Lucene search
K
PacketstormnewsRecent

6864 matches found

Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•7 views

SAP NetWeaver Visual Composer Metadata Uploader CVE-2025-31324 Scanner

This tool checks to see if the SAP NetWeaver Visual Composer Metadata Uploader component is vulnerable to CVE-2025-31324 and if there are known webshells in the system...

10CVSS6.9AI score0.99359EPSS
Exploits18
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•13 views

GenPTW: In-Generation Image Watermarking for Provenance Tracing and Tamper Localization

The rapid development of generative image models has brought tremendous opportunities to AI-generated content AIGC creation, while also introducing critical challenges in ensuring content authenticity and copyright ownership. Existing image watermarking methods, though partially effective, often...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/28 12:0 a.m.•18 views

AGATE: Stealthy Black-Box Watermarking for Multimodal Model Copyright Protection

Recent advancement in large-scale Artificial Intelligence AI models offering multimodal services have become foundational in AI systems, making them prime targets for model theft. Existing methods select Out-of-Distribution OoD data as backdoor watermarks and retrain the original model for...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/27 12:0 a.m.•10 views

On the Prevalence and Usage of Commit Signing on GitHub: a Longitudinal and Cross-Domain Study

GitHub is one of the most widely used public code development platform. However, the code hosted publicly on the platform is vulnerable to commit spoofing that allows an adversary to introduce malicious code or commits into the repository by spoofing the commit metadata to indicate that the code...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/27 12:0 a.m.•22 views

FCGHunter: Towards Evaluating Robustness of Graph-Based Android Malware Detection

Graph-based detection methods leveraging Function Call Graphs FCGs have shown promise for Android malware detection AMD due to their semantic insights. However, the deployment of malware detectors in dynamic and hostile environments raises significant concerns about their robustness. While recent...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/27 12:0 a.m.•5 views

SAGA: a Security Architecture for Governing AI Agentic Systems

Large Language Model LLM-based agents increasingly interact, collaborate, and delegate tasks to one another autonomously with minimal human interaction. Industry guidelines for agentic system governance emphasize the need for users to maintain comprehensive control over their agents, mitigating...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/27 12:0 a.m.•7 views

JailbreaksOverTime: Detecting Jailbreak Attacks under Distribution Shift

Safety and security remain critical concerns in AI deployment. Despite safety training through reinforcement learning with human feedback RLHF 32, language models remain vulnerable to jailbreak attacks that bypass safety guardrails. Universal jailbreaks - prefixes that can circumvent alignment fo...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/27 12:0 a.m.•6 views

Comparative Analysis of AI-Driven Security Approaches in DevSecOps: Challenges, Solutions, and Future Directions

The integration of security within DevOps, known as DevSecOps, has gained traction in modern software development to address security vulnerabilities while maintaining agility. Artificial Intelligence AI and Machine Learning ML have been increasingly leveraged to enhance security automation, thre...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/27 12:0 a.m.•7 views

GTSD: Generative Text Steganography Based on Diffusion Model

With the rapid development of deep learning, existing generative text steganography methods based on autoregressive models have achieved success. However, these autoregressive steganography approaches have certain limitations. Firstly, existing methods require encoding candidate words according t...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/27 12:0 a.m.•5 views

Detecting Speculative Data Flow Vulnerabilities Using Weakest Precondition Reasoning

Speculative execution is a hardware optimisation technique where a processor, while waiting on the completion of a computation required for an instruction, continues to execute later instructions based on a predicted value of the pending computation. It came to the forefront of security research ...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/27 12:0 a.m.•3 views

Rational Points and Zeta Functions of Humbert Surfaces with Square Discriminant

Whitepaper called Rational Points And Zeta Functions Of Humbert Surfaces With Square Discriminant...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/27 12:0 a.m.•18 views

Provably Secure Public-Key Steganography Based on Admissible Encoding

The technique of hiding secret messages within seemingly harmless covertext to evade examination by censors with rigorous security proofs is known as provably secure steganography PSS. PSS evolves from symmetric key steganography to public-key steganography, functioning without the requirement of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/27 12:0 a.m.•5 views

ChipletQuake: On-Die Digital Impedance Sensing for Chiplet and Interposer Verification

Whitepaper called ChipletQuake: On-Die Digital Impedance Sensing For Chiplet And Interposer Verification...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/27 12:0 a.m.•4 views

Evaluating Organization Security: User Stories of European Union NIS2 Directive

The NIS2 directive requires EU Member States to ensure a consistently high level of cybersecurity by setting risk-management measures for essential and important entities. Evaluations are necessary to assess whether the required security level is met. This involves understanding the needs and goa...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•7 views

Redefining Hybrid Blockchains: a Balanced Architecture

Blockchain technology has completely revolutionized the field of decentralized finance with the emergence of a variety of cryptocurrencies and digital assets. However, widespread adoption of this technology by governments and enterprises has been limited by concerns regarding the technology's...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•6 views

SONNI: Secure Oblivious Neural Network Inference

In the standard privacy-preserving Machine learning as-a-service MLaaS model, the client encrypts data using homomorphic encryption and uploads it to a server for computation. The result is then sent back to the client for decryption. It has become more and more common for the computation to be...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•7 views

CipherBank: Exploring the Boundary of LLM Reasoning Capabilities through Cryptography Challenges

Large language models LLMs have demonstrated remarkable capabilities, especially the recent advancements in reasoning, such as o1 and o3, pushing the boundaries of AI. Despite these impressive achievements in mathematics and coding, the reasoning abilities of LLMs in domains requiring cryptograph...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•8 views

Differentially Private Quasi-Concave Optimization: Bypassing the Lower Bound and Application to Geometric Problems

Whitepaper called Differentially Private Quasi-Concave Optimization: Bypassing The Lower Bound And Application To Geometric Problems...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•6 views

Graph of Attacks: Improved Black-Box and Interpretable Jailbreaks for LLMs

The challenge of ensuring Large Language Models LLMs align with societal standards is of increasing interest, as these models are still prone to adversarial jailbreaks that bypass their safety mechanisms. Identifying these vulnerabilities is crucial for enhancing the robustness of LLMs against su...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•5 views

Security Vulnerabilities in Quantum Cloud Systems: a Survey on Emerging Threats

Quantum computing is becoming increasingly widespread due to the potential and capabilities to solve complex problems beyond the scope of classical computers. As Quantum Cloud services are adopted by businesses and research groups, they allow for greater progress and application in many fields...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•13 views

The Dark Side of the Web: Towards Understanding Various Data Sources in Cyber Threat Intelligence

Cyber threats have become increasingly prevalent and sophisticated. Prior work has extracted actionable cyber threat intelligence CTI, such as indicators of compromise, tactics, techniques, and procedures TTPs, or threat feeds from various sources: open source data e.g., social networks, internal...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•4 views

Steering the CensorShip: Uncovering Representation Vectors for LLM "Thought" Control

Large language models LLMs have transformed the way we access information. These models are often tuned to refuse to comply with requests that are considered harmful and to produce responses that better align with the preferences of those who control the models. To understand how this "censorship...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•16 views

T2VShield: Model-Agnostic Jailbreak Defense for Text-To-Video Models

The rapid development of generative artificial intelligence has made text to video models essential for building future multimodal world simulators. However, these models remain vulnerable to jailbreak attacks, where specially crafted prompts bypass safety mechanisms and lead to the generation of...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•6 views

A Study on Mixup-Inspired Augmentation Methods for Software Vulnerability Detection

Various deep learning DL methods have recently been utilized to detect software vulnerabilities. Real-world software vulnerability datasets are rare and hard to acquire, as there is no simple metric for classifying vulnerability. Such datasets are heavily imbalanced, and none of the current...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•14 views

Bandit on the Hunt: Dynamic Crawling for Cyber Threat Intelligence

Public information contains valuable Cyber Threat Intelligence CTI that is used to prevent future attacks. While standards exist for sharing this information, much appears in non-standardized news articles or blogs. Monitoring online sources for threats is time-consuming and source selection is...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

Heavy-Tailed Privacy: the Symmetric Alpha-Stable Privacy Mechanism

With the rapid growth of digital platforms, there is increasing apprehension about how personal data is collected, stored, and used by various entities. These concerns arise from the increasing frequency of data breaches, cyber-attacks, and misuse of personal information for targeted advertising...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

ECG Identity Authentication in Open-Set with Multi-Model Pretraining and Self-Constraint Center and Irrelevant Sample Repulsion Learning

Electrocardiogram ECG signal exhibits inherent uniqueness, making it a promising biometric modality for identity authentication. As a result, ECG authentication has gained increasing attention in recent years. However, most existing methods focus primarily on improving authentication accuracy...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•22 views

SoK: Timeline Based Event Reconstruction for Digital Forensics: Terminology, Methodology, and Current Challenges

Event reconstruction is a technique that examiners can use to attempt to infer past activities by analyzing digital artifacts. Despite its significance, the field suffers from fragmented research, with studies often focusing narrowly on aspects like timeline creation or tampering detection. This...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

Performance of Machine Learning Classifiers for Anomaly Detection in Cyber Security Applications

This work empirically evaluates machine learning models on two imbalanced public datasets KDDCUP99 and Credit Card Fraud 2013. The method includes data preparation, model training, and evaluation, using an 80/20 train/test split. Models tested include eXtreme Gradient Boosting XGB, Multi Layer...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•8 views

DeSIA: Attribute Inference Attacks against Limited Fixed Aggregate Statistics

Empirical inference attacks are a popular approach for evaluating the privacy risk of data release mechanisms in practice. While an active attack literature exists to evaluate machine learning models or synthetic data release, we currently lack comparable methods for fixed aggregate statistics, i...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

Faraday 5.13.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•4 views

Quantum Lifting for Invertible Permutations and Ideal Ciphers

In this work, we derive the first lifting theorems for establishing security in the quantum random permutation and ideal cipher models. These theorems relate the success probability of an arbitrary quantum adversary to that of a classical algorithm making only a small number of classical queries...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

LLMpatronous: Harnessing the Power of LLMs for Vulnerability Detection

Despite the transformative impact of Artificial Intelligence AI across various sectors, cyber security continues to rely on traditional static and dynamic analysis tools, hampered by high false positive rates and superficial code comprehension. While generative AI offers promising automation...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•6 views

TSCL:Multi-Party Loss Balancing Scheme for Deep Learning Image Steganography Based on Curriculum Learning

For deep learning-based image steganography frameworks, in order to ensure the invisibility and recoverability of the information embedding, the loss function usually contains several losses such as embedding loss, recovery loss and steganalysis loss. In previous research works, fixed loss weight...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•25 views

LightDSA: a Python-Based Hybrid Digital Signature Library and Performance Analysis of RSA, DSA, ECDSA and EdDSA in Variable Configurations, Elliptic Curve Forms and Curves

Digital signature algorithms DSAs are fundamental to cryptographic security, ensuring data integrity and authentication. While RSA, DSA, ECDSA, and EdDSA are widely used, their performance varies significantly depending on key sizes, hash functions, and elliptic curve configurations. In this pape...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•6 views

Adversarial Attacks on LLM-As-A-Judge Systems: Insights from Prompt Injections

LLM as judge systems used to assess text quality code correctness and argument strength are vulnerable to prompt injection attacks. We introduce a framework that separates content author attacks from system prompt attacks and evaluate five models Gemma 3.27B Gemma 3.4B Llama 3.2 3B GPT 4 and Clau...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•8 views

NoEsis: Differentially Private Knowledge Transfer in Modular LLM Adaptation

Large Language Models LLM are typically trained on vast amounts of data from various sources. Even when designed modularly e.g., Mixture-of-Experts, LLMs can leak privacy on their sources. Conversely, training such models in isolation arguably prohibits generalization. To this end, we propose a...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•21 views

ThreMoLIA: Threat Modeling of Large Language Model-Integrated Applications

Large Language Models LLMs are currently being integrated into industrial software applications to help users perform more complex tasks in less time. However, these LLM-Integrated Applications LIA expand the attack surface and introduce new kinds of threats. Threat modeling is commonly used to...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

PICO: Secure Transformers Via Robust Prompt Isolation and Cybersecurity Oversight

We propose a robust transformer architecture designed to prevent prompt injection attacks and ensure secure, reliable response generation. Our PICO Prompt Isolation and Cybersecurity Oversight framework structurally separates trusted system instructions from untrusted user inputs through dual...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•8 views

issabel-pbx 4.0.0-6 Cross Site Request Forgery

issabel-pbx version 4.0.0-6 proof of concept cross site request forgery exploit that creates a new user...

6.8CVSS6.4AI score0.00659EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•93 views

Automating Function-Level TARA for Automotive Full-Lifecycle Security

As modern vehicles evolve into intelligent and connected systems, their growing complexity introduces significant cybersecurity risks. Threat Analysis and Risk Assessment TARA has therefore become essential for managing these risks under mandatory regulations. However, existing TARA automation...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

Revisiting Data Auditing in Large Vision-Language Models

With the surge of large language models LLMs, Large Vision-Language Models VLMs--which integrate vision encoders with LLMs for accurate visual grounding--have shown great potential in tasks like generalist agents and robotic control. However, VLMs are typically trained on massive web-scraped...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•6 views

A Gradient-Optimized TSK Fuzzy Framework for Explainable Phishing Detection

Phishing attacks represent an increasingly sophisticated and pervasive threat to individuals and organizations, causing significant financial losses, identity theft, and severe damage to institutional reputations. Existing phishing detection methods often struggle to simultaneously achieve high...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•7 views

Biting the CHERI Bullet: Blockers, Enablers and Security Implications of CHERI in Defence

There is growing interest in securing the hardware foundations software stacks build upon. However, before making any investment decision, software and hardware supply chain stakeholders require evidence from realistic, multiple long-term studies of adoption. We present results from a 12 month...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•4 views

User Profiles: the Achilles' Heel of Web Browsers

Web browsers provide the security foundation for our online experiences. Significant research has been done into the security of browsers themselves, but relatively little investigation has been done into how they interact with the operating system or the file system. In this work, we provide the...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•7 views

A Comment on "E-PoS: Making PoS Decentralized and Fair"

Proof-of-Stake PoS is a prominent Sybil control mechanism for blockchain-based systems. In "e-PoS: Making PoS Decentralized and Fair," Saad et al. TPDS'21 introduced a new Proof-of-Stake protocol, e-PoS, to enhance PoS applications' decentralization and fairness. In this comment paper, we address...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•5 views

Semantic-Aware Contrastive Fine-Tuning: Boosting Multimodal Malware Classification with Discriminative Embeddings

The rapid evolution of malware variants requires robust classification methods to enhance cybersecurity. While Large Language Models LLMs offer potential for generating malware descriptions to aid family classification, their utility is limited by semantic embedding overlaps and misalignment with...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•7 views

STCL: Curriculum Learning Strategies for Deep Learning Image Steganography Models

Whitepaper called STCL: Curriculum Learning Strategies For Deep Learning Image Steganography Models...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

Quantum Autoencoder for Multivariate Time Series Anomaly Detection

Anomaly Detection AD defines the task of identifying observations or events that deviate from typical - or normal - patterns, a critical capability in IT security for recognizing incidents such as system misconfigurations, malware infections, or cyberattacks. In enterprise environments like SAP...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

Cluster-Aware Attacks on Graph Watermarks

Data from domains such as social networks, healthcare, finance, and cybersecurity can be represented as graph-structured information. Given the sensitive nature of this data and their frequent distribution among collaborators, ensuring secure and attributable sharing is essential. Graph...

6.8AI score
Exploits0
Total number of security vulnerabilities6864