Lucene search
+L
PacketstormnewsRecent

6907 matches found

Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•6 views

Diverging Towards Hallucination: Detection of Failures in Vision-Language Models Via Multi-Token Aggregation

Vision-language models VLMs now rival human performance on many multimodal tasks, yet they still hallucinate objects or generate unsafe text. Current hallucination detectors, e.g., single-token linear probing SLP and PTrue, typically analyze only the logit of the first generated token or just its...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•9 views

WASP: Benchmarking Web Agent Security against Prompt Injection Attacks

Autonomous UI agents powered by AI have tremendous potential to boost human productivity by automating routine tasks such as filing taxes and paying bills. However, a major challenge in unlocking their full potential is security, which is exacerbated by the agent's ability to take action on their...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•5 views

DMind Benchmark: toward a Holistic Assessment of LLM Capabilities across the Web3 Domain

Large Language Models LLMs have achieved impressive performance in diverse natural language processing tasks, but specialized domains such as Web3 present new challenges and require more tailored evaluation. Despite the significant user base and capital flows in Web3, encompassing smart contracts...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•7 views

SynFuzz: Leveraging Fuzzing of Netlist to Detect Synthesis Bugs

In the evolving landscape of integrated circuit IC design, the increasing complexity of modern processors and intellectual property IP cores has introduced new challenges in ensuring design correctness and security. The recent advancements in hardware fuzzing techniques have shown their efficacy ...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•32 views

ProxyPrompt: Securing System Prompts against Prompt Extraction Attacks

The integration of large language models LLMs into a wide range of applications has highlighted the critical role of well-crafted system prompts, which require extensive testing and domain expertise. These prompts enhance task performance but may also encode sensitive information and filtering...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•8 views

Nosy Layers, Noisy Fixes: Tackling DRAs in Federated Learning Systems Using Explainable AI

Federated Learning FL has emerged as a powerful paradigm for collaborative model training while keeping client data decentralized and private. However, it is vulnerable to Data Reconstruction Attacks DRA such as "LoKI" and "Robbing the Fed", where malicious models sent from the server to the clie...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/16 12:0 a.m.•11 views

Ivanti EPMM Pre-Auth RCE Chain 1day Detection Artifact Generator Tool

This script attempts to detect if Ivanti EPMM is vulnerable to CVE-2025-4427 and CVE-2025-4428. It affects versions 11.12.0.4 and prior, 12.3.0.1 and prior, 12.4.0.1 and prior, and 12.5.0.0 and prior...

8.8CVSS7AI score0.99899EPSS
Exploits10
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•7 views

Random Client Selection on Contrastive Federated Learning for Tabular Data

Vertical Federated Learning VFL has revolutionised collaborative machine learning by enabling privacy-preserving model training across multiple parties. However, it remains vulnerable to information leakage during intermediate computation sharing. While Contrastive Federated Learning CFL was...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•8 views

SecReEvalBench: a Multi-Turned Security Resilience Evaluation Benchmark for Large Language Models

The increasing deployment of large language models in security-sensitive domains necessitates rigorous evaluation of their resilience against adversarial prompt-based attacks. While previous benchmarks have focused on security evaluations with limited and predefined attack domains, such as...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•7 views

Enhancing IoT Cyber Attack Detection in the Presence of Highly Imbalanced Data

Due to the rapid growth in the number of Internet of Things IoT networks, the cyber risk has increased exponentially, and therefore, we have to develop effective IDS that can work well with highly imbalanced datasets. A high rate of missed threats can be the result, as traditional machine learnin...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•6 views

S3C2 Summit 2024-09: Industry Secure Software Supply Chain Summit

While providing economic and software development value, software supply chains are only as strong as their weakest link. Over the past several years, there has been an exponential increase in cyberattacks, specifically targeting vulnerable links in critical software supply chains. These attacks...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•9 views

A Survey of Learning-Based Intrusion Detection Systems for In-Vehicle Network

Connected and Autonomous Vehicles CAVs enhance mobility but face cybersecurity threats, particularly through the insecure Controller Area Network CAN bus. Cyberattacks can have devastating consequences in connected vehicles, including the loss of control over critical systems, necessitating robus...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•5 views

DataSentinel: a Game-Theoretic Detection of Prompt Injection Attacks

LLM-integrated applications and agents are vulnerable to prompt injection attacks, where an attacker injects prompts into their inputs to induce attacker-desired outputs. A detection method aims to determine whether a given input is contaminated by an injected prompt. However, existing detection...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•15 views

One for All: Formally Verifying Protocols Which Use Aggregate Signatures (Extended Version)

Aggregate signatures are digital signatures that compress multiple signatures from different parties into a single signature, thereby reducing storage and bandwidth requirements. BLS aggregate signatures are a popular kind of aggregate signature, deployed by Ethereum, Dfinity, and Cloudflare...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•9 views

RAN Tester UE: an Automated Declarative UE Centric Security Testing Platform

Cellular networks require strict security procedures and measures across various network components, from core to radio access network RAN and end-user devices. As networks become increasingly complex and interconnected, as in O-RAN deployments, they are exposed to a numerous security threats...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•5 views

Quantized Approximate Signal Processing (QASP): Towards Homomorphic Encryption for Audio

Audio and speech data are increasingly used in machine learning applications such as speech recognition, speaker identification, and mental health monitoring. However, the passive collection of this data by audio listening devices raises significant privacy concerns. Fully homomorphic encryption...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•8 views

AutoPentest: Enhancing Vulnerability Management with Autonomous LLM Agents

A recent area of increasing research is the use of Large Language Models LLMs in penetration testing, which promises to reduce costs and thus allow for higher frequency. We conduct a review of related work, identifying best practices and common evaluation issues. We then present AutoPentest, an...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•6 views

Agent Name Service (ANS): a Universal Directory for Secure AI Agent Discovery and Interoperability

The proliferation of AI agents requires robust mechanisms for secure discovery. This paper introduces the Agent Name Service ANS, a novel architecture based on DNS addressing the lack of a public agent discovery framework. ANS provides a protocol-agnostic registry infrastructure that leverages...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•6 views

ChestyBot: Detecting and Disrupting Chinese Communist Party Influence Stratagems

Foreign information operations conducted by Russian and Chinese actors exploit the United States' permissive information environment. These campaigns threaten democratic institutions and the broader Westphalian model. Yet, existing detection and mitigation strategies often fail to identify active...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•14 views

SafeTrans: LLM-Assisted Transpilation from C to Rust

Rust is a strong contender for a memory-safe alternative to C as a "systems" programming language, but porting the vast amount of existing C code to Rust is a daunting task. In this paper, we evaluate the potential of large language models LLMs to automate the transpilation of C code to idiomatic...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•9 views

AttentionGuard: Transformer-Based Misbehavior Detection for Secure Vehicular Platoons

Vehicle platooning, with vehicles traveling in close formation coordinated through Vehicle-to-Everything V2X communications, offers significant benefits in fuel efficiency and road utilization. However, it is vulnerable to sophisticated falsification attacks by authenticated insiders that can...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•14 views

WordPress Digits OTP Authentication Bypass

WordPress Digits plugin versions prior to 8.4.6.1 suffer from an OTP authentication bypass vulnerability...

9.8CVSS7.1AI score0.16444EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•1 views

Enhancing Secrecy Energy Efficiency in RIS-Aided Aerial Mobile Edge Computing Networks: a Deep Reinforcement Learning Approach

This paper studies the problem of securing task offloading transmissions from ground users against ground eavesdropping threats. Our study introduces a reconfigurable intelligent surface RIS-aided unmanned aerial vehicle UAV-mobile edge computing MEC scheme to enhance the secure task offloading...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•7 views

Managerial Insights on Investment Strategy in Cybersecurity: Findings from Multi-Country Research

This study examines the strategic role of cybersecurity based on survey data from 1,083 managers across Europe, the UK, and the United States. The findings indicate growing recognition of cybersecurity as a source of competitive advantage, although firms continue to face barriers such as limited...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•5 views

Dark LLMs: the Growing Threat of Unaligned AI Models

Large Language Models LLMs rapidly reshape modern life, advancing fields from healthcare to education and beyond. However, alongside their remarkable capabilities lies a significant threat: the susceptibility of these models to jailbreaking. The fundamental vulnerability of LLMs to jailbreak...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•5 views

Sybil-Based Virtual Data Poisoning Attacks in Federated Learning

Federated learning is vulnerable to poisoning attacks by malicious adversaries. Existing methods often involve high costs to achieve effective attacks. To address this challenge, we propose a sybil-based virtual data poisoning attack, where a malicious client generates sybil nodes to amplify the...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•22 views

Defending the Edge: Representative-Attention for Mitigating Backdoor Attacks in Federated Learning

Federated learning FL enhances privacy and reduces communication cost for resource-constrained edge clients by supporting distributed model training at the edge. However, the heterogeneous nature of such devices produces diverse, non-independent, and identically distributed non-IID data, making t...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•5 views

Private Transformer Inference in MLaaS: a Survey

Transformer models have revolutionized AI, powering applications like content generation and sentiment analysis. However, their deployment in Machine Learning as a Service MLaaS raises significant privacy concerns, primarily due to the centralized processing of sensitive user data. Private...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•6 views

Neural-Inspired Advances in Integral Cryptanalysis

The study by Gohr et.al at CRYPTO 2019 and sunsequent related works have shown that neural networks can uncover previously unused features, offering novel insights into cryptanalysis. Motivated by these findings, we employ neural networks to learn features specifically related to integral...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•5 views

Implementation of Shor Algorithm: Factoring a 4096-Bit Integer under Specific Constraints

In recent years, advancements in quantum chip technology, such as Willow, have contributed to reducing quantum computation error rates, potentially accelerating the practical adoption of quantum computing. As a result, the design of quantum algorithms suitable for real-world applications has beco...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•5 views

Analysing Safety Risks in LLMs Fine-Tuned with Pseudo-Malicious Cyber Security Data

The integration of large language models LLMs into cyber security applications presents significant opportunities, such as enhancing threat analysis and malware detection, but can also introduce critical risks and safety concerns, including personal data leakage and automated generation of new...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•5 views

Automating Security Audit Using Large Language Model Based Agent: an Exploration Experiment

In the current rapidly changing digital environment, businesses are under constant stress to ensure that their systems are secured. Security audits help to maintain a strong security posture by ensuring that policies are in place, controls are implemented, gaps are identified for cybersecurity...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•7 views

On Technique Identification and Threat-Actor Attribution Using LLMs and Embedding Models

Attribution of cyber-attacks remains a complex but critical challenge for cyber defenders. Currently, manual extraction of behavioral indicators from dense forensic documentation causes significant attribution delays, especially following major incidents at the international scale. This research...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•5 views

Cutting through Privacy: a Hyperplane-Based Data Reconstruction Attack in Federated Learning

Federated Learning FL enables collaborative training of machine learning models across distributed clients without sharing raw data, ostensibly preserving data privacy. Nevertheless, recent studies have revealed critical vulnerabilities in FL, showing that a malicious central server can manipulat...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•7 views

The Tangent Space Attack

We propose a new method for retrieving the algebraic structure of a generic alternant code given an arbitrary generator matrix, provided certain conditions are met. We then discuss how this challenges the security of the McEliece cryptosystem instantiated with this family of codes. The central...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•6 views

The Ephemeral Threat: Assessing the Security of Algorithmic Trading Systems Powered by Deep Learning

We study the security of stock price forecasting using Deep Learning DL in computational finance. Despite abundant prior research on the vulnerability of DL to adversarial perturbations, such work has hitherto hardly addressed practical adversarial threat models in the context of DL-powered...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•7 views

Cape: Context-Aware Prompt Perturbation Mechanism with Differential Privacy

Large Language Models LLMs have gained significant popularity due to their remarkable capabilities in text understanding and generation. However, despite their widespread deployment in inference services such as ChatGPT, concerns about the potential leakage of sensitive user data have arisen...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/15 12:0 a.m.•7 views

AC-LoRA: (Almost) Training-Free Access Control-Aware Multi-Modal LLMs

Corporate LLMs are gaining traction for efficient knowledge dissemination and management within organizations. However, as current LLMs are vulnerable to leaking sensitive information, it has proven difficult to apply them in settings where strict access control is necessary. To this end, we desi...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/14 12:0 a.m.•5 views

Adversarial Attack on Large Language Models Using Exponentiated Gradient Descent

As Large Language Models LLMs are widely used, understanding them systematically is key to improving their safety and realizing their full potential. Although many models are aligned using techniques such as reinforcement learning from human feedback RLHF, they are still vulnerable to jailbreakin...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/14 12:0 a.m.•5 views

Efficient Malicious UAV Detection Using Autoencoder-TSMamba Integration

Malicious Unmanned Aerial Vehicles UAVs present a significant threat to next-generation networks NGNs, posing risks such as unauthorized surveillance, data theft, and the delivery of hazardous materials. This paper proposes an integrated AE-classifier system to detect malicious UAVs. The proposed...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/14 12:0 a.m.•4 views

Security and Privacy Measurement on Chinese Consumer IoT Traffic Based on Device Lifecycle

In recent years, consumer Internet of Things IoT devices have become widely used in daily life. With the popularity of devices, related security and privacy risks arise at the same time as they collect user-related data and transmit it to various service providers. Although China accounts for a...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/14 12:0 a.m.•7 views

Evaluating the Robustness of Adversarial Defenses in Malware Detection Systems

Machine learning is a key tool for Android malware detection, effectively identifying malicious patterns in apps. However, ML-based detectors are vulnerable to evasion attacks, where small, crafted changes bypass detection. Despite progress in adversarial defenses, the lack of comprehensive...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/14 12:0 a.m.•2 views

Compact Lattice-Coded (Multi-Recipient) Kyber without CLT Independence Assumption

Whitepaper called Compact Lattice-Coded Multi-Recipient Kyber Without CLT Independence Assumption...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/14 12:0 a.m.•5 views

CANTXSec: a Deterministic Intrusion Detection and Prevention System for CAN Bus Monitoring ECU Activations

Despite being a legacy protocol with various known security issues, Controller Area Network CAN still represents the de-facto standard for communications within vehicles, ships, and industrial control systems. Many research works have designed Intrusion Detection Systems IDSs to identify attacks ...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/14 12:0 a.m.•5 views

Automated Alert Classification and Triage (AACT): an Intelligent System for the Prioritisation of Cybersecurity Alerts

Enterprise networks are growing ever larger with a rapidly expanding attack surface, increasing the volume of security alerts generated from security controls. Security Operations Centre SOC analysts triage these alerts to identify malicious activity, but they struggle with alert fatigue due to t...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/14 12:0 a.m.•6 views

Detecting Sybil Addresses in Blockchain Airdrops: a Subgraph-Based Feature Propagation and Fusion Approach

Sybil attacks pose a significant security threat to blockchain ecosystems, particularly in token airdrop events. This paper proposes a novel sybil address identification method based on subgraph feature extraction lightGBM. The method first constructs a two-layer deep transaction subgraph for eac...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/14 12:0 a.m.•6 views

Correlating Account on Ethereum Mixing Service Via Domain-Invariant Feature Learning

The untraceability of transactions facilitated by Ethereum mixing services like Tornado Cash poses significant challenges to blockchain security and financial regulation. Existing methods for correlating mixing accounts suffer from limited labeled data and vulnerability to noisy annotations, whic...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/14 12:0 a.m.•7 views

Optimizing DDoS Detection in SDNs through Machine Learning Models

The emergence of Software-Defined Networking SDN has changed the network structure by separating the control plane from the data plane. However, this innovation has also increased susceptibility to DDoS attacks. Existing detection techniques are often ineffective due to data imbalance and accurac...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/14 12:0 a.m.•4 views

DNS Query Forgery: a Client-Side Defense against Mobile App Traffic Profiling

Mobile applications continuously generate DNS queries that can reveal sensitive user behavioral patterns even when communications are encrypted. This paper presents a privacy enhancement framework based on query forgery to protect users against profiling attempts that leverage these background...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/05/14 12:0 a.m.•3 views

Instantiating Standards: Enabling Standard-Driven Text TTP Extraction with Evolvable Memory

Extracting MITRE ATT&CK Tactics, Techniques, and Procedures TTPs from natural language threat reports is crucial yet challenging. Existing methods primarily focus on performance metrics using data-driven approaches, often neglecting mechanisms to ensure faithful adherence to the official standard...

6.9AI score
Exploits0
Total number of security vulnerabilities6907