Lucene search
+L
PacketstormnewsRecent

6907 matches found

Packet Storm News
Packet Storm News
added 2025/06/03 12:0 a.m.4 views

LaSDVS : a Post-Quantum Secure Compact Strong-Designated Verifier Signature

Whitepaper called LaSDVS : A Post-Quantum Secure Compact Strong-Designated Verifier Signature...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/03 12:0 a.m.6 views

Samsung S24 VC1 Decoder Out-Of-Bounds Memset

There are several calls to memset in the vc1 decoder on the Samsung S24, which can write out of bounds of a heap buffer. The length of the memsets in svc1expandrightapfrm are calculated based on length values that don't always correspond to the heap buffer length...

7.8CVSS7AI score0.00142EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/03 12:0 a.m.10 views

BitBypass: a New Direction in Jailbreaking Aligned Large Language Models with Bitstream Camouflage

The inherent risk of generating harmful and unsafe content by Large Language Models LLMs, has highlighted the need for their safety alignment. Various techniques like supervised fine-tuning, reinforcement learning from human feedback, and red-teaming were developed for ensuring the safety alignme...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.5 views

Predictive-CSM: Lightweight Fragment Security for 6LoWPAN IoT Networks

Fragmentation is a routine part of communication in 6LoWPAN-based IoT networks, designed to accommodate small frame sizes on constrained wireless links. However, this process introduces a critical vulnerability fragments are typically stored and processed before their legitimacy is confirmed,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.4 views

Policy As Code, Policy As Type

Policies are designed to distinguish between correct and incorrect actions; they are types. But badly typed actions may cause not compile errors, but financial and reputational harm We demonstrate how even the most complex ABAC policies can be expressed as types in dependently typed languages suc...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.3 views

Peyara Remote Mouse 1.0.1 Unauthenticated Arbitrary File Upload

Peyara Remote Mouse version 1.0.1 suffers from an unauthenticated arbitrary file upload vulnerability...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.4 views

SMOTE-DP: Improving Privacy-Utility Tradeoff with Synthetic Data

Privacy-preserving data publication, including synthetic data sharing, often experiences trade-offs between privacy and utility. Synthetic data is generally more effective than data anonymization in balancing this trade-off, however, not without its own challenges. Synthetic data produced by...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.5 views

Duality on the Thermodynamics of the Kirchhoff-Law-Johnson-Noise (KLJN) Secure Key Exchange Scheme

This study investigates a duality approach to information leak detection in the generalized Kirchhoff-Law-Johnson-Noise secure key exchange scheme proposed by Vadai, Mingesz, and Gingl VMG-KLJN. While previous work by Chamon and Kish sampled voltages at zero-current instances, this research...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.6 views

Formal Security Analysis of SPV Clients Versus Home-Based Full Nodes in Bitcoin-Derived Systems

This paper presents a mathematically rigorous formal analysis of Simplified Payment Verification SPV clients, as specified in Section 8 of the original Bitcoin white paper, versus non-mining full nodes operated by home users. It defines security as resistance to divergence from global consensus a...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.4 views

Peyara Remote Mouse 1.0.1 Remote Code Execution

Peyara Remote Mouse version 1.0.1 contains an unauthenticated remote code execution vulnerability in its WebSocket command interface port 1313. The application fails to validate or sanitize simulated keyboard input commands received via WebSocket connections, allowing attackers to chain malicious...

9.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.7 views

Fingerprinting Deep Learning Models Via Network Traffic Patterns in Federated Learning

Federated Learning FL is increasingly adopted as a decentralized machine learning paradigm due to its capability to preserve data privacy by training models without centralizing user data. However, FL is susceptible to indirect privacy breaches via network traffic analysis-an area not explored in...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.4 views

Trojan Horse Hunt in Time Series Forecasting for Space Operations

This competition hosted on Kaggle https://www.kaggle.com/competitions/trojan-horse-hunt-in-space is the first part of a series of follow-up competitions and hackathons related to the "Assurance for Space Domain AI Applications" project funded by the European Space Agency...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.5 views

COALESCE: Economic and Security Dynamics of Skill-Based Task Outsourcing among Team of Autonomous LLM Agents

The meteoric rise and proliferation of autonomous Large Language Model LLM agents promise significant capabilities across various domains. However, their deployment is increasingly constrained by substantial computational demands, specifically for Graphics Processing Unit GPU resources. This pape...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.5 views

Align Is Not Enough: Multimodal Universal Jailbreak Attack against Multimodal Large Language Models

Large Language Models LLMs have evolved into Multimodal Large Language Models MLLMs, significantly enhancing their capabilities by integrating visual information and other types, thus aligning more closely with the nature of human intelligence, which processes a variety of data forms beyond just...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.6 views

A Systematic Review of Metaheuristics-Based and Machine Learning-Driven Intrusion Detection Systems in IoT

The widespread adoption of the Internet of Things IoT has raised a new challenge for developers since it is prone to known and unknown cyberattacks due to its heterogeneity, flexibility, and close connectivity. To defend against such security breaches, researchers have focused on building...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.6 views

MISLEADER: Defending against Model Extraction with Ensembles of Distilled Models

Model extraction attacks aim to replicate the functionality of a black-box model through query access, threatening the intellectual property IP of machine-learning-as-a-service MLaaS providers. Defending against such attacks is challenging, as it must balance efficiency, robustness, and utility...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.6 views

Singularity Blockchain Key Management Via Non-Custodial Key Management

web3 wallets are key to managing user identity on blockchain. The main purpose of a web3 wallet application is to manage the private key for the user and provide an interface to interact with the blockchain. The key management scheme KMS used by the wallet to store and recover the private key can...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.6 views

Combining Different Existing Methods for Describing Steganography Hiding Methods

The proliferation of digital carriers that can be exploited to conceal arbitrary data has greatly increased the number of techniques for implementing network steganography. As a result, the literature overlaps greatly in terms of concepts and terminology. Moreover, from a cybersecurity viewpoint,...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.6 views

Mitigating Disparate Impact of Differentially Private Learning through Bounded Adaptive Clipping

Differential privacy DP has become an essential framework for privacy-preserving machine learning. Existing DP learning methods, however, often have disparate impacts on model predictions, e.g., for minority groups. Gradient clipping, which is often used in DP learning, can suppress larger...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.5 views

Are Crypto Ecosystems (De)Centralizing? A Framework for Longitudinal Analysis

Blockchain technology relies on decentralization to resist faults and attacks while operating without trusted intermediaries. Although industry experts have touted decentralization as central to their promise and disruptive potential, it is still unclear whether the crypto ecosystems built around...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.6 views

Silence Is Golden: Leveraging Adversarial Examples to Nullify Audio Control in LDM-Based Talking-Head Generation

Advances in talking-head animation based on Latent Diffusion Models LDM enable the creation of highly realistic, synchronized videos. These fabricated videos are indistinguishable from real ones, increasing the risk of potential misuse for scams, political manipulation, and misinformation. Hence,...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.5 views

ETDI: Mitigating Tool Squatting and Rug Pull Attacks in Model Context Protocol (MCP) by Using OAuth-Enhanced Tool Definitions and Policy-Based Access Control

The Model Context Protocol MCP plays a crucial role in extending the capabilities of Large Language Models LLMs by enabling integration with external tools and data sources. However, the standard MCP specification presents significant security vulnerabilities, notably Tool Poisoning and Rug Pull...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.8 views

CSVAR: Enhancing Visual Privacy in Federated Learning Via Adaptive Shuffling against Overfitting

Although federated learning preserves training data within local privacy domains, the aggregated model parameters may still reveal private characteristics. This vulnerability stems from clients' limited training data, which predisposes models to overfitting. Such overfitting enables models to...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.10 views

An Accurate and Efficient Vulnerability Propagation Analysis Framework

Identifying the impact scope and scale is critical for software supply chain vulnerability assessment. However, existing studies face substantial limitations. First, prior studies either work at coarse package-level granularity, producing many false positives, or fail to accomplish whole-ecosyste...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.6 views

Packet Storm New Exploits for May, 2025

This archive contains all of the 129 exploits added to Packet Storm in May, 2025...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.7 views

Synchronic Web Digital Identity: Speculations on the Art of the Possible

As search, social media, and artificial intelligence continue to reshape collective knowledge, the preservation of trust on the public infosphere has become a defining challenge of our time. Given the breadth and versatility of adversarial threats, the best--and perhaps only--defense is an equall...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.8 views

Which Factors Make Code LLMs More Vulnerable to Backdoor Attacks? A Systematic Study

Code LLMs are increasingly employed in software development. However, studies have shown that they are vulnerable to backdoor attacks: when a trigger a specific input pattern appears in the input, the backdoor will be activated and cause the model to generate malicious outputs. Researchers have...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.8 views

Black-Box Crypto Is Useless for Pseudorandom Codes

A pseudorandom code is a keyed error-correction scheme with the property that any polynomial number of encodings appear random to any computationally bounded adversary. We show that the pseudorandomness of any code tolerating a constant rate of random errors cannot be based on black-box reduction...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.7 views

SoK: Concurrency in Blockchain -- a Systematic Literature Review and the Unveiling of a Misconception

Smart contracts, the cornerstone of blockchain technology, enable secure, automated distributed execution. Given their role in handling large transaction volumes across clients, miners, and validators, exploring concurrency is critical. This includes concurrent transaction execution or validation...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.1 views

Understanding the Identity-Transformation Approach in OIDC-Compatible Privacy-Preserving SSO Services

OpenID Connect OIDC enables a user with commercial-off-the-shelf browsers to log into multiple websites, called relying parties RPs, by her username and credential set up in another trusted web system, called the identity provider IdP. Identity transformations are proposed in UppreSSO to provide...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.13 views

ReGA: Representation-Guided Abstraction for Model-Based Safeguarding of LLMs

Large Language Models LLMs have achieved significant success in various tasks, yet concerns about their safety and security have emerged. In particular, they pose risks in generating harmful content and vulnerability to jailbreaking attacks. To analyze and monitor machine learning models,...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/02 12:0 a.m.53 views

WordPress TI WooCommerce Wishlist 2.9.2 Arbitrary File Upload

WordPress TI WooCommerce Wishlist plugin versions 2.9.2 and below suffer from an arbitrary file upload vulnerability...

10CVSS7.2AI score0.05128EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.5 views

A Geometric Square-Based Approach to RSA Integer Factorization

We present a new approach to RSA factorization inspired by geometric interpretations and square differences. This method reformulates the problem in terms of the distance between perfect squares and provides a recurrence relation that allows rapid convergence when the RSA modulus has closely spac...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.5 views

ARIANNA: an Automatic Design Flow for Fabric Customization and EFPGA Redaction

In the modern global Integrated Circuit IC supply chain, protecting intellectual property IP is a complex challenge, and balancing IP loss risk and added cost for theft countermeasures is hard to achieve. Using embedded configurable logic allows designers to completely hide the functionality of...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.7 views

Privacy-Aware, Public-Aligned: Embedding Risk Detection and Public Values into Scalable Clinical Text De-Identification for Trusted Research Environments

Clinical free-text data offers immense potential to improve population health research such as richer phenotyping, symptom tracking, and contextual understanding of patient care. However, these data present significant privacy risks due to the presence of directly or indirectly identifying...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.5 views

IDCloak: a Practical Secure Multi-Party Dataset Join Framework for Vertical Privacy-Preserving Machine Learning

Vertical privacy-preserving machine learning vPPML enables multiple parties to train models on their vertically distributed datasets while keeping datasets private. In vPPML, it is critical to perform the secure dataset join, which aligns features corresponding to intersection IDs across datasets...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.9 views

SpeechVerifier: Robust Acoustic Fingerprint against Tampering Attacks Via Watermarking

With the surge of social media, maliciously tampered public speeches, especially those from influential figures, have seriously affected social stability and public trust. Existing speech tampering detection methods remain insufficient: they either rely on external reference data or fail to be bo...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.7 views

Autoregressive Images Watermarking through Lexical Biasing: an Approach Resistant to Regeneration Attack

Autoregressive AR image generation models have gained increasing attention for their breakthroughs in synthesis quality, highlighting the need for robust watermarking to prevent misuse. However, existing in-generation watermarking techniques are primarily designed for diffusion models, where...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.8 views

Nearly-Linear Time Private Hypothesis Selection with the Optimal Approximation Factor

Estimating the density of a distribution from its samples is a fundamental problem in statistics. Hypothesis selection addresses the setting where, in addition to a sample set, we are given $n$ candidate distributions -- referred to as hypotheses -- and the goal is to determine which one best...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.6 views

Developing a Risk Identification Framework for Foundation Model Uses

As foundation models grow in both popularity and capability, researchers have uncovered a variety of ways that the models can pose a risk to the model's owner, user, or others. Despite the efforts of measuring these risks via benchmarks and cataloging them in AI risk taxonomies, there is little...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.7 views

From past to Present: a Survey of Malicious URL Detection Techniques, Datasets and Code Repositories

Malicious URLs persistently threaten the cybersecurity ecosystem, by either deceiving users into divulging private data or distributing harmful payloads to infiltrate host systems. Gaining timely insights into the current state of this ongoing battle holds significant importance. However, existin...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.7 views

A Large Language Model-Supported Threat Modeling Framework for Transportation Cyber-Physical Systems

Modern transportation systems rely on cyber-physical systems CPS, where cyber systems interact seamlessly with physical systems like transportation-related sensors and actuators to enhance safety, mobility, and energy efficiency. However, growing automation and connectivity increase exposure to...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.2 views

SPEAR: Security Posture Evaluation Using AI Planner-Reasoning on Attack-Connectivity Hypergraphs

Graph-based frameworks are often used in network hardening to help a cyber defender understand how a network can be attacked and how the best defenses can be deployed. However, incorporating network connectivity parameters in the attack graph, reasoning about the attack graph when we do not have...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.6 views

Quantum Key Distribution by Quantum Energy Teleportation

Quantum energy teleportation QET is a process that leverages quantum entanglement and local operations to transfer energy between two spatially separated locations without physically transporting particles or energy carriers. We construct a QET-based quantum key distribution QKD protocol and...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/01 12:0 a.m.1 views

Simple Prompt Injection Attacks Can Leak Personal Data Observed by LLM Agents during Task Execution

Previous benchmarks on prompt injection in large language models LLMs have primarily focused on generic tasks and attacks, offering limited insights into more complex threats like data exfiltration. This paper examines how prompt injection can cause tool-calling agents to leak personal data...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.8 views

SafeGenes: Evaluating the Adversarial Robustness of Genomic Foundation Models

Genomic Foundation Models GFMs, such as Evolutionary Scale Modeling ESM, have demonstrated significant success in variant effect prediction. However, their adversarial robustness remains largely unexplored. To address this gap, we propose SafeGenes: a framework for Secure analysis of genomic...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.5 views

Con Instruction: Universal Jailbreaking of Multimodal Large Language Models Via Non-Textual Modalities

Existing attacks against multimodal language models MLLMs primarily communicate instructions through text accompanied by adversarial images. In contrast, we exploit the capabilities of MLLMs to interpret non-textual instructions, specifically, adversarial images or audio generated by our novel...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.6 views

Browser Fingerprinting Using WebAssembly

Web client fingerprinting has become a widely used technique for uniquely identifying users, browsers, operating systems, and devices with high accuracy. While it is beneficial for applications such as fraud detection and personalized experiences, it also raises privacy concerns by enabling...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.18 views

PackHero: a Scalable Graph-Based Approach for Efficient Packer Identification

Anti-analysis techniques, particularly packing, challenge malware analysts, making packer identification fundamental. Existing packer identifiers have significant limitations: signature-based methods lack flexibility and struggle against dynamic evasion, while Machine Learning approaches require...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.8 views

Docker under Siege: Securing Containers in the Modern Era

Containerization, driven by Docker, has transformed application development and deployment by enhancing efficiency and scalability. However, the rapid adoption of container technologies introduces significant security challenges that require careful management. This paper investigates key areas o...

7AI score
Exploits0
Total number of security vulnerabilities6907