Lucene search
+L
PacketstormnewsRecent

6907 matches found

Packet Storm News
Packet Storm News
•added 2025/05/23 12:0 a.m.•7 views

Gentoo Linux Security Advisory 201607-04

Gentoo Linux Security Advisory 201607-04 - Multiple vulnerabilities have been found in GD, the worst of which allows remote attackers to execute arbitrary code. Versions less than 2.2.2 are affected...

9.8CVSS7.8AI score0.36974EPSS
Exploits12
Packet Storm News
Packet Storm News
•added 2025/05/23 12:0 a.m.•6 views

Finetuning-Activated Backdoors in LLMs

Finetuning openly accessible Large Language Models LLMs has become standard practice for achieving task-specific performance improvements. Until now, finetuning has been regarded as a controlled and secure process in which training on benign datasets led to predictable behaviors. In this paper, w...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/23 12:0 a.m.•8 views

Invisible Tokens, Visible Bills: the Urgent Need to Audit Hidden Operations in Opaque LLM Services

Whitepaper called Invisible Tokens, Visible Bills: The Urgent Need To Audit Hidden Operations In Opaque LLM Services...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/23 12:0 a.m.•5 views

Architectural Backdoors for Within-Batch Data Stealing and Model Inference Manipulation

For nearly a decade the academic community has investigated backdoors in neural networks, primarily focusing on classification tasks where adversaries manipulate the model prediction. While demonstrably malicious, the immediate real-world impact of such prediction-altering attacks has remained...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/23 12:0 a.m.•6 views

Verifiable Deep Learning Inference on an Untrusted Party

Whitepaper called Verifiable Deep Learning Inference On An Untrusted Party...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/23 12:0 a.m.•4 views

Gentoo Linux Security Advisory 201908-26

Gentoo Linux Security Advisory 201908-26 - Multiple vulnerabilities have been found in libofx, the worst of which could result in the arbitrary execution of code. Versions less than 0.9.14 are affected...

8.8CVSS7.4AI score0.02393EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

MTSA: Multi-Turn Safety Alignment for LLMs through Multi-Round Red-Teaming

Whitepaper called MTSA: Multi-Turn Safety Alignment For LLMs Through Multi-Round Red-Teaming...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•5 views

Can ChatGPT Perform Image Splicing Detection? A Preliminary Study

Multimodal Large Language Models MLLMs like GPT-4V are capable of reasoning across text and image modalities, showing promise in a variety of complex vision-language tasks. In this preliminary study, we investigate the out-of-the-box capabilities of GPT-4V in the domain of image forensics,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

LLM Access Shield: Domain-Specific LLM Framework for Privacy Policy Compliance

Large language models LLMs are increasingly applied in fields such as finance, education, and governance due to their ability to generate human-like text and adapt to specialized tasks. However, their widespread adoption raises critical concerns about data privacy and security, including the risk...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•5 views

Unlearning Isn'T Deletion: Investigating Reversibility of Machine Unlearning in LLMs

Unlearning in large language models LLMs is intended to remove the influence of specific data, yet current evaluations rely heavily on token-level metrics such as accuracy and perplexity. We show that these metrics can be misleading: models often appear to forget, but their original behavior can ...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

SuperPure: Efficient Purification of Localized and Distributed Adversarial Patches Via Super-Resolution GAN Models

As vision-based machine learning models are increasingly integrated into autonomous and cyber-physical systems, concerns about physical adversarial patch attacks are growing. While state-of-the-art defenses can achieve certified robustness with minimal impact on utility against highly-concentrate...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•4 views

Understanding the Security Landscape of Embedded Non-Volatile Memories: a Comprehensive Survey

The modern semiconductor industry requires memory solutions that can keep pace with the high-speed demands of high-performance computing. Embedded non-volatile memories eNVMs address these requirements by offering faster access to stored data at an improved computational throughput and efficiency...

6.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•5 views

Timestamp Manipulation: Timestamp-Based Nakamoto-Style Blockchains Are Vulnerable

Nakamoto consensus are the most widely adopted decentralized consensus mechanism in cryptocurrency systems. Since it was proposed in 2008, many studies have focused on analyzing its security. Most of them focus on maximizing the profit of the adversary. Examples include the selfish mining attack ...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•5 views

Poster: Towards an Automated Security Testing Framework for Industrial UEs

With the ongoing adoption of 5G for communication in industrial systems and critical infrastructure, the security of industrial UEs such as 5G-enabled industrial robots becomes an increasingly important topic. Most notably, to meet the stringent security requirements of industrial deployments,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

An End-To-End Model for Logits Based Large Language Models Watermarking

The rise of LLMs has increased concerns over source tracing and copyright protection for AIGC, highlighting the need for advanced detection technologies. Passive detection methods usually face high false positives, while active watermarking techniques using logits or sampling manipulation offer...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

Compile-Time Fully Homomorphic Encryption of Vectors: Eliminating Online Encryption Via Algebraic Basis Synthesis

Whitepaper called Compile-Time Fully Homomorphic Encryption Of Vectors: Eliminating Online Encryption Via Algebraic Basis Synthesis...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

BadVLA: Towards Backdoor Attacks on Vision-Language-Action Models Via Objective-Decoupled Optimization

Vision-Language-Action VLA models have advanced robotic control by enabling end-to-end decision-making directly from multimodal inputs. However, their tightly coupled architectures expose novel security vulnerabilities. Unlike traditional adversarial perturbations, backdoor attacks represent a...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•4 views

CAIN: Hijacking LLM-Humans Conversations Via a Two-Stage Malicious System Prompt Generation and Refining Framework

Large language models LLMs have advanced many applications, but are also known to be vulnerable to adversarial attacks. In this work, we introduce a novel security threat: hijacking AI-human conversations by manipulating LLMs' system prompts to produce malicious answers only to specific targeted...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•4 views

LLM-BSCVM: an LLM-Based Blockchain Smart Contract Vulnerability Management Framework

Smart contracts are a key component of the Web 3.0 ecosystem, widely applied in blockchain services and decentralized applications. However, the automated execution feature of smart contracts makes them vulnerable to potential attacks due to inherent flaws, which can lead to severe security risks...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

Password Strength Detection Via Machine Learning: Analysis, Modeling, and Evaluation

As network security issues continue gaining prominence, password security has become crucial in safeguarding personal information and network systems. This study first introduces various methods for system password cracking, outlines password defense strategies, and discusses the application of...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•4 views

Language-Based Security and Time-Inserting Supervisor

Algebraic methods are employed in order to define language-based security properties of processes. A supervisor is introduced that can disable unwanted behavior of an insecure process by controlling some of its actions or by inserting timed actions to make an insecure process secure. We assume a...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•5 views

Enhancing Meme Token Market Transparency: a Multi-Dimensional Entity-Linked Address Analysis for Liquidity Risk Evaluation

Meme tokens represent a distinctive asset class within the cryptocurrency ecosystem, characterized by high community engagement, significant market volatility, and heightened vulnerability to market manipulation. This paper introduces an innovative approach to assessing liquidity risk in meme tok...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•28 views

CTRAP: Embedding Collapse Trap to Safeguard Large Language Models from Harmful Fine-Tuning

Fine-tuning-as-a-service, while commercially successful for Large Language Model LLM providers, exposes models to harmful fine-tuning attacks. As a widely explored defense paradigm against such attacks, unlearning attempts to remove malicious knowledge from LLMs, thereby essentially preventing th...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

Mitigating Fine-Tuning Risks in LLMs Via Safety-Aware Probing Optimization

The significant progress of large language models LLMs has led to remarkable achievements across numerous applications. However, their ability to generate harmful content has sparked substantial safety concerns. Despite the implementation of safety alignment techniques during the pre-training...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•8 views

Harry Potter Is Still Here! Probing Knowledge Leakage in Targeted Unlearned Large Language Models Via Automated Adversarial Prompting

This work presents LURK Latent UnleaRned Knowledge, a novel framework that probes for hidden retained knowledge in unlearned LLMs through adversarial suffix prompting. LURK automatically generates adversarial prompt suffixes designed to elicit residual knowledge about the Harry Potter domain, a...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•4 views

LogStamping: a Blockchain-Based Log Auditing Approach for Large-Scale Systems

Log management is crucial for ensuring the security, integrity, and compliance of modern information systems. Traditional log management solutions face challenges in achieving tamper-proofing, scalability, and real-time processing in distributed environments. This paper presents a blockchain-base...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•5 views

Unsupervised Network Anomaly Detection with Autoencoders and Traffic Images

Due to the recent increase in the number of connected devices, the need to promptly detect security issues is emerging. Moreover, the high number of communication flows creates the necessity of processing huge amounts of data. Furthermore, the connected devices are heterogeneous in nature, having...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•4 views

A Scalable Hierarchical Intrusion Detection System for Internet of Vehicles

Due to its nature of dynamic, mobility, and wireless data transfer, the Internet of Vehicles IoV is prone to various cyber threats, ranging from spoofing and Distributed Denial of Services DDoS attacks to malware. To safeguard the IoV ecosystem from intrusions, malicious activities, policy...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

VIVID: a Novel Approach to Remediation Prioritization in Static Application Security Testing (SAST)

Static Application Security Testing SAST enables organizations to detect vulnerabilities in code early; however, major SAST platforms do not include visual aids and present little insight on correlations between tainted data chains. We propose VIVID - Vulnerability Information Via Data flow - a...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

Advancing Security with Digital Twins: a Comprehensive Survey

The proliferation of electronic devices has greatly transformed every aspect of human life, such as communication, healthcare, transportation, and energy. Unfortunately, the global electronics supply chain is vulnerable to various attacks, including piracy of intellectual properties, tampering,...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•8 views

Privacy-Aware Cyberterrorism Network Analysis Using Graph Neural Networks and Federated Learning

Cyberterrorism poses a formidable threat to digital infrastructures, with increasing reliance on encrypted, decentralized platforms that obscure threat actor activity. To address the challenge of analyzing such adversarial networks while preserving the privacy of distributed intelligence data, we...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•9 views

ReCopilot: Reverse Engineering Copilot in Binary Analysis

Binary analysis plays a pivotal role in security domains such as malware detection and vulnerability discovery, yet it remains labor-intensive and heavily reliant on expert knowledge. General-purpose large language models LLMs perform well in programming analysis on source code, while...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•4 views

GRAudit Grep Auditing Tool 3.9

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•2 views

Vehicular Intrusion Detection System for Controller Area Network: a Comprehensive Survey and Evaluation

The progress of automotive technologies has made cybersecurity a crucial focus, leading to various cyber attacks. These attacks primarily target the Controller Area Network CAN and specialized Electronic Control Units ECUs. In order to mitigate these attacks and bolster the security of vehicular...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•9 views

WordPress Madara 2.2.2 Local File Inclusion

WordPress Madara theme versions 2.2.2 and below suffer from a local file inclusion vulnerability...

9.8CVSS6.8AI score0.09094EPSS
Exploits5
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

Secure Parsing and Serializing with Separation Logic Applied to CBOR, CDDL, and COSE

Incorrect handling of security-critical data formats, particularly in low-level languages, are the root cause of many security vulnerabilities. Provably correct parsing and serialization tools that target languages like C can help. Towards this end, we present PulseParse, a library of verified...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

TP-Link Archer AX50 Buffer Overflow

The TP-Link Archer AX50 router is vulnerable to a stack-based buffer overflow on its firmware version 1.0.14 Build 20240108 rel.426554555, leading to remote code execution both in the LAN and in the WAN side. This vulnerability is the same as CVE-2020-10881, found by the Flashback team and largel...

10CVSS8.5AI score0.10911EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•5 views

Verifying Differentially Private Median Estimation

Differential Privacy DP is a robust privacy guarantee that is widely employed in private data analysis today, finding broad application in domains such as statistical query release and machine learning. However, DP achieves privacy by introducing noise into data or query answers, which malicious...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•11 views

Interpretable Anomaly Detection in Encrypted Traffic Using SHAP with Machine Learning Models

The widespread adoption of encrypted communication protocols such as HTTPS and TLS has enhanced data privacy but also rendered traditional anomaly detection techniques less effective, as they often rely on inspecting unencrypted payloads. This study aims to develop an interpretable machine...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•3 views

Consistent and Compatible Modelling of Cyber Intrusions and Incident Response Demonstrated in the Context of Malware Attacks on Critical Infrastructure

Cyber Security Incident Response IR Playbooks are used to capture the steps required to recover from a cyber intrusion. Individual IR playbooks should focus on a specific type of incident and be aligned with the architecture of a system under attack. Intrusion modelling focuses on a specific...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•5 views

When Safety Detectors Aren'T Enough: a Stealthy and Effective Jailbreak Attack on LLMs Via Steganographic Techniques

Jailbreak attacks pose a serious threat to large language models LLMs by bypassing built-in safety mechanisms and leading to harmful outputs. Studying these attacks is crucial for identifying vulnerabilities and improving model security. This paper presents a systematic survey of jailbreak method...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•32 views

Invisible Prompts, Visible Threats: Malicious Font Injection in External Resources for Large Language Models

Large Language Models LLMs are increasingly equipped with capabilities of real-time web search and integrated with protocols like Model Context Protocol MCP. This extension could introduce new security vulnerabilities. We present a systematic investigation of LLM vulnerabilities to hidden...

7.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•5 views

Robust LLM Fingerprinting Via Domain-Specific Watermarks

As open-source language models OSMs grow more capable and are widely shared and finetuned, ensuring model provenance, i.e., identifying the origin of a given model instance, has become an increasingly important issue. At the same time, existing backdoor-based model fingerprinting techniques often...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•4 views

Adaptive Plan-Execute Framework for Smart Contract Security Auditing

Large Language Models LLMs have shown great promise in code analysis and auditing; however, they still struggle with hallucinations and limited context-aware reasoning. We introduce SmartAuditFlow, a novel Plan-Execute framework that enhances smart contract security analysis through dynamic audit...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•5 views

DuFFin: a Dual-Level Fingerprinting Framework for LLMs IP Protection

Whitepaper called DuFFin: A Dual-Level Fingerprinting Framework For LLMs IP Protection...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•3 views

All You Need Is "Leet": Evading Hate-Speech Detection AI

Social media and online forums are increasingly becoming popular. Unfortunately, these platforms are being used for spreading hate speech. In this paper, we design black-box techniques to protect users from hate-speech on online platforms by generating perturbations that can fool state of the art...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•28 views

Backdoor Cleaning without External Guidance in MLLM Fine-Tuning

Multimodal Large Language Models MLLMs are increasingly deployed in fine-tuning-as-a-service FTaaS settings, where user-submitted datasets adapt general-purpose models to downstream tasks. This flexibility, however, introduces serious security risks, as malicious fine-tuning can implant backdoors...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•5 views

Dynamic Encryption-Based Cloud Security Model Using Facial Image and Password-Based Key Generation for Multimedia Data

In this cloud-dependent era, various security techniques, such as encryption, steganography, and hybrid approaches, have been utilized in cloud computing to enhance security, maintain enormous storage capacity, and provide ease of access. However, the absence of data type-specific encryption and...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•6 views

Energy Consumption Framework and Analysis of Post-Quantum Key-Generation on Embedded Devices

The emergence of quantum computing and Shor's algorithm necessitates an imminent shift from current public key cryptography techniques to post-quantum robust techniques. NIST has responded by standardising Post-Quantum Cryptography PQC algorithms, with ML-KEM FIPS-203 slated to replace ECDH...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/22 12:0 a.m.•5 views

OpenSSL Security Advisory 20250522

OpenSSL Security Advisory 20250522 - Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate...

6.5CVSS7AI score0.00306EPSS
Exploits0
Total number of security vulnerabilities6907