Lucene search
+L
PacketstormnewsRecent

6907 matches found

Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.4 views

Teaching an Old LLM Secure Coding: Localized Preference Optimization on Distilled Preferences

LLM generated code often contains security issues. We address two key challenges in improving secure code generation. First, obtaining high quality training data covering a broad set of security issues is critical. To address this, we introduce a method for distilling a preference dataset of...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.6 views

Bridging the Gap between Hardware Fuzzing and Industrial Verification

As hardware design complexity increases, hardware fuzzing emerges as a promising tool for automating the verification process. However, a significant gap still exists before it can be applied in industry. This paper aims to summarize the current progress of hardware fuzzing from an industry-use...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.4 views

Security Concerns for Large Language Models: a Survey

Large Language Models LLMs such as GPT-4 and its recent iterations, Google's Gemini, Anthropic's Claude 3 models, and xAI's Grok have caused a revolution in natural language processing, but their capabilities also introduce new security vulnerabilities. In this survey, we provide a comprehensive...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.5 views

Assessing and Enhancing Quantum Readiness in Mobile Apps

Quantum computers threaten widely deployed cryptographic primitives such as RSA, DSA, and ECC. While NIST has released post-quantum cryptographic PQC standards e.g., Kyber, Dilithium, mobile app ecosystems remain largely unprepared for this transition. We present a large-scale binary analysis of...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.7 views

Communication Efficient Multiparty Private Set Intersection from Multi-Point Sequential OPRF

Multiparty private set intersection MPSI allows multiple participants to compute the intersection of their locally owned data sets without revealing them. MPSI protocols can be categorized based on the network topology of nodes, with the star, mesh, and ring topologies being the primary types,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.6 views

Video Signature: In-Generation Watermarking for Latent Video Diffusion Models

The rapid development of Artificial Intelligence Generated Content AIGC has led to significant progress in video generation but also raises serious concerns about intellectual property protection and reliable content tracing. Watermarking is a widely adopted solution to this issue, but existing...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.3 views

Blockchain-Enabled Privacy-Preserving Second-Order Federated Edge Learning in Personalized Healthcare

Federated learning FL has attracted increasing attention to mitigate security and privacy challenges in traditional cloud-centric machine learning models specifically in healthcare ecosystems. FL methodologies enable the training of global models through localized policies, allowing independent...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.6 views

Amatriciana: Exploiting Temporal GNNs for Robust and Efficient Money Laundering Detection

Money laundering is a financial crime that poses a serious threat to financial integrity and social security. The growing number of transactions makes it necessary to use automatic tools that help law enforcement agencies detect such criminal activity. In this work, we present Amatriciana, a nove...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.10 views

Improving LLM Agents with Reinforcement Learning on Cryptographic CTF Challenges

Large Language Models LLMs still struggle with the structured reasoning and tool-assisted computation needed for problem solving in cybersecurity applications. In this work, we introduce "random-crypto", a cryptographic Capture-the-Flag CTF challenge generator framework that we use to fine-tune a...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.7 views

Adaptive and Efficient Dynamic Memory Management for Hardware Enclaves

The second version of Intel Software Guard Extensions Intel SGX, or SGX2, adds dynamic management of enclave memory and threads. The first version required the address space and thread counts to be fixed before execution. The Enclave Dynamic Memory Management EDMM feature of SGX2 has the potentia...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.3 views

Robust and Verifiable MPC with Applications to Linear Machine Learning Inference

In this work, we present an efficient secure multi-party computation MPC protocol that provides strong security guarantees in settings with dishonest majority of participants who may behave arbitrarily. Unlike the popular MPC implementation known as SPDZ Crypto '12, which only ensures security wi...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.6 views

Scaling DeFi with ZK Rollups: Design, Deployment, and Evaluation of a Real-Time Proof-Of-Concept

Ethereum's scalability limitations pose significant challenges for the adoption of decentralized applications dApps. Zero-Knowledge Rollups ZK Rollups present a promising solution, bundling transactions off-chain and submitting validity proofs on-chain to enhance throughput and efficiency. In thi...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.6 views

Hybrid Cloud Security: Balancing Performance, Cost, and Compliance in Multi-Cloud Deployments

The pervasive use of hybrid cloud computing models has changed enterprise as well as Information Technology services infrastructure by giving businesses simple and cost-effective options of combining on-premise IT equipment with public cloud services. hybrid cloud solutions deploy multifaceted...

6.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.7 views

Practical Adversarial Attacks on Stochastic Bandits Via Fake Data Injection

Adversarial attacks on stochastic bandits have traditionally relied on some unrealistic assumptions, such as per-round reward manipulation and unbounded perturbations, limiting their relevance to real-world systems. We propose a more practical threat model, Fake Data Injection, which reflects...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.3 views

A Unified Framework for Human AI Collaboration in Security Operations Centers with Trusted Autonomy

This article presents a structured framework for Human-AI collaboration in Security Operations Centers SOCs, integrating AI autonomy, trust calibration, and Human-in-the-loop decision making. Existing frameworks in SOCs often focus narrowly on automation, lacking systematic structures to manage...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.8 views

Unlearning Inversion Attacks for Graph Neural Networks

Graph unlearning methods aim to efficiently remove the impact of sensitive data from trained GNNs without full retraining, assuming that deleted information cannot be recovered. In this work, we challenge this assumption by introducing the graph unlearning inversion attack: given only black-box...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.5 views

The Security Threat of Compressed Projectors in Large Vision-Language Models

The choice of a suitable visual language projector VLP is critical to the successful training of large visual language models LVLMs. Mainstream VLPs can be broadly categorized into compressed and uncompressed projectors, and each offering distinct advantages in performance and computational...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.21 views

Blockchain Powered Edge Intelligence for U-Healthcare in Privacy Critical and Time Sensitive Environment

Edge Intelligence EI serves as a critical enabler for privacy-preserving systems by providing AI-empowered computation and distributed caching services at the edge, thereby minimizing latency and enhancing data privacy. The integration of blockchain technology further augments EI frameworks by...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.5 views

Review of Blockchain-Based Approaches to Spent Fuel Management in Nuclear Power Plants

This study addresses critical challenges in managing the transportation of spent nuclear fuel, including inadequate data transparency, stringent confidentiality requirements, and a lack of trust among collaborating parties, issues prevalent in traditional centralized management systems. Given the...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.11 views

Transaction Proximity: a Graph-Based Approach to Blockchain Fraud Prevention

This paper introduces a fraud-deterrent access validation system for public blockchains, leveraging two complementary concepts: "Transaction Proximity", which measures the distance between wallets in the transaction graph, and "Easily Attainable Identities EAIs", wallets with direct transaction...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.4 views

Adversarial Machine Learning for Robust Password Strength Estimation

Passwords remain one of the most common methods for securing sensitive data in the digital age. However, weak password choices continue to pose significant risks to data security and privacy. This study aims to solve the problem by focusing on developing robust password strength estimation models...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Safety Alignment Can Be Not Superficial with Explicit Safety Signals

Recent studies on the safety alignment of large language models LLMs have revealed that existing approaches often operate superficially, leaving models vulnerable to various adversarial attacks. Despite their significance, these studies generally fail to offer actionable solutions beyond data...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.6 views

Next Generation Authentication for Data Spaces: an Authentication Flow Based on Grant Negotiation and Authorization Protocol for Verifiable Presentations (GNAP4VP)

Identity verification in Data Spaces is a fundamental aspect of ensuring security and privacy in digital environments. This paper presents an identity verification protocol tailored for shared data environments within Data Spaces. This protocol extends the Grant Negotiation and Authorization...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.7 views

MUSE: Model-Agnostic Tabular Watermarking Via Multi-Sample Selection

We introduce MUSE, a watermarking algorithm for tabular generative models. Previous approaches typically leverage DDIM invertibility to watermark tabular diffusion models, but tabular diffusion models exhibit significantly poorer invertibility compared to other modalities, compromising performanc...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.7 views

CHIP: Chameleon Hash-Based Irreversible Passport for Robust Deep Model Ownership Verification and Active Usage Control

The pervasion of large-scale Deep Neural Networks DNNs and their enormous training costs make their intellectual property IP protection of paramount importance. Recently introduced passport-based methods attempt to steer DNN watermarking towards strengthening ownership verification against...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.11 views

VoiceMark: Zero-Shot Voice Cloning-Resistant Watermarking Approach Leveraging Speaker-Specific Latents

Voice cloning VC-resistant watermarking is an emerging technique for tracing and preventing unauthorized cloning. Existing methods effectively trace traditional VC models by training them on watermarked audio but fail in zero-shot VC scenarios, where models synthesize audio from an audio prompt...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Authentication and Authorization in Data Spaces: a Relationship-Based Access Control Approach for Policy Specification Based on ODRL

Data has become a crucial resource in the digital economy, fostering initiatives for secure and sovereign data sharing frameworks such as Data Spaces. However, these distributed environments require fine-grained access control mechanisms that balance openness with sovereignty and security. This...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.7 views

Keeping an Eye on LLM Unlearning: the Hidden Risk and Remedy

Although Large Language Models LLMs have demonstrated impressive capabilities across a wide range of tasks, growing concerns have emerged over the misuse of sensitive, copyrighted, or harmful data during training. To address these concerns, unlearning techniques have been developed to remove the...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.4 views

Looking for Attention: Randomized Attention Test Design for Validator Monitoring in Optimistic Rollups

Optimistic Rollups ORUs significantly enhance blockchain scalability but inherently suffer from the verifier's dilemma, particularly concerning validator attentiveness. Current systems lack mechanisms to proactively ensure validators are diligently monitoring L2 state transitions, creating a...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.9 views

Asymmetry by Design: Boosting Cyber Defenders with Differential Access to AI

As AI-enabled cyber capabilities become more advanced, we propose "differential access" as a strategy to tilt the cybersecurity balance toward defense by shaping access to these capabilities. We introduce three possible approaches that form a continuum, becoming progressively more restrictive for...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.4 views

Heterogeneous Graph Backdoor Attack

Heterogeneous Graph Neural Networks HGNNs excel in modeling complex, multi-typed relationships across diverse domains, yet their vulnerability to backdoor attacks remains unexplored. To address this gap, we conduct the first investigation into the susceptibility of HGNNs to existing graph backdoo...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Breaking the Gold Standard: Extracting Forgotten Data under Exact Unlearning in Large Language Models

Large language models are typically trained on datasets collected from the web, which may inadvertently contain harmful or sensitive personal information. To address growing privacy concerns, unlearning methods have been proposed to remove the influence of specific data from trained models. Of...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.4 views

The Cost of Restaking Vs. Proof-Of-Stake

We compare the efficiency of restaking and Proof-of-Stake PoS protocols in terms of stake requirements. First, we consider the sufficient condition for the restaking graph to be secure. We show that the condition implies that it is always possible to transform such a restaking graph into secure P...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.7 views

Adversarial Threat Vectors and Risk Mitigation for Retrieval-Augmented Generation Systems

Retrieval-Augmented Generation RAG systems, which integrate Large Language Models LLMs with external knowledge sources, are vulnerable to a range of adversarial attack vectors. This paper examines the importance of RAG systems through recent industry adoption trends and identifies the prominent...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Hush! Protecting Secrets during Model Training: an Indistinguishability Approach

We consider the problem of secret protection, in which a business or organization wishes to train a model on their own data, while attempting to not leak secrets potentially contained in that data via the model. The standard method for training models to avoid memorization of secret information i...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Compact and Selective Disclosure for Verifiable Credentials

Self-Sovereign Identity SSI is a novel identity model that empowers individuals with full control over their data, enabling them to choose what information to disclose, with whom, and when. This paradigm is rapidly gaining traction worldwide, supported by numerous initiatives such as the European...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

So, I Climbed to the Top of the Pyramid of Pain -- Now What?

This paper explores the evolving dynamics of cybersecurity in the age of advanced AI, from the perspective of the introduced Human Layer Kill Chain framework. As traditional attack models like Lockheed Martin's Cyber Kill Chain become inadequate in addressing human vulnerabilities exploited by...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.25 views

When GPT Spills the Tea: Comprehensive Assessment of Knowledge File Leakage in GPTs

Knowledge files have been widely used in large language model LLM agents, such as GPTs, to improve response quality. However, concerns about the potential leakage of knowledge files have grown significantly. Existing studies demonstrate that adversarial prompts can induce GPTs to leak knowledge...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.7 views

A Human Study of Cognitive Biases in Web Application Security

Cybersecurity training has become a crucial part of computer science education and industrial onboarding. Capture the Flag CTF competitions have emerged as a valuable, gamified approach for developing and refining the skills of cybersecurity and software engineering professionals. However, while...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Chances and Challenges of the Model Context Protocol in Digital Forensics and Incident Response

Large language models hold considerable promise for supporting forensic investigations, but their widespread adoption is hindered by a lack of transparency, explainability, and reproducibility. This paper explores how the emerging Model Context Protocol can address these challenges and support th...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Towards Secure MLOps: Surveying Attacks, Mitigation Strategies, and Research Challenges

The rapid adoption of machine learning ML technologies has driven organizations across diverse sectors to seek efficient and reliable methods to accelerate model development-to-deployment. Machine Learning Operations MLOps has emerged as an integrative approach addressing these requirements by...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.8 views

Dpmm: Differentially Private Marginal Models, a Library for Synthetic Tabular Data Generation

We propose dpmm, an open-source library for synthetic data generation with Differentially Private DP guarantees. It includes three popular marginal models -- PrivBayes, MST, and AIM -- that achieve superior utility and offer richer functionality compared to alternative implementations...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.6 views

A Reward-Driven Automated Webshell Malicious-Code Generator for Red-Teaming

Whitepaper called A Reward-Driven Automated Webshell Malicious-Code Generator For Red-Teaming...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.4 views

Dynamic Malware Classification of Windows PE Files Using CNNs and Greyscale Images Derived from Runtime API Call Argument Conversion

Malware detection and classification remains a topic of concern for cybersecurity, since it is becoming common for attackers to use advanced obfuscation on their malware to stay undetected. Conventional static analysis is not effective against polymorphic and metamorphic malware as these change...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.4 views

Verifiable Weighted Secret Sharing

Traditionally, threshold secret sharing TSS schemes assume all parties have equal weight, yet emerging systems like blockchains reveal disparities in party trustworthiness, such as stake or reputation. Weighted Secret Sharing WSS addresses this by assigning varying weights to parties, ensuring...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.8 views

Data Flows in You: Benchmarking and Improving Static Data-Flow Analysis on Binary Executables

Data-flow analysis is a critical component of security research. Theoretically, accurate data-flow analysis in binary executables is an undecidable problem, due to complexities of binary code. Practically, many binary analysis engines offer some data-flow analysis capability, but we lack...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.7 views

Adaptive Privacy-Preserving SSD

Data remanence in NAND flash complicates complete deletion on IoT SSDs. We design an adaptive architecture offering four privacy levels PL0-PL3 that select among address, data, and parity deletion techniques. Quantitative analysis balances efficacy, latency, endurance, and cost. Machine-learning...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Randextract: a Reference Library to Test and Validate Privacy Amplification Implementations

Quantum cryptographic protocols do not rely only on quantum-physical resources, they also require reliable classical communication and computation. In particular, the secrecy of any quantum key distribution protocol critically depends on the correct execution of the privacy amplification step. Th...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.5 views

Rehearsal with Auxiliary-Informed Sampling for Audio Deepfake Detection

The performance of existing audio deepfake detection frameworks degrades when confronted with new deepfake attacks. Rehearsal-based continual learning CL, which updates models using a limited set of old data samples, helps preserve prior knowledge while incorporating new information. However,...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/30 12:0 a.m.7 views

Local Frames: Exploiting Inherited Origins to Bypass Content Blockers

We present a study of how local frames i.e., iframes with non-URL sources like "about:blank" are mishandled by a wide range of popular Web security and privacy tools. As a result, users of these tools remain vulnerable to the very attack techniques they seek to protect against, including browser...

6.9AI score
Exploits0
Total number of security vulnerabilities6907