Lucene search
+L
PacketstormnewsRecent

6907 matches found

Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•6 views

FL-PLAS: Federated Learning with Partial Layer Aggregation for Backdoor Defense against High-Ratio Malicious Clients

Federated learning FL is gaining increasing attention as an emerging collaborative machine learning approach, particularly in the context of large-scale computing and data systems. However, the fundamental algorithm of FL, Federated Averaging FedAvg, is susceptible to backdoor attacks. Although...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•10 views

FABLE: a Localized, Targeted Adversarial Attack on Weather Forecasting Models

Deep learning-based weather forecasting models have recently demonstrated significant performance improvements over gold-standard physics-based simulation tools. However, these models are vulnerable to adversarial attacks, which raises concerns about their trustworthiness. In this paper, we first...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•6 views

On Membership Inference Attacks in Knowledge Distillation

Nowadays, Large Language Models LLMs are trained on huge datasets, some including sensitive information. This poses a serious privacy concern because privacy attacks such as Membership Inference Attacks MIAs may detect this sensitive information. While knowledge distillation compresses LLMs into...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•4 views

Proof-Of-Social-Capital: Privacy-Preserving Consensus Protocol Replacing Stake for Social Capital

Consensus protocols used today in blockchains often rely on computational power or financial stakes - scarce resources. We propose a novel protocol using social capital - trust and influence from social interactions - as a non-transferable staking mechanism to ensure fairness and decentralization...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•2 views

Nonmalleable Progress Leakage

Information-flow control systems often enforce progress-insensitive noninterference, as it is simple to understand and enforce. Unfortunately, real programs need to declassify results and endorse inputs, which noninterference disallows, while preventing attackers from controlling leakage, includi...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•4 views

Nuclei 3.4.4

Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•6 views

Self-Destructive Language Model

Harmful fine-tuning attacks pose a major threat to the security of large language models LLMs, allowing adversaries to compromise safety guardrails with minimal harmful data. While existing defenses attempt to reinforce LLM alignment, they fail to address models' inherent "trainability" on harmfu...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•7 views

Efficient Implementations of Residue Generators Mod 2n + 1 Providing Diminished-1 Representation

The moduli of the form 2n + 1 belong to a class of low-cost odd moduli, which have been frequently selected to form the basis of various residue number systems RNS. The most efficient computations modulo mod 2n + 1 are performed using the so-called diminished-1 D1 representation. Therefore, it is...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•5 views

The Impact of Emerging Phishing Threats: Assessing Quishing and LLM-Generated Phishing Emails against Organizations

Modern organizations are persistently targeted by phishing emails. Despite advances in detection systems and widespread employee training, attackers continue to innovate, posing ongoing threats. Two emerging vectors stand out in the current landscape: QR-code baits and LLM-enabled pretexting. Yet...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•2 views

What'S Pulling the Strings? Evaluating Integrity and Attribution in AI Training and Inference through Concept Shift

The growing adoption of artificial intelligence AI has amplified concerns about trustworthiness, including integrity, privacy, robustness, and bias. To assess and attribute these threats, we propose ConceptLens, a generic framework that leverages pre-trained multimodal models to identify the root...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•5 views

AES-RV: Hardware-Efficient RISC-V Accelerator with Low-Latency AES Instruction Extension for IoT Security

The Advanced Encryption Standard AES is a widely adopted cryptographic algorithm essential for securing embedded systems and IoT platforms. However, existing AES hardware accelerators often face limitations in performance, energy efficiency, and flexibility. This paper presents AES-RV, a...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•6 views

Safe Delta: Consistently Preserving Safety When Fine-Tuning LLMs on Diverse Datasets

Large language models LLMs have shown great potential as general-purpose AI assistants across various domains. To fully leverage this potential in specific applications, many companies provide fine-tuning API services, enabling users to upload their own data for LLM customization. However,...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•5 views

Facial Recognition Leveraging Generative Adversarial Networks

Face recognition performance based on deep learning heavily relies on large-scale training data, which is often difficult to acquire in practical applications. To address this challenge, this paper proposes a GAN-based data augmentation method with three key contributions: 1 a residual-embedded...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•5 views

Coded Robust Aggregation for Distributed Learning under Byzantine Attacks

In this paper, we investigate the problem of distributed learning DL in the presence of Byzantine attacks. For this problem, various robust bounded aggregation RBA rules have been proposed at the central server to mitigate the impact of Byzantine attacks. However, current DL methods apply RBA rul...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•7 views

TechniqueRAG: Retrieval Augmented Generation for Adversarial Technique Annotation in Cyber Threat Intelligence Text

Accurately identifying adversarial techniques in security texts is critical for effective cyber defense. However, existing methods face a fundamental trade-off: they either rely on generic models with limited domain precision or require resource-intensive pipelines that depend on large labeled...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•12 views

MalVis: a Large-Scale Image-Based Framework and Dataset for Advancing Android Malware Classification

As technology advances, Android malware continues to pose significant threats to devices and sensitive data. The open-source nature of the Android OS and the availability of its SDK contribute to this rapid growth. Traditional malware detection techniques, such as signature-based, static, and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•8 views

Benchmarking LLMs in an Embodied Environment for Blue Team Threat Hunting

As cyber threats continue to grow in scale and sophistication, blue team defenders increasingly require advanced tools to proactively detect and mitigate risks. Large Language Models LLMs offer promising capabilities for enhancing threat analysis. However, their effectiveness in real-world blue...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•4 views

Privacy-Preserving AI for Encrypted Medical Imaging: a Framework for Secure Diagnosis and Learning

The rapid integration of Artificial Intelligence AI into medical diagnostics has raised pressing concerns about patient privacy, especially when sensitive imaging data must be transferred, stored, or processed. In this paper, we propose a novel framework for privacy-preserving diagnostic inferenc...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•5 views

Security Practices in AI Development

What makes safety claims about general purpose AI systems such as large language models trustworthy? We show that rather than the capabilities of security tools such as alignment and red teaming procedures, it is security practices based on these tools that contributed to reconfiguring the image ...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/17 12:0 a.m.•6 views

Simultaneously Exposing and Jamming Covert Communications Via Disco Reconfigurable Intelligent Surfaces

Covert communications provide a stronger privacy protection than cryptography and physical-layer security PLS. However, previous works on covert communications have implicitly assumed the validity of channel reciprocity, i.e., wireless channels remain constant or approximately constant during the...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•4 views

Optimal Allocation of Privacy Budget on Hierarchical Data Release

Releasing useful information from datasets with hierarchical structures while preserving individual privacy presents a significant challenge. Standard privacy-preserving mechanisms, and in particular Differential Privacy, often require careful allocation of a finite privacy budget across differen...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

Unveiling the Black Box: a Multi-Layer Framework for Explaining Reinforcement Learning-Based Cyber Agents

Reinforcement Learning RL agents are increasingly used to simulate sophisticated cyberattacks, but their decision-making processes remain opaque, hindering trust, debugging, and defensive preparedness. In high-stakes cybersecurity contexts, explainability is essential for understanding how...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•11 views

Forensics of Error Rates of Quantum Hardware

There has been a rise in third-party cloud providers offering quantum hardware as a service to improve performance at lower cost. Although these providers provide flexibility to the users to choose from several qubit technologies, quantum hardware, and coupling maps; the actual execution of the...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•8 views

Privacy and Confidentiality Requirements Engineering for Process Data

The application and development of process mining techniques face significant challenges due to the lack of publicly available real-life event logs. One reason for companies to abstain from sharing their data are privacy and confidentiality concerns. Privacy concerns refer to personal data as...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•7 views

AutoRAN: Weak-To-Strong Jailbreaking of Large Reasoning Models

This paper presents AutoRAN, the first automated, weak-to-strong jailbreak attack framework targeting large reasoning models LRMs. At its core, AutoRAN leverages a weak, less-aligned reasoning model to simulate the target model's high-level reasoning structures, generates narrative prompts, and...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

GoLeash: Mitigating Golang Software Supply Chain Attacks with Runtime Policy Enforcement

Modern software supply chain attacks consist of introducing new, malicious capabilities into trusted third-party software components, in order to propagate to a victim through a package dependency chain. These attacks are especially concerning for the Go language ecosystem, which is extensively...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

LLMs Unlock New Paths to Monetizing Exploits

We argue that Large language models LLMs will soon alter the economics of cyberattacks. Instead of attacking the most commonly used software and monetizing exploits by targeting the lowest common denominator among victims, LLMs enable adversaries to launch tailored attacks on a user-by-user basis...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•9 views

GenoArmory: a Unified Evaluation Framework for Adversarial Attacks on Genomic Foundation Models

We propose the first unified adversarial attack benchmark for Genomic Foundation Models GFMs, named GenoArmory. Unlike existing GFM benchmarks, GenoArmory offers the first comprehensive evaluation framework to systematically assess the vulnerability of GFMs to adversarial attacks. Methodologicall...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•5 views

Anti-Sensing: Defense against Unauthorized Radar-Based Human Vital Sign Sensing with Physically Realizable Wearable Oscillators

Recent advancements in Ultra-Wideband UWB radar technology have enabled contactless, non-line-of-sight vital sign monitoring, making it a valuable tool for healthcare. However, UWB radar's ability to capture sensitive physiological data, even through walls, raises significant privacy concerns,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•11 views

Verifiably Forgotten? Gradient Differences Still Enable Data Reconstruction in Federated Unlearning

Federated Unlearning FU has emerged as a critical compliance mechanism for data privacy regulations, requiring unlearned clients to provide verifiable Proof of Federated Unlearning PoFU to auditors upon data removal requests. However, we uncover a significant privacy vulnerability: when gradient...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

PIG: Privacy Jailbreak Attack on LLMs Via Gradient-Based Iterative In-Context Optimization

Large Language Models LLMs excel in various domains but pose inherent privacy risks. Existing methods to evaluate privacy leakage in LLMs often use memorized prefixes or simple instructions to extract data, both of which well-alignment models can easily block. Meanwhile, Jailbreak attacks bypass...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•4 views

Probing the Vulnerability of Large Language Models to Polysemantic Interventions

Polysemanticity -- where individual neurons encode multiple unrelated features -- is a well-known characteristic of large neural networks and remains a central challenge in the interpretability of language models. At the same time, its implications for model safety are also poorly understood...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

On the Security Risks of ML-Based Malware Detection Systems: a Survey

Malware presents a persistent threat to user privacy and data integrity. To combat this, machine learning-based ML-based malware detection MD systems have been developed. However, these systems have increasingly been attacked in recent years, undermining their effectiveness in practice. While the...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

Server-Side Template Injection Vulnerabilities and Exploitation Techniques

Research article called Server-Side Template Injection SSTI Vulnerabilities and Exploitation Techniques. The paper provides a structured methodology for detecting and exploiting SSTI vulnerabilities across multiple template engines, along with real-world case studies and mitigation strategies...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•8 views

Understanding and Characterizing Obfuscated Funds Transfers in Ethereum Smart Contracts

Scam contracts on Ethereum have rapidly evolved alongside the rise of DeFi and NFT ecosystems, utilizing increasingly complex code obfuscation techniques to avoid early detection. This paper systematically investigates how obfuscation amplifies the financial risks of fraudulent contracts and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•7 views

Yet Another Diminishing Spark: Low-Level Cyberattacks in the Israel-Gaza Conflict

We report empirical evidence of web defacement and DDoS attacks carried out by low-level cybercrime actors in the Israel-Gaza conflict. Our quantitative measurements indicate an immediate increase in such cyberattacks following the Hamas-led assault and the subsequent declaration of war. However,...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

Blockchain-Enabled Decentralized Privacy-Preserving Group Purchasing for Energy Plans

Retail energy markets are increasingly consumer-oriented, thanks to a growing number of energy plans offered by a plethora of energy suppliers, retailers and intermediaries. To maximize the benefits of competitive retail energy markets, group purchasing is an emerging paradigm that aggregates...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

Decentralized Multi-Authority Attribute-Based Inner-Product Functional Encryption: Noisy and Evasive Constructions from Lattices

We study multi-authority attribute-based functional encryption for noisy inner-product functionality, and propose two new primitives: 1 multi-authority attribute-based noisy inner-product functional encryption MA-ABNIPFE, which generalizes existing multi-authority attribute-based IPFE schemes by...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

Adversarially Robust Spiking Neural Networks with Sparse Connectivity

Deployment of deep neural networks in resource-constrained embedded systems requires innovative algorithmic solutions to facilitate their energy and memory efficiency. To further ensure the reliability of these systems against malicious actors, recent works have extensively studied adversarial...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•12 views

GuardReasoner-VL: Safeguarding VLMs Via Reinforced Reasoning

To enhance the safety of VLMs, this paper introduces a novel reasoning-based VLM guard model dubbed GuardReasoner-VL. The core idea is to incentivize the guard model to deliberatively reason before making moderation decisions via online RL. First, we construct GuardReasoner-VLTrain, a reasoning...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•5 views

LARGO: Latent Adversarial Reflection through Gradient Optimization for Jailbreaking LLMs

Efficient red-teaming method to uncover vulnerabilities in Large Language Models LLMs is crucial. While recent attacks often use LLMs as optimizers, the discrete language space make gradient-based methods struggle. We introduce LARGO Latent Adversarial Reflection through Gradient Optimization, a...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•7 views

The Ripple Effect: on Unforeseen Complications of Backdoor Attacks

Recent research highlights concerns about the trustworthiness of third-party Pre-Trained Language Models PTLMs due to potential backdoor attacks. These backdoored PTLMs, however, are effective only for specific pre-defined downstream tasks. In reality, these PTLMs can be adapted to many other...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

MPMA: Preference Manipulation Attack against Model Context Protocol

Model Context Protocol MCP standardizes interface mapping for large language models LLMs to access external data and tools, which revolutionizes the paradigm of tool selection and facilitates the rapid expansion of the LLM agent tool ecosystem. However, as the MCP is increasingly adopted,...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

Co-Evolutionary Defence of Active Directory Attack Graphs Via GNN-Approximated Dynamic Programming

Modern enterprise networks increasingly rely on Active Directory AD for identity and access management. However, this centralization exposes a single point of failure, allowing adversaries to compromise high-value assets. Existing AD defense approaches often assume static attacker behavior, but...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•34 views

ProxyPrompt: Securing System Prompts against Prompt Extraction Attacks

The integration of large language models LLMs into a wide range of applications has highlighted the critical role of well-crafted system prompts, which require extensive testing and domain expertise. These prompts enhance task performance but may also encode sensitive information and filtering...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•7 views

Side Channel Analysis in Homomorphic Encryption

Homomorphic encryption provides many opportunities for privacy-aware processing, including with methods related to machine learning. Many of our existing cryptographic methods have been shown in the past to be susceptible to side channel attacks. With these, the implementation of the cryptographi...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

Scaling an ISO Compliance Practice: Strategic Insights from Building a \$1m+ Cybersecurity Certification Line

The rapid exponential growth in cloud-first business models and tightened global data protection regulations have led to the exponential increase in the level of importance of ISO certifications, especially ISO/IEC 27001, 27017, and 27018, as strategic imperative propositions for organizations...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

Mobius Forensic Toolkit 2.15

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•9 views

"Explain, Don'T Just Warn!" -- a Real-Time Framework for Generating Phishing Warnings with Contextual Cues

Anti-phishing tools typically display generic warnings that offer users limited explanation on why a website is considered malicious, which can prevent end-users from developing the mental models needed to recognize phishing cues on their own. This becomes especially problematic when these tools...

6.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•16 views

From Trade-Off to Synergy: a Versatile Symbiotic Watermarking Framework for Large Language Models

The rise of Large Language Models LLMs has heightened concerns about the misuse of AI-generated text, making watermarking a promising solution. Mainstream watermarking schemes for LLMs fall into two categories: logits-based and sampling-based. However, current schemes entail trade-offs among...

7.1AI score
Exploits0
Total number of security vulnerabilities6907