Lucene search
+L
PacketstormnewsRecent

6894 matches found

Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•13 views

The Dark Side of the Web: Towards Understanding Various Data Sources in Cyber Threat Intelligence

Cyber threats have become increasingly prevalent and sophisticated. Prior work has extracted actionable cyber threat intelligence CTI, such as indicators of compromise, tactics, techniques, and procedures TTPs, or threat feeds from various sources: open source data e.g., social networks, internal...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•4 views

Steering the CensorShip: Uncovering Representation Vectors for LLM "Thought" Control

Large language models LLMs have transformed the way we access information. These models are often tuned to refuse to comply with requests that are considered harmful and to produce responses that better align with the preferences of those who control the models. To understand how this "censorship...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•16 views

T2VShield: Model-Agnostic Jailbreak Defense for Text-To-Video Models

The rapid development of generative artificial intelligence has made text to video models essential for building future multimodal world simulators. However, these models remain vulnerable to jailbreak attacks, where specially crafted prompts bypass safety mechanisms and lead to the generation of...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/26 12:0 a.m.•6 views

A Study on Mixup-Inspired Augmentation Methods for Software Vulnerability Detection

Various deep learning DL methods have recently been utilized to detect software vulnerabilities. Real-world software vulnerability datasets are rare and hard to acquire, as there is no simple metric for classifying vulnerability. Such datasets are heavily imbalanced, and none of the current...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

Heavy-Tailed Privacy: the Symmetric Alpha-Stable Privacy Mechanism

With the rapid growth of digital platforms, there is increasing apprehension about how personal data is collected, stored, and used by various entities. These concerns arise from the increasing frequency of data breaches, cyber-attacks, and misuse of personal information for targeted advertising...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

ECG Identity Authentication in Open-Set with Multi-Model Pretraining and Self-Constraint Center and Irrelevant Sample Repulsion Learning

Electrocardiogram ECG signal exhibits inherent uniqueness, making it a promising biometric modality for identity authentication. As a result, ECG authentication has gained increasing attention in recent years. However, most existing methods focus primarily on improving authentication accuracy...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

Adversarial Attacks on LLM-As-A-Judge Systems: Insights from Prompt Injections

LLM as judge systems used to assess text quality code correctness and argument strength are vulnerable to prompt injection attacks. We introduce a framework that separates content author attacks from system prompt attacks and evaluate five models Gemma 3.27B Gemma 3.4B Llama 3.2 3B GPT 4 and Clau...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•22 views

SoK: Timeline Based Event Reconstruction for Digital Forensics: Terminology, Methodology, and Current Challenges

Event reconstruction is a technique that examiners can use to attempt to infer past activities by analyzing digital artifacts. Despite its significance, the field suffers from fragmented research, with studies often focusing narrowly on aspects like timeline creation or tampering detection. This...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•8 views

Performance of Machine Learning Classifiers for Anomaly Detection in Cyber Security Applications

This work empirically evaluates machine learning models on two imbalanced public datasets KDDCUP99 and Credit Card Fraud 2013. The method includes data preparation, model training, and evaluation, using an 80/20 train/test split. Models tested include eXtreme Gradient Boosting XGB, Multi Layer...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•6 views

A Gradient-Optimized TSK Fuzzy Framework for Explainable Phishing Detection

Phishing attacks represent an increasingly sophisticated and pervasive threat to individuals and organizations, causing significant financial losses, identity theft, and severe damage to institutional reputations. Existing phishing detection methods often struggle to simultaneously achieve high...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•8 views

DeSIA: Attribute Inference Attacks against Limited Fixed Aggregate Statistics

Empirical inference attacks are a popular approach for evaluating the privacy risk of data release mechanisms in practice. While an active attack literature exists to evaluate machine learning models or synthetic data release, we currently lack comparable methods for fixed aggregate statistics, i...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

Faraday 5.13.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•4 views

Quantum Lifting for Invertible Permutations and Ideal Ciphers

In this work, we derive the first lifting theorems for establishing security in the quantum random permutation and ideal cipher models. These theorems relate the success probability of an arbitrary quantum adversary to that of a classical algorithm making only a small number of classical queries...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

LLMpatronous: Harnessing the Power of LLMs for Vulnerability Detection

Despite the transformative impact of Artificial Intelligence AI across various sectors, cyber security continues to rely on traditional static and dynamic analysis tools, hampered by high false positive rates and superficial code comprehension. While generative AI offers promising automation...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•6 views

TSCL:Multi-Party Loss Balancing Scheme for Deep Learning Image Steganography Based on Curriculum Learning

For deep learning-based image steganography frameworks, in order to ensure the invisibility and recoverability of the information embedding, the loss function usually contains several losses such as embedding loss, recovery loss and steganalysis loss. In previous research works, fixed loss weight...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•25 views

LightDSA: a Python-Based Hybrid Digital Signature Library and Performance Analysis of RSA, DSA, ECDSA and EdDSA in Variable Configurations, Elliptic Curve Forms and Curves

Digital signature algorithms DSAs are fundamental to cryptographic security, ensuring data integrity and authentication. While RSA, DSA, ECDSA, and EdDSA are widely used, their performance varies significantly depending on key sizes, hash functions, and elliptic curve configurations. In this pape...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•8 views

NoEsis: Differentially Private Knowledge Transfer in Modular LLM Adaptation

Large Language Models LLM are typically trained on vast amounts of data from various sources. Even when designed modularly e.g., Mixture-of-Experts, LLMs can leak privacy on their sources. Conversely, training such models in isolation arguably prohibits generalization. To this end, we propose a...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•21 views

ThreMoLIA: Threat Modeling of Large Language Model-Integrated Applications

Large Language Models LLMs are currently being integrated into industrial software applications to help users perform more complex tasks in less time. However, these LLM-Integrated Applications LIA expand the attack surface and introduce new kinds of threats. Threat modeling is commonly used to...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•8 views

issabel-pbx 4.0.0-6 Cross Site Request Forgery

issabel-pbx version 4.0.0-6 proof of concept cross site request forgery exploit that creates a new user...

6.8CVSS6.4AI score0.00659EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•15 views

Bandit on the Hunt: Dynamic Crawling for Cyber Threat Intelligence

Public information contains valuable Cyber Threat Intelligence CTI that is used to prevent future attacks. While standards exist for sharing this information, much appears in non-standardized news articles or blogs. Monitoring online sources for threats is time-consuming and source selection is...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

Revisiting Data Auditing in Large Vision-Language Models

With the surge of large language models LLMs, Large Vision-Language Models VLMs--which integrate vision encoders with LLMs for accurate visual grounding--have shown great potential in tasks like generalist agents and robotic control. However, VLMs are typically trained on massive web-scraped...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•7 views

PICO: Secure Transformers Via Robust Prompt Isolation and Cybersecurity Oversight

We propose a robust transformer architecture designed to prevent prompt injection attacks and ensure secure, reliable response generation. Our PICO Prompt Isolation and Cybersecurity Oversight framework structurally separates trusted system instructions from untrusted user inputs through dual...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/25 12:0 a.m.•98 views

Automating Function-Level TARA for Automotive Full-Lifecycle Security

As modern vehicles evolve into intelligent and connected systems, their growing complexity introduces significant cybersecurity risks. Threat Analysis and Risk Assessment TARA has therefore become essential for managing these risks under mandatory regulations. However, existing TARA automation...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•7 views

Biting the CHERI Bullet: Blockers, Enablers and Security Implications of CHERI in Defence

There is growing interest in securing the hardware foundations software stacks build upon. However, before making any investment decision, software and hardware supply chain stakeholders require evidence from realistic, multiple long-term studies of adoption. We present results from a 12 month...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•4 views

User Profiles: the Achilles' Heel of Web Browsers

Web browsers provide the security foundation for our online experiences. Significant research has been done into the security of browsers themselves, but relatively little investigation has been done into how they interact with the operating system or the file system. In this work, we provide the...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•5 views

Semantic-Aware Contrastive Fine-Tuning: Boosting Multimodal Malware Classification with Discriminative Embeddings

The rapid evolution of malware variants requires robust classification methods to enhance cybersecurity. While Large Language Models LLMs offer potential for generating malware descriptions to aid family classification, their utility is limited by semantic embedding overlaps and misalignment with...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•7 views

STCL: Curriculum Learning Strategies for Deep Learning Image Steganography Models

Whitepaper called STCL: Curriculum Learning Strategies For Deep Learning Image Steganography Models...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

Quantum Autoencoder for Multivariate Time Series Anomaly Detection

Anomaly Detection AD defines the task of identifying observations or events that deviate from typical - or normal - patterns, a critical capability in IT security for recognizing incidents such as system misconfigurations, malware infections, or cyberattacks. In enterprise environments like SAP...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

Cluster-Aware Attacks on Graph Watermarks

Data from domains such as social networks, healthcare, finance, and cybersecurity can be represented as graph-structured information. Given the sensitive nature of this data and their frequent distribution among collaborators, ensuring secure and attributable sharing is essential. Graph...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

Bighuge BLS OSINT Tool 2.1.0 Local Privilege Escalation

Bighuge BLS OSINT Tool BBOT version 2.1.0 is susceptible to a local privilege escalation issue when a malicious module is used. Proof of concept module included...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

AI-Based Vulnerability Analysis of NFT Smart Contracts

With the rapid growth of the NFT market, the security of smart contracts has become crucial. However, existing AI-based detection models for NFT contract vulnerabilities remain limited due to their complexity, while traditional manual methods are time-consuming and costly. This study proposes an...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•4 views

Near-Term Pseudorandom and Pseudoresource Quantum States

Whitepaper called Near-Term Pseudorandom And Pseudoresource Quantum States...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•4 views

Avoiding Leakage Poisoning: Concept Interventions under Distribution Shifts

In this paper, we investigate how concept-based models CMs respond to out-of-distribution OOD inputs. CMs are interpretable neural architectures that first predict a set of high-level concepts e.g., stripes, black and then predict a task label from those concepts. In particular, we study the impa...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

Silenzio: Secure Non-Interactive Outsourced MLP Training

Outsourcing the ML training to cloud providers presents a compelling opportunity for resource constrained clients, while it simultaneously bears inherent privacy risks, especially for highly sensitive training data. We introduce Silenzio, the first fully non-interactive outsourcing scheme for the...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•8 views

Evaluating the Vulnerability of ML-Based Ethereum Phishing Detectors to Single-Feature Adversarial Perturbations

This paper explores the vulnerability of machine learning models to simple single-feature adversarial attacks in the context of Ethereum fraudulent transaction detection. Through comprehensive experimentation, we investigate the impact of various adversarial attack strategies on model performance...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•7 views

Secured Encryption Scheme Based on the Ree Groups

An improved design of a cryptosystem based on small Ree groups is proposed. We have changed the encryption algorithm and propose to use a logarithmic signature for the entire Ree group. This approach improves security against sequential key recovery attacks. Hence, the complexity of the key...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•8 views

A Comment on "E-PoS: Making PoS Decentralized and Fair"

Proof-of-Stake PoS is a prominent Sybil control mechanism for blockchain-based systems. In "e-PoS: Making PoS Decentralized and Fair," Saad et al. TPDS'21 introduced a new Proof-of-Stake protocol, e-PoS, to enhance PoS applications' decentralization and fairness. In this comment paper, we address...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

Apple Security Advisory 04-16-2025-1

Apple Security Advisory 04-16-2025-1 - iOS 18.4.1 and iPadOS 18.4.1 addresses bypass and code execution vulnerabilities...

7.5CVSS7.6AI score0.21922EPSS
Exploits6
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•7 views

Gladinet CentreStack 16.1.10296.56315 Remote Code Execution

Proof of concept exploit for Gladinet CentreStack versions up to 16.1.10296.56315. This software has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This issue is fixed in version 16.4.10315.56368...

9.8CVSS6.7AI score0.93842EPSS
Exploits6
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•7 views

Fishing for Phishers: Learning-Based Phishing Detection in Ethereum Transactions

Phishing detection on Ethereum has increasingly leveraged advanced machine learning techniques to identify fraudulent transactions. However, limited attention has been given to understanding the effectiveness of feature selection strategies and the role of graph-based models in enhancing detectio...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•14 views

WordPress Verification SMS with TargetSMS 1.5 Remote Code Execution

WordPress Verification SMS with TargetSMS plugin versions 1.5 and below suffer from a logic flaw that allow for remote code execution...

8.3CVSS8.1AI score0.00804EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

Crypto-NcRNA: Non-Coding RNA (NcRNA) Based Encryption Algorithm

In the looming post-quantum era, traditional cryptographic systems are increasingly vulnerable to quantum computing attacks that can compromise their mathematical foundations. To address this critical challenge, we propose crypto-ncRNA-a bio-convergent cryptographic framework that leverages the...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

"Shifting Access Control Left" Using Asset and Goal Models

Access control needs have broad design implications, but access control specifications may be elicited before, during, or after these needs are captured. Because access control knowledge is distributed, we need to make knowledge asymmetries more transparent, and use expertise already available to...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•3 views

Apple Security Advisory 04-16-2025-4

Apple Security Advisory 04-16-2025-4 - visionOS 2.4.1 addresses bypass and code execution vulnerabilities...

7.5CVSS7.7AI score0.21922EPSS
Exploits6
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

Contrastive Learning for Continuous Touch-Based Authentication

Smart mobile devices have become indispensable in modern daily life, where sensitive information is frequently processed, stored, and transmitted-posing critical demands for robust security controls. Given that touchscreens are the primary medium for human-device interaction, continuous user...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

Optimized Approaches to Malware Detection: a Study of Machine Learning and Deep Learning Techniques

Digital systems find it challenging to keep up with cybersecurity threats. The daily emergence of more than 560,000 new malware strains poses significant hazards to the digital ecosystem. The traditional malware detection methods fail to operate properly and yield high false positive rates with l...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•8 views

From Randomized Response to Randomized Index: Answering Subset Counting Queries with Local Differential Privacy

Local Differential Privacy LDP is the predominant privacy model for safeguarding individual data privacy. Existing perturbation mechanisms typically require perturbing the original values to ensure acceptable privacy, which inevitably results in value distortion and utility deterioration. In this...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•7 views

Apple Security Advisory 04-16-2025-3

Apple Security Advisory 04-16-2025-3 - tvOS 18.4.1 addresses bypass and code execution vulnerabilities...

7.5CVSS7.7AI score0.21922EPSS
Exploits6
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•7 views

Apple Security Advisory 04-16-2025-2

Apple Security Advisory 04-16-2025-2 - macOS Sequoia 15.4.1 addresses bypass and code execution vulnerabilities...

7.5CVSS7.6AI score0.21922EPSS
Exploits6
Packet Storm News
Packet Storm News
•added 2025/04/24 12:0 a.m.•6 views

Commvault Command Center Innovation Release 11.38 Remote Code Execution

Commvault Command Center Innovation Release version 11.38 proof of concept pre-authentication remote code execution exploit...

10CVSS8.2AI score0.97292EPSS
Exploits5
Total number of security vulnerabilities6894