment process. Typically, an EHR data manager belongs to a medical institution...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•5 views

Secure and Private Federated Learning: Achieving Adversarial Resilience through Robust Aggregation

Federated Learning FL enables collaborative machine learning across decentralized data sources without sharing raw data. It offers a promising approach to privacy-preserving AI. However, FL remains vulnerable to adversarial threats from malicious participants, referred to as Byzantine clients, wh...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•5 views

VPI-Bench: Visual Prompt Injection Attacks for Computer-Use Agents

Computer-Use Agents CUAs with full system access enable powerful task automation but pose significant security and privacy risks due to their ability to manipulate files, access user data, and execute arbitrary commands. While prior work has focused on browser-based agents and HTML-level attacks,...

7.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•6 views

BadReward: Clean-Label Poisoning of Reward Models in Text-To-Image RLHF

Reinforcement Learning from Human Feedback RLHF is crucial for aligning text-to-image T2I models with human preferences. However, RLHF's feedback mechanism also opens new pathways for adversaries. This paper demonstrates the feasibility of hijacking T2I models by poisoning a small fraction of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•5 views

I2P 2.9.0

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•6 views

Poster: FedBlockParadox -- a Framework for Simulating and Securing Decentralized Federated Learning

A significant body of research in decentralized federated learning focuses on combining the privacy-preserving properties of federated learning with the resilience and transparency offered by blockchain-based systems. While these approaches are promising, they often lack flexible tools to evaluat...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•3 views

CyberGym: Evaluating AI Agents' Cybersecurity Capabilities with Real-World Vulnerabilities at Scale

Large language model LLM agents are becoming increasingly skilled at handling cybersecurity tasks autonomously. Thoroughly assessing their cybersecurity capabilities is critical and urgent, given the high stakes in this domain. However, existing benchmarks fall short, often failing to capture...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•3 views

Attention Knows Whom to Trust: Attention-Based Trust Management for LLM Multi-Agent Systems

Large Language Model-based Multi-Agent Systems LLM-MAS have demonstrated strong capabilities in solving complex tasks but remain vulnerable when agents receive unreliable messages. This vulnerability stems from a fundamental gap: LLM agents treat all incoming messages equally without evaluating...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•5 views

Samsung S24 MP3 Decoder Out-Of-Bounds Read

There is an out-of-bounds read in the MP3 decoder in the Samsung S24. The function smp123djointstereov1 indexes into several tables for decoding, and does not check that the index is valid, allowing the tables to be read out of bounds. It may be possible to use this bug to bypass ASLR, as loading...

6.2CVSS6.8AI score0.00159EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•5 views

Privacy Leaks by Adversaries: Adversarial Iterations for Membership Inference Attack

Membership inference attack MIA has become one of the most widely used and effective methods for evaluating the privacy risks of machine learning models. These attacks aim to determine whether a specific sample is part of the model's training set by analyzing the model's output. While traditional...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•6 views

Heterogeneous Secure Transmissions in IRS-Assisted NOMA Communications: CO-GNN Approach

Intelligent Reflecting Surfaces IRS enhance spectral efficiency by adjusting reflection phase shifts, while Non-Orthogonal Multiple Access NOMA increases system capacity. Consequently, IRS-assisted NOMA communications have garnered significant research interest. However, the passive nature of the...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•5 views

A Review of Various Datasets for Machine Learning Algorithm-Based Intrusion Detection System: Advances and Challenges

IDS aims to protect computer networks from security threats by detecting, notifying, and taking appropriate action to prevent illegal access and protect confidential information. As the globe becomes increasingly dependent on technology and automated processes, ensuring secured systems,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•4 views

ChainMarks: Securing DNN Watermark with Cryptographic Chain

With the widespread deployment of deep neural network DNN models, dynamic watermarking techniques are being used to protect the intellectual property of model owners. However, recent studies have shown that existing watermarking schemes are vulnerable to watermark removal and ambiguity attacks...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•4 views

Sylva: Tailoring Personalized Adversarial Defense in Pre-Trained Models Via Collaborative Fine-Tuning

Whitepaper called Sylva: Tailoring Personalized Adversarial Defense In Pre-Trained Models Via Collaborative Fine-Tuning...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•4 views

When Blockchain Meets Crawlers: Real-Time Market Analytics in Solana NFT Markets

In this paper, we design and implement a web crawler system based on the Solana blockchain for the automated collection and analysis of market data for popular non-fungible tokens NFTs on the chain. Firstly, the basic information and transaction data of popular NFTs on the Solana chain are...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•19 views

Vulnerability Management Chaining: an Integrated Framework for Efficient Cybersecurity Risk Prioritization

Cybersecurity teams face an overwhelming vulnerability crisis: with 25,000+ new CVEs disclosed annually, traditional CVSS-based prioritization requires addressing 60% of all vulnerabilities while correctly identifying only 20% of those actually exploited. We propose Vulnerability Management...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•5 views

Youpot Worm Honeypot

Youpot listens on all TCP ports and connects to the attacker IP on the same port they connected to you on, proxying traffic back at them. This allows you to watch the attacker attack themselves. This project was presented at Confidence 2025...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•5 views

Tarallo: Evading Behavioral Malware Detectors in the Problem Space

Machine learning algorithms can effectively classify malware through dynamic behavior but are susceptible to adversarial attacks. Existing attacks, however, often fail to find an effective solution in both the feature and problem spaces. This issue arises from not addressing the intrinsic...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•5 views

Combining Threat Intelligence with IoT Scanning to Predict Cyber Attack

While the Web has become a global platform for communication, malicious actors, including hackers and hacktivist groups, often disseminate ideological content and coordinate activities through the "Dark Web", an obscure counterpart of the conventional web. Presently, challenges such as informatio...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•8 views

TherMod Communication: Low Power or Hot Air?

The Kirchhoff-Law-Johnson-Noise KLJN secure key exchange scheme leverages statistical physics to enable secure communication with zero average power flow in a wired channel. While the original KLJN scheme requires significant power for operation, a recent wireless modification, TherMod, proposed ...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•2 views

Poster: Libdebug, Build Your Own Debugger for a Better (Hello) World

Automated debugging, long pursued in a variety of fields from software engineering to cybersecurity, requires a framework that offers the building blocks for a programmable debugging workflow. However, existing debuggers are primarily tailored for human interaction, and those designed for...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•1 views

Identifying Key Expert Actors in Cybercrime Forums Based on Their Technical Expertise

The advent of Big Data has made the collection and analysis of cyber threat intelligence challenging due to its volume, leading research to focus on identifying key threat actors; yet these studies have failed to consider the technical expertise of these actors. Expertise, especially towards...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•4 views

LaSDVS : a Post-Quantum Secure Compact Strong-Designated Verifier Signature

Whitepaper called LaSDVS : A Post-Quantum Secure Compact Strong-Designated Verifier Signature...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•6 views

Samsung S24 VC1 Decoder Out-Of-Bounds Memset

There are several calls to memset in the vc1 decoder on the Samsung S24, which can write out of bounds of a heap buffer. The length of the memsets in svc1expandrightapfrm are calculated based on length values that don't always correspond to the heap buffer length...

7.8CVSS7AI score0.00142EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/03 12:0 a.m.•10 views

BitBypass: a New Direction in Jailbreaking Aligned Large Language Models with Bitstream Camouflage

The inherent risk of generating harmful and unsafe content by Large Language Models LLMs, has highlighted the need for their safety alignment. Various techniques like supervised fine-tuning, reinforcement learning from human feedback, and red-teaming were developed for ensuring the safety alignme...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/02 12:0 a.m.•5 views

Predictive-CSM: Lightweight Fragment Security for 6LoWPAN IoT Networks

Fragmentation is a routine part of communication in 6LoWPAN-based IoT networks, designed to accommodate small frame sizes on constrained wireless links. However, this process introduces a critical vulnerability fragments are typically stored and processed before their legitimacy is confirmed,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/02 12:0 a.m.•4 views

Policy As Code, Policy As Type

Policies are designed to distinguish between correct and incorrect actions; they are types. But badly typed actions may cause not compile errors, but financial and reputational harm We demonstrate how even the most complex ABAC policies can be expressed as types in dependently typed languages suc...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/02 12:0 a.m.•3 views

Peyara Remote Mouse 1.0.1 Unauthenticated Arbitrary File Upload

Peyara Remote Mouse version 1.0.1 suffers from an unauthenticated arbitrary file upload vulnerability...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/02 12:0 a.m.•4 views

SMOTE-DP: Improving Privacy-Utility Tradeoff with Synthetic Data

Privacy-preserving data publication, including synthetic data sharing, often experiences trade-offs between privacy and utility. Synthetic data is generally more effective than data anonymization in balancing this trade-off, however, not without its own challenges. Synthetic data produced by...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/02 12:0 a.m.•5 views

Duality on the Thermodynamics of the Kirchhoff-Law-Johnson-Noise (KLJN) Secure Key Exchange Scheme

This study investigates a duality approach to information leak detection in the generalized Kirchhoff-Law-Johnson-Noise secure key exchange scheme proposed by Vadai, Mingesz, and Gingl VMG-KLJN. While previous work by Chamon and Kish sampled voltages at zero-current instances, this research...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/02 12:0 a.m.•6 views

Formal Security Analysis of SPV Clients Versus Home-Based Full Nodes in Bitcoin-Derived Systems

This paper presents a mathematically rigorous formal analysis of Simplified Payment Verification SPV clients, as specified in Section 8 of the original Bitcoin white paper, versus non-mining full nodes operated by home users. It defines security as resistance to divergence from global consensus a...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/02 12:0 a.m.•4 views

Peyara Remote Mouse 1.0.1 Remote Code Execution

Peyara Remote Mouse version 1.0.1 contains an unauthenticated remote code execution vulnerability in its WebSocket command interface port 1313. The application fails to validate or sanitize simulated keyboard input commands received via WebSocket connections, allowing attackers to chain malicious...

9.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/02 12:0 a.m.•7 views

Fingerprinting Deep Learning Models Via Network Traffic Patterns in Federated Learning

Federated Learning FL is increasingly adopted as a decentralized machine learning paradigm due to its capability to preserve data privacy by training models without centralizing user data. However, FL is susceptible to indirect privacy breaches via network traffic analysis-an area not explored in...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/02 12:0 a.m.•7 views

Black-Box Crypto Is Useless for Pseudorandom Codes

A pseudorandom code is a keyed error-correction scheme with the property that any polynomial number of encodings appear random to any computationally bounded adversary. We show that the pseudorandomness of any code tolerating a constant rate of random errors cannot be based on black-box reduction...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/06/02 12:0 a.m.•4 views

Trojan Horse Hunt in Time Series Forecasting for Space Operations

This competition hosted on Kaggle https://www.kaggle.com/competitions/trojan-horse-hunt-in-space is the first part of a series of follow-up competitions and hackathons related to the "Assurance for Space Domain AI Applications" project funded by the European Space Agency...

6.8AI score
Exploits0
Total number of security vulnerabilities6894