Lucene search
+L
PacketstormnewsRecent

6907 matches found

Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.4 views

From Nuclear Safety to LLM Security: Applying Non-Probabilistic Risk Management Strategies to Build Safe and Secure LLM-Powered Systems

Large language models LLMs offer unprecedented and growing capabilities, but also introduce complex safety and security challenges that resist conventional risk management. While conventional probabilistic risk analysis PRA requires exhaustive risk enumeration and quantification, the novelty and...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.6 views

Robust and Efficient AI-Based Attack Recovery in Autonomous Drones

We introduce an autonomous attack recovery architecture to add common sense reasoning to plan a recovery action after an attack is detected. We outline use-cases of our architecture using drones, and then discuss how to implement this architecture efficiently and securely in edge devices...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.11 views

WordPress PSW Front-end Login Registration 1.12 User Registration

WordPress PSW Front-end Login Registration plugin versions 1.12 and below suffers from a vulnerability that allows an unauthenticated attacker to register new user accounts via an exposed AJAX action without proper validation or restrictions...

9.8CVSS7AI score0.21914EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.5 views

Neuromorphic Mimicry Attacks Exploiting Brain-Inspired Computing for Covert Cyber Intrusions

Neuromorphic computing, inspired by the human brain's neural architecture, is revolutionizing artificial intelligence and edge computing with its low-power, adaptive, and event-driven designs. However, these unique characteristics introduce novel cybersecurity risks. This paper proposes...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.2 views

Exploring Jailbreak Attacks on LLMs through Intent Concealment and Diversion

Although large language models LLMs have achieved remarkable advancements, their security remains a pressing concern. One major threat is jailbreak attacks, where adversarial prompts bypass model safeguards to generate harmful or objectionable content. Researchers study jailbreak attacks to...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.5 views

MicroCrypt Assumptions with Quantum Input Sampling and Pseudodeterminism: Constructions and Separations

Whitepaper called MicroCrypt Assumptions With Quantum Input Sampling And Pseudodeterminism: Constructions And Separations...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.3 views

A Private Approximation of the 2nd-Moment Matrix of Any Subsamplable Input

We study the problem of differentially private second moment estimation and present a new algorithm that achieve strong privacy-utility trade-offs even for worst-case inputs under subsamplability assumptions on the data. We call an input $m,α,β$-subsamplable if a random subsample of size $m$ or...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.5 views

CSAGC-IDS: a Dual-Module Deep Learning Network Intrusion Detection Model for Complex and Imbalanced Data

As computer networks proliferate, the gravity of network intrusions has escalated, emphasizing the criticality of network intrusion detection systems for safeguarding security. While deep learning models have exhibited promising results in intrusion detection, they face challenges in managing...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.5 views

On the (In)Security of Proofs-Of-Space Based Longest-Chain Blockchains

The Nakamoto consensus protocol underlying the Bitcoin blockchain uses proof of work as a voting mechanism. Honest miners who contribute hashing power towards securing the chain try to extend the longest chain they are aware of. Despite its simplicity, Nakamoto consensus achieves meaningful...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.3 views

Topology-Aware Detection and Localization of Distributed Denial-Of-Service Attacks in Network-On-Chips

Network-on-Chip NoC enables on-chip communication between diverse cores in modern System-on-Chip SoC designs. With its shared communication fabric, NoC has become a focal point for various security threats, especially in heterogeneous and high-performance computing platforms. Among these attacks,...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.7 views

From Assistants to Adversaries: Exploring the Security Risks of Mobile LLM Agents

The growing adoption of large language models LLMs has led to a new paradigm in mobile computing--LLM-powered mobile AI agents--capable of decomposing and automating complex tasks directly on smartphones. However, the security implications of these agents remain largely unexplored. In this paper,...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.8 views

Evaluating the Efficacy of LLM Safety Solutions : the Palit Benchmark Dataset

Large Language Models LLMs are increasingly integrated into critical systems in industries like healthcare and finance. Users can often submit queries to LLM-enabled chatbots, some of which can enrich responses with information retrieved from internal databases storing sensitive data. This gives...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.4 views

Towards Verifiability of Total Value Locked (TVL) in Decentralized Finance

Total Value Locked TVL aims to measure the aggregate value of cryptoassets deposited in Decentralized Finance DeFi protocols. Although blockchain data is public, the way TVL is computed is not well understood. In practice, its calculation on major TVL aggregators relies on self-reports from...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.5 views

Faraday 5.14.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.5 views

GSDFuse: Capturing Cognitive Inconsistencies from Multi-Dimensional Weak Signals in Social Media Steganalysis

The ubiquity of social media platforms facilitates malicious linguistic steganography, posing significant security risks. Steganalysis is profoundly hindered by the challenge of identifying subtle cognitive inconsistencies arising from textual fragmentation and complex dialogue structures, and th...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.12 views

Effects of the Cyber Resilience Act (CRA) on Industrial Equipment Manufacturing Companies

The Cyber Resilience Act CRA is a new European Union EU regulation aimed at enhancing the security of digital products and services by ensuring they meet stringent cybersecurity requirements. This paper investigates the challenges that industrial equipment manufacturing companies anticipate while...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.16 views

Beyond Text: Unveiling Privacy Vulnerabilities in Multi-Modal Retrieval-Augmented Generation

Multimodal Retrieval-Augmented Generation MRAG systems enhance LMMs by integrating external multimodal databases, but introduce unexplored privacy vulnerabilities. While text-based RAG privacy risks have been studied, multimodal data presents unique challenges. We provide the first systematic...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.6 views

Can Large Language Models Really Recognize Your Name?

Large language models LLMs are increasingly being used to protect sensitive user data. However, current LLM-based privacy solutions assume that these models can reliably detect personally identifiable information PII, particularly named entities. In this paper, we challenge that assumption by...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.5 views

Trustworthy Reputation Games and Applications to Proof-Of-Reputation Blockchains

Reputation systems play an essential role in the Internet era, as they enable people to decide whom to trust, by collecting and aggregating data about users' behavior. Recently, several works proposed the use of reputation for the design and scalability improvement of decentralized blockchain...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.5 views

AudioJailbreak: Jailbreak Attacks against End-To-End Large Audio-Language Models

Jailbreak attacks to Large audio-language models LALMs are studied recently, but they achieve suboptimal effectiveness, applicability, and practicability, particularly, assuming that the adversary can fully manipulate user prompts. In this work, we first conduct an extensive experiment showing th...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.3 views

SudoLLM : on Multi-Role Alignment of Language Models

User authorization-based access privileges are a key feature in many safety-critical systems, but have thus far been absent from the large language model LLM realm. In this work, drawing inspiration from such access control systems, we introduce sudoLLM, a novel framework that results in multi-ro...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.10 views

Agency Problems and Adversarial Bilevel Optimization under Uncertainty and Cyber Threats

We study an agency problem between a holding company and its subsidiary, exposed to cyber threats that affect the overall value of the subsidiary. The holding company seeks to design an optimal incentive scheme to mitigate these losses. In response, the subsidiary selects an optimal cybersecurity...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.5 views

Is Your Prompt Safe? Investigating Prompt Injection Attacks against Open-Source LLMs

Whitepaper called Is Your Prompt Safe? Investigating Prompt Injection Attacks Against Open-Source LLMs...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.4 views

Streamlining HTTP Flooding Attack Detection through Incremental Feature Selection

Applications over the Web primarily rely on the HTTP protocol to transmit web pages to and from systems. There are a variety of application layer protocols, but among all, HTTP is the most targeted because of its versatility and ease of integration with online services. The attackers leverage the...

6.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.6 views

D4+: Emergent Adversarial Driving Maneuvers with Approximate Functional Optimization

Intelligent mechanisms implemented in autonomous vehicles, such as proactive driving assist and collision alerts, reduce traffic accidents. However, verifying their correct functionality is difficult due to complex interactions with the environment. This problem is exacerbated in adversarial...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.4 views

FedGraM: Defending against Untargeted Attacks in Federated Learning Via Embedding Gram Matrix

Federated Learning FL enables geographically distributed clients to collaboratively train machine learning models by sharing only their local models, ensuring data privacy. However, FL is vulnerable to untargeted attacks that aim to degrade the global model's performance on the underlying data...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.5 views

Vulnerability of Transfer-Learned Neural Networks to Data Reconstruction Attacks in Small-Data Regime

Training data reconstruction attacks enable adversaries to recover portions of a released model's training data. We consider the attacks where a reconstructor neural network learns to invert the random mapping between training data and model weights. Prior work has shown that an informed adversar...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.6 views

Adaptive Pruning of Deep Neural Networks for Resource-Aware Embedded Intrusion Detection on the Edge

Artificial neural network pruning is a method in which artificial neural network sizes can be reduced while attempting to preserve the predicting capabilities of the network. This is done to make the model smaller or faster during inference time. In this work we analyze the ability of a selection...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.8 views

Destabilizing Power Grid and Energy Market by Cyberattacks on Smart Inverters

Cyberattacks on smart inverters and distributed PV are becoming an imminent threat, because of the recent well-documented vulnerabilities and attack incidents. Particularly, the long lifespan of inverter devices, users' oblivion of cybersecurity compliance, and the lack of cyber regulatory...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.6 views

Efficient Privacy-Preserving Cross-Silo Federated Learning with Multi-Key Homomorphic Encryption

Federated Learning FL is susceptible to privacy attacks, such as data reconstruction attacks, in which a semi-honest server or a malicious client infers information about other clients' datasets from their model updates or gradients. To enhance the privacy of FL, recent studies combined Multi-Key...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.7 views

In Search of Lost Data: a Study of Flash Sanitization Practices

To avoid the disclosure of personal or corporate data, sanitization of storage devices is an important issue when such devices are to be reused. While poor sanitization practices have been reported for second-hand hard disk drives, it has been reported that data has been found on original storage...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.12 views

Lessons from Defending Gemini against Indirect Prompt Injections

Gemini is increasingly used to perform tasks on behalf of users, where function-calling and tool-use capabilities enable the model to access user data. Some tools, however, require access to untrusted data introducing risk. Adversaries can embed malicious instructions in untrusted data which caus...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.2 views

Zk-SNARK for String Match

We present a secure and efficient string-matching platform leveraging zk-SNARKs Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge to address the challenge of detecting sensitive information leakage while preserving data privacy. Our solution enables organizations to verify whether...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.15 views

CRYPTONITE: Scalable Accelerator Design for Cryptographic Primitives and Algorithms

Cryptographic primitives, consisting of repetitive operations with different inputs, are typically implemented using straight-line C code due to traditional execution on CPUs. Computing these primitives is necessary for secure communication; thus, dedicated hardware accelerators are required in...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.5 views

Moneros Decentralized P2P Exchanges: Functionality, Adoption, and Privacy Risks

Privacy-focused cryptocurrencies like Monero remain popular, despite increasing regulatory scrutiny that has led to their delisting from major centralized exchanges. The latter also explains the recent popularity of decentralized exchanges DEXs with no centralized ownership structures. These...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.5 views

Training-Free Watermarking for Autoregressive Image Generation

Invisible image watermarking can protect image ownership and prevent malicious misuse of visual generative models. However, existing generative watermarking methods are mainly designed for diffusion models while watermarking for autoregressive image generation models remains largely underexplored...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.10 views

Provable Execution in Real-Time Embedded Systems

Embedded devices are increasingly ubiquitous and vital, often supporting safety-critical functions. However, due to strict cost and energy constraints, they are typically implemented with Micro-Controller Units MCUs that lack advanced architectural security features. Within this space, recent...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.8 views

Recommender Systems for Democracy: toward Adversarial Robustness in Voting Advice Applications

Voting advice applications VAAs help millions of voters understand which political parties or candidates best align with their views. This paper explores the potential risks these applications pose to the democratic process when targeted by adversarial entities. In particular, we expose 11...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.4 views

FLTG: Byzantine-Robust Federated Learning Via Angle-Based Defense and Non-IID-Aware Weighting

Byzantine attacks during model aggregation in Federated Learning FL threaten training integrity by manipulating malicious clients' updates. Existing methods struggle with limited robustness under high malicious client ratios and sensitivity to non-i.i.d. data, leading to degraded accuracy. To...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.6 views

When Mitigations Backfire: Timing Channel Attacks and Defense for PRAC-Based RowHammer Mitigations

Per Row Activation Counting PRAC has emerged as a robust framework for mitigating RowHammer RH vulnerabilities in modern DRAM systems. However, we uncover a critical vulnerability: a timing channel introduced by the Alert Back-Off ABO protocol and Refresh Management RFM commands. We present...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.8 views

Quantum Opacity, Classical Clarity: a Hybrid Approach to Quantum Circuit Obfuscation

Quantum computing leverages quantum mechanics to achieve computational advantages over classical hardware, but the use of third-party quantum compilers in the Noisy Intermediate-Scale Quantum NISQ era introduces risks of intellectual property IP exposure. We address this by proposing a novel...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.7 views

VulCPE: Context-Aware Cybersecurity Vulnerability Retrieval and Management

The dynamic landscape of cybersecurity demands precise and scalable solutions for vulnerability management in heterogeneous systems, where configuration-specific vulnerabilities are often misidentified due to inconsistent data in databases like the National Vulnerability Database NVD. Inaccurate...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.6 views

HChain 4.0: a Secure and Scalable Permissioned Blockchain for EHR Management in Smart Healthcare

The growing utilization of Internet of Medical Things IoMT devices, including smartwatches and wearable medical devices, has facilitated real-time health monitoring and data analysis to enhance healthcare outcomes. These gadgets necessitate improved security measures to safeguard sensitive health...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.5 views

ACE: Confidential Computing for Embedded RISC-V Systems

Confidential computing plays an important role in isolating sensitive applications from the vast amount of untrusted code commonly found in the modern cloud. We argue that it can also be leveraged to build safer and more secure mission-critical embedded systems. In this paper, we introduce the...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.8 views

Optimal Client Sampling in Federated Learning with Client-Level Heterogeneous Differential Privacy

Federated Learning with client-level differential privacy DP provides a promising framework for collaboratively training models while rigorously protecting clients' privacy. However, classic approaches like DP-FedAvg struggle when clients have heterogeneous privacy requirements, as they must...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.5 views

Network-Wide Quantum Key Distribution with Onion Routing Relay

The advancement of quantum computing threatens classical cryptographic methods, necessitating the development of secure quantum key distribution QKD solutions for QKD Networks QKDN. In this paper, a novel key distribution protocol, Onion Routing Relay ORR, that integrates onion routing OR with...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.4 views

Multiple Proposer Transaction Fee Mechanism Design: Robust Incentives against Censorship and Bribery

Censorship resistance is one of the core value proposition of blockchains. A recurring design pattern aimed at providing censorship resistance is enabling multiple proposers to contribute inputs into block construction. Notably, Fork-Choice Enforced Inclusion Lists FOCIL is proposed to be include...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.13 views

WordPress Eventin 4.0.26 Privilege Escalation

WordPress Eventin plugin versions 4.0.26 and below suffers from an unauthenticated privilege escalation vulnerability due to a missing authorization check in the importitems function...

9.8CVSS7.1AI score0.3092EPSS
Exploits4
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.4 views

FlowPure: Continuous Normalizing Flows for Adversarial Purification

Despite significant advancements in the area, adversarial robustness remains a critical challenge in systems employing machine learning models. The removal of adversarial perturbations at inference time, known as adversarial purification, has emerged as a promising defense strategy. To achieve...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.17 views

The Hidden Dangers of Browsing AI Agents

Autonomous browsing agents powered by large language models LLMs are increasingly used to automate web-based tasks. However, their reliance on dynamic content, tool execution, and user-provided data exposes them to a broad attack surface. This paper presents a comprehensive security evaluation of...

7.1AI score
Exploits0
Total number of security vulnerabilities6907