Lucene search
K
PacketstormnewsRecent

6864 matches found

Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•9 views

Erased but Not Forgotten: How Backdoors Compromise Concept Erasure

The expansion of large-scale text-to-image diffusion models has raised growing concerns about their potential to generate undesirable or harmful content, ranging from fabricated depictions of public figures to sexually explicit images. To mitigate these risks, prior work has devised machine...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•7 views

Building Trust in Healthcare with Privacy Techniques: Blockchain in the Cloud

This study introduces a cutting-edge architecture developed for the NewbornTime project, which uses advanced AI to analyze video data at birth and during newborn resuscitation, with the aim of improving newborn care. The proposed architecture addresses the crucial issues of patient consent, data...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•6 views

Enhancing Vulnerability Reports with Automated and Augmented Description Summarization

Public vulnerability databases, such as the National Vulnerability Database NVD, document vulnerabilities and facilitate threat information sharing. However, they often suffer from short descriptions and outdated or insufficient information. In this paper, we introduce Zad, a system designed to...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•3 views

DP-SMOTE: Integrating Differential Privacy and Oversampling Technique to Preserve Privacy in Smart Homes

Smart homes represent intelligent environments where interconnected devices gather information, enhancing users living experiences by ensuring comfort, safety, and efficient energy management. To enhance the quality of life, companies in the smart device industry collect user data, including...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•5 views

Quantifying the Noise of Structural Perturbations on Graph Adversarial Attacks

Graph neural networks have been widely utilized to solve graph-related tasks because of their strong learning power in utilizing the local information of neighbors. However, recent studies on graph adversarial attacks have proven that current graph neural networks are not robust against malicious...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•32 views

SecRepoBench: Benchmarking LLMs for Secure Code Generation in Real-World Repositories

This paper introduces SecRepoBench, a benchmark to evaluate LLMs on secure code generation in real-world repositories. SecRepoBench has 318 code generation tasks in 27 C/C++ repositories, covering 15 CWEs. We evaluate 19 state-of-the-art LLMs using our benchmark and find that the models struggle...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•7 views

The Hidden Risks of LLM-Generated Web Application Code: a Security-Centric Evaluation of Code Generation Capabilities in Large Language Models

The rapid advancement of Large Language Models LLMs has enhanced software development processes, minimizing the time and effort required for coding and enhancing developer productivity. However, despite their potential benefits, code generated by LLMs has been shown to generate insecure code in...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•7 views

Sleeping Giants -- Activating Dormant Java Deserialization Gadget Chains through Stealthy Code Changes

Java deserialization gadget chains are a well-researched critical software weakness. The vast majority of known gadget chains rely on gadgets from software dependencies. Furthermore, it has been shown that small code changes in dependencies have enabled these gadget chains. This makes gadget chai...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•7 views

Bipartite Randomized Response Mechanism for Local Differential Privacy

With the increasing importance of data privacy, Local Differential Privacy LDP has recently become a strong measure of privacy for protecting each user's privacy from data analysts without relying on a trusted third party. In many cases, both data providers and data analysts hope to maximize the...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•6 views

Efficient Patient-Centric EMR Sharing Block Tree

Flexible sharing of electronic medical records EMRs is an urgent need in healthcare, as fragmented storage creates EMR management complexity for both practitioners and patients. Blockchain has emerged as a promising solution to address the limitations of centralized EMR systems regarding...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•17 views

DejaVuzz: Disclosing Transient Execution Bugs with Dynamic Swappable Memory and Differential Information Flow Tracking Assisted Processor Fuzzing

Transient execution vulnerabilities have emerged as a critical threat to modern processors. Hardware fuzzing testing techniques have recently shown promising results in discovering transient execution bugs in large-scale out-of-order processor designs. However, their poor microarchitectural...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•6 views

GiBy: a Giant-Step Baby-Step Classifier for Anomaly Detection in Industrial Control Systems

The continuous monitoring of the interactions between cyber-physical components of any industrial control system ICS is required to secure automation of the system controls, and to guarantee plant processes are fail-safe and remain in an acceptably safe state. Safety is achieved by managing...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•8 views

Microsoft .library-ms File / NTLM Information Disclosure - Resurrected 2025

It took 7 years, but Microsoft finally realized a vulnerability was severe enough to be addressed and it was not until other researchers also reported it, that the original researcher finally got credited after pointing it out...

6.5CVSS6.8AI score0.58974EPSS
Exploits20
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•5 views

Federated One-Shot Learning with Data Privacy and Objective-Hiding

Privacy in federated learning is crucial, encompassing two key aspects: safeguarding the privacy of clients' data and maintaining the privacy of the federator's objective from the clients. While the first aspect has been extensively studied, the second has received much less attention. We present...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/29 12:0 a.m.•23 views

CachePrune: Neural-Based Attribution Defense against Indirect Prompt Injection Attacks

Large Language Models LLMs are identified as being susceptible to indirect prompt injection attack, where the model undesirably deviates from user-provided instructions by executing tasks injected in the prompt context. This vulnerability stems from LLMs' inability to distinguish between data and...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•8 views

Simplified and Secure MCP Gateways for Enterprise AI Integration

The increased adoption of the Model Context Protocol MCP for AI Agents necessitates robust security for Enterprise integrations. This paper introduces the MCP Gateway to simplify self-hosted MCP server integration. The proposed architecture integrates security principles, authentication, intrusio...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•5 views

SILENT: a New Lens on Statistics in Software Timing Side Channels

Cryptographic research takes software timing side channels seriously. Approaches to mitigate them include constant-time coding and techniques to enforce such practices. However, recent attacks like Meltdown 42, Spectre 37, and Hertzbleed 70 have challenged our understanding of what it means for...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•17 views

Hybrid Privacy Policy-Code Consistency Check Using Knowledge Graphs and LLMs

The increasing concern in user privacy misuse has accelerated research into checking consistencies between smartphone apps' declared privacy policies and their actual behaviors. Recent advances in Large Language Models LLMs have introduced promising techniques for semantic comparison, but these...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•7 views

Security Bug Report Prediction within and across Projects: a Comparative Study of BERT and Random Forest

Early detection of security bug reports SBRs is crucial for preventing vulnerabilities and ensuring system reliability. While machine learning models have been developed for SBR prediction, their predictive performance still has room for improvement. In this study, we conduct a comprehensive...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•5 views

A Virtual Cybersecurity Department for Securing Digital Twins in Water Distribution Systems

Digital twins DTs help improve real-time monitoring and decision-making in water distribution systems. However, their connectivity makes them easy targets for cyberattacks such as scanning, denial-of-service DoS, and unauthorized access. Small and medium-sized enterprises SMEs that manage these...

8.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•4 views

IWCC 2025 Call for Papers

The 14th International Workshop on Cyber Crime, or IWCC, 2025 call for papers has been announced. It will be held this year in conjunction with the 20th International Conference on Availability, Reliability and Security ARES 2025. It will take place August 11th through the 14th, 2025 in Ghent,...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•6 views

Trusted Compute Units: a Framework for Chained Verifiable Computations

Blockchain and distributed ledger technologies DLTs facilitate decentralized computations across trust boundaries. However, ensuring complex computations with low gas fees and confidentiality remains challenging. Recent advances in Confidential Computing -- leveraging hardware-based Trusted...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•6 views

Prompt Injection Attack to Tool Selection in LLM Agents

Whitepaper called Prompt Injection Attack To Tool Selection In LLM Agents...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•9 views

The Automation Advantage in AI Red Teaming

This paper analyzes Large Language Model LLM security vulnerabilities based on data from Crucible, encompassing 214,271 attack attempts by 1,674 users across 30 LLM challenges. Our findings reveal automated approaches significantly outperform manual techniques 69.5% vs 47.6% success rate, despite...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•12 views

SoK: a Survey of Mixing Techniques and Mixers for Cryptocurrencies

Blockchain technologies have overturned the digital finance industry by introducing a decentralized pseudonymous means of monetary transfer. The pseudonymous nature introduced privacy concerns, enabling various deanonymization techniques, which in turn spurred development of stronger...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•7 views

DeeCLIP: a Robust and Generalizable Transformer-Based Framework for Detecting AI-Generated Images

This paper introduces DeeCLIP, a novel framework for detecting AI-generated images using CLIP-ViT and fusion learning. Despite significant advancements in generative models capable of creating highly photorealistic images, existing detection methods often struggle to generalize across different...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•6 views

From Paper Trails to Trust on Tracks: Adding Public Transparency to Railways Via Zk-SNARKs

Railways provide a critical service and operate under strict regulatory frameworks for implementing changes or upgrades. Despite their impact on the public, these frameworks do not define means or mechanisms for transparency towards the public, leading to reduced trust and complex tracking...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•8 views

Smart Water Security with AI and Blockchain-Enhanced Digital Twins

Water distribution systems in rural areas face serious challenges such as a lack of real-time monitoring, vulnerability to cyberattacks, and unreliable data handling. This paper presents an integrated framework that combines LoRaWAN-based data acquisition, a machine learning-driven Intrusion...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•9 views

Inception: Jailbreak the Memory Mechanism of Text-To-Image Generation Systems

Currently, the memory mechanism has been widely and successfully exploited in online text-to-image T2I generation systems e.g., DALL E 3 for alleviating the growing tokenization burden and capturing key information in multi-turn interactions. Despite its practicality, its security analyses have...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•10 views

Craft CMS 4.x / 5.x Remote Code Execution

Craft CMS proof of concept remote code execution exploit. Versions affected are 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17...

10CVSS8.2AI score0.99803EPSS
Exploits14
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•7 views

Llama-3.1-FoundationAI-SecurityLLM-Base-8B Technical Report

As transformer-based large language models LLMs increasingly permeate society, they have revolutionized domains such as software engineering, creative writing, and digital arts. However, their adoption in cybersecurity remains limited due to challenges like scarcity of specialized training data a...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•8 views

A Cryptographic Perspective on Mitigation Vs. Detection in Machine Learning

In this paper, we initiate a cryptographically inspired theoretical study of detection versus mitigation of adversarial inputs produced by attackers of Machine Learning algorithms during inference time. We formally define defense by detection DbD and defense by mitigation DbM. Our definitions com...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•6 views

SA2FE: a Secure, Anonymous, Auditable, and Fair Edge Computing Service Offloading Framework

The inclusion of pervasive computing devices in a democratized edge computing ecosystem can significantly expand the capability and coverage of near-end computing for large-scale applications. However, offloading user tasks to heterogeneous and decentralized edge devices comes with the dual risk ...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•15 views

Leveraging LLM to Strengthen ML-Based Cross-Site Scripting Detection

According to the Open Web Application Security Project OWASP, Cross-Site Scripting XSS is a critical security vulnerability. Despite decades of research, XSS remains among the top 10 security vulnerabilities. Researchers have proposed various techniques to protect systems from XSS attacks, with...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•6 views

Prefill-Based Jailbreak: a Novel Approach of Bypassing LLM Safety Boundary

Large Language Models LLMs are designed to generate helpful and safe content. However, adversarial attacks, commonly referred to as jailbreak, can bypass their safety protocols, prompting LLMs to generate harmful content or reveal sensitive data. Consequently, investigating jailbreak methodologie...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•4 views

Stegano 1.0.0

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit LSB technique. It is possible to use a more advanced LSB method based on integers sets. The sets Sieve of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•7 views

American Fuzzy Lop plus plus 4.32c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•7 views

A Case Study on the Use of Representativeness Bias As a Defense against Adversarial Cyber Threats

Cyberspace is an ever-evolving battleground involving adversaries seeking to circumvent existing safeguards and defenders aiming to stay one step ahead by predicting and mitigating the next threat. Existing mitigation strategies have focused primarily on solutions that consider software or hardwa...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•6 views

SAGE: a Generic Framework for LLM Safety Evaluation

Whitepaper called SAGE: A Generic Framework For LLM Safety Evaluation...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•8 views

BoxBilling 4.22.1.5 Remote Code Execution

BoxBilling versions 4.22.1.5 and below remote code execution exploit that spawns a php reverse shell...

7.2CVSS8.2AI score0.44002EPSS
Exploits7
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•6 views

Metadata-Private Messaging without Coordination

For those seeking end-to-end private communication free from pervasive metadata tracking and censorship, the Tor network has been the de-facto choice in practice, despite its susceptibility to traffic analysis attacks. Recently, numerous metadata-private messaging proposals have emerged with the...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•4 views

Cybersecurity for Autonomous Vehicles

The increasing adoption of autonomous vehicles is bringing a major shift in the automotive industry. However, as these vehicles become more connected, cybersecurity threats have emerged as a serious concern. Protecting the security and integrity of autonomous systems is essential to prevent...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•7 views

BadMoE: Backdooring Mixture-Of-Experts LLMs Via Optimizing Routing Triggers and Infecting Dormant Experts

Mixture-of-Experts MoE have emerged as a powerful architecture for large language models LLMs, enabling efficient scaling of model capacity while maintaining manageable computational costs. The key advantage lies in their ability to route different tokens to different "expert'' networks within th...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•6 views

Phishing URL Detection Using Bi-LSTM

Phishing attacks threaten online users, often leading to data breaches, financial losses, and identity theft. Traditional phishing detection systems struggle with high false positive rates and are usually limited by the types of attacks they can identify. This paper proposes a deep learning-based...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•12 views

The Cost of Performance: Breaking ThreadX with Kernel Object Masquerading Attacks

Microcontroller-based IoT devices often use embedded real-time operating systems RTOSs. Vulnerabilities in these embedded RTOSs can lead to compromises of those IoT devices. Despite the significance of security protections, the absence of standardized security guidelines results in various levels...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•8 views

Securing GenAI Multi-Agent Systems against Tool Squatting: a Zero Trust Registry-Based Approach

The rise of generative AI GenAI multi-agent systems MAS necessitates standardized protocols enabling agents to discover and interact with external tools. However, these protocols introduce new security challenges, particularly; tool squatting; the deceptive registration or representation of tools...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•13 views

The Dark Side of Digital Twins: Adversarial Attacks on AI-Driven Water Forecasting

Digital twins DTs are improving water distribution systems by using real-time data, analytics, and prediction models to optimize operations. This paper presents a DT platform designed for a Spanish water supply network, utilizing Long Short-Term Memory LSTM networks to predict water consumption...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•18 views

Security of a Secret Sharing Protocol on the Qline

Secret sharing is a fundamental primitive in cryptography, and it can be achieved even with perfect security. However, the distribution of shares requires computational assumptions, which can compromise the overall security of the protocol. While traditional Quantum Key Distribution QKD can...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•9 views

Fast and Robust Speckle Pattern Authentication by Scale Invariant Feature Transform Algorithm in Physical Unclonable Functions

Nowadays, due to the growing phenomenon of forgery in many fields, the interest in developing new anti-counterfeiting device and cryptography keys, based on the Physical Unclonable Functions PUFs paradigm, is widely increased. PUFs are physical hardware with an intrinsic, irreproducible disorder...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•5 views

Exploring the Role of Large Language Models in Cybersecurity: a Systematic Survey

With the rapid development of technology and the acceleration of digitalisation, the frequency and complexity of cyber security threats are increasing. Traditional cybersecurity approaches, often based on static rules and predefined scenarios, are struggling to adapt to the rapidly evolving natur...

6.8AI score
Exploits0
Total number of security vulnerabilities6864