Lucene search
K
PacketstormnewsRecent

6803 matches found

Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•4 views

RAID: an In-Training Defense against Attribute Inference Attacks in Recommender Systems

In various networks and mobile applications, users are highly susceptible to attribute inference attacks, with particularly prevalent occurrences in recommender systems. Attackers exploit partially exposed user profiles in recommendation models, such as user embeddings, to infer private attribute...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•10 views

How to Enhance Downstream Adversarial Robustness (Almost) without Touching the Pre-Trained Foundation Model?

With the rise of powerful foundation models, a pre-training-fine-tuning paradigm becomes increasingly popular these days: A foundation model is pre-trained using a huge amount of data from various sources, and then the downstream users only need to fine-tune and adapt it to specific downstream...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•4 views

X-Teaming: Multi-Turn Jailbreaks and Defenses with Adaptive Multi-Agents

Multi-turn interactions with language models LMs pose critical safety risks, as harmful intent can be strategically spread across exchanges. Yet, the vast majority of prior work has focused on single-turn safety, while adaptability and diversity remain among the key challenges of multi-turn...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•19 views

A Unified Hardware Accelerator for Fast Fourier Transform and Number Theoretic Transform

The Number Theoretic Transform NTT is an indispensable tool for computing efficient polynomial multiplications in post-quantum lattice-based cryptography. It has strong resemblance with the Fast Fourier Transform FFT, which is the most widely used algorithm in digital signal processing. In this...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•6 views

KubeFence: Security Hardening of the Kubernetes Attack Surface

Kubernetes K8s is widely used to orchestrate containerized applications, including critical services in domains such as finance, healthcare, and government. However, its extensive and feature-rich API interface exposes a broad attack surface, making K8s vulnerable to exploits of software...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•6 views

The Obvious Invisible Threat: LLM-Powered GUI Agents' Vulnerability to Fine-Print Injections

A Large Language Model LLM powered GUI agent is a specialized autonomous system that performs tasks on the user's behalf according to high-level instructions. It does so by perceiving and interpreting the graphical user interfaces GUIs of relevant apps, often visually, inferring necessary sequenc...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•5 views

Blockchain Application in Metaverse: a Review

In recent years, the term Metaverse emerged as one of the most compelling concepts, captivating the interest of international companies such as Tencent, ByteDance, Microsoft, and Facebook. These company recognized the Metaverse as a pivotal element for future success and have since made significa...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•6 views

Progent: Programmable Privilege Control for LLM Agents

LLM agents are an emerging form of AI systems where large language models LLMs serve as the central component, utilizing a diverse set of tools to complete user-assigned tasks. Despite their great potential, LLM agents pose significant security risks. When interacting with the external world, the...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•7 views

On-Device Watermarking: a Socio-Technical Imperative for Authenticity in the Age of Generative AI

As generative AI models produce increasingly realistic output, both academia and industry are focusing on the ability to detect whether an output was generated by an AI model or not. Many of the research efforts and policy discourse are centered around robust watermarking of AI outputs. While...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•7 views

MULTI-LF: a Unified Continuous Learning Framework for Real-Time DDoS Detection in Multi-Environment Networks

Detecting Distributed Denial of Service DDoS attacks in Multi-Environment M-En networks presents significant challenges due to diverse malicious traffic patterns and the evolving nature of cyber threats. Existing AI-based detection systems struggle to adapt to new attack strategies and lack...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•5 views

Improving Statistical Privacy by Subsampling

Differential privacy DP considers a scenario, where an adversary has almost complete information about the entries of a database This worst-case assumption is likely to overestimate the privacy thread for an individual in real life. Statistical privacy SP denotes a setting where only the...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•11 views

WordPress SoftClever Limited Sync Posts 1.0 Shell Upload

WordPress SoftClever Limited Sync Posts plugin version 1.0 suffers from a remote shell upload vulnerability...

9.9CVSS7.2AI score0.00634EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•7 views

Making Acoustic Side-Channel Attacks on Noisy Keyboards Viable with LLM-Assisted Spectrograms' "Typo" Correction

The large integration of microphones into devices increases the opportunities for Acoustic Side-Channel Attacks ASCAs, as these can be used to capture keystrokes' audio signals that might reveal sensitive information. However, the current State-Of-The-Art SOTA models for ASCAs, including...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/15 12:0 a.m.•11 views

Exploring Backdoor Attack and Defense for LLM-Empowered Recommendations

The fusion of Large Language Models LLMs with recommender systems RecSys has dramatically advanced personalized recommendations and drawn extensive attention. Despite the impressive progress, the safety of LLM-based RecSys against backdoor attacks remains largely under-explored. In this paper, we...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/14 12:0 a.m.•5 views

Can LLMs Handle WebShell Detection? Overcoming Detection Challenges with Behavioral Function-Aware Framework

WebShell attacks, in which malicious scripts are injected into web servers, are a major cybersecurity threat. Traditional machine learning and deep learning methods are hampered by issues such as the need for extensive training data, catastrophic forgetting, and poor generalization. Recently, Lar...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/14 12:0 a.m.•3 views

Encryption Scheme Based on Automorphism Group of Hermitian Function Field with Homomorphic Encryption

This article proposes a comprehensive approach to implementing encryption schemes based on the automorphism group of the Hermitian function field. We utilize a three-parameter group with logarithmic representations outside the group's center. In this work, we enhance the Hermitian function...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/14 12:0 a.m.•3 views

Designing AI-Enabled Countermeasures to Cognitive Warfare

Foreign information operations on social media platforms pose significant risks to democratic societies. With the rise of Artificial Intelligence AI, this threat is likely to intensify, potentially overwhelming human defenders. To achieve the necessary scale and tempo to defend against these...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/14 12:0 a.m.•6 views

The Voynich Codex Decoded: Statistical Symbolism and Scroll-Wide Logic

This paper introduces a structured decoding framework for the Voynich Manuscript, based on mathematical rhythm, symbolic transformation, and glyph-level recursion. Rather than interpret symbols phonetically, this method decodes them by structural roles and spatial pacing. Using scroll-wide...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/14 12:0 a.m.•4 views

OX App Suite Cross Site Scripting / Third Party Vulnerabilities

OX App Suite has addressed multiple cross site scripting vulnerabilities as well as third party vulnerabilities. Last affected versions include 7.10.6 with various revisions...

10CVSS6.8AI score0.04087EPSS
Exploits5
Packet Storm News
Packet Storm News
•added 2025/04/14 12:0 a.m.•11 views

WordPress SureTriggers All-in-One Automation Platform 1.0.78 Authentication Bypass

WordPress SureTriggers All-in-One Automation Platform plugin versions 1.0.78 and below suffer from an authentication bypass vulnerability that allows for privilege escalation...

8.1CVSS7.3AI score0.7568EPSS
Exploits8
Packet Storm News
Packet Storm News
•added 2025/04/14 12:0 a.m.•7 views

Superintelligence Strategy: Expert Version

Rapid advances in AI are beginning to reshape national security. Destabilizing AI developments could rupture the balance of power and raise the odds of great-power conflict, while widespread proliferation of capable AI hackers and virologists would lower barriers for rogue actors to cause...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/14 12:0 a.m.•5 views

Concept Enhancement Engineering: a Lightweight and Efficient Robust Defense against Jailbreak Attacks in Embodied AI

Embodied Intelligence EI systems integrated with large language models LLMs face significant security risks, particularly from jailbreak attacks that manipulate models into generating harmful outputs or executing unsafe physical actions. Traditional defense strategies, such as input filtering and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/14 12:0 a.m.•5 views

Overcoming Bottlenecks in Homomorphic Encryption for the 2024 Mexican Federal Election

On June 2, 2024, Mexico held its federal elections. The majority of Mexican citizens voted in person at the polls in this historic election. For the first time though, Mexican citizens living outside their country were able to vote online via a web app, either on a personal device or using an...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/14 12:0 a.m.•7 views

FlexiContracts: a Novel and Efficient Scheme for Upgrading Smart Contracts in Ethereum Blockchain

Blockchain technology has revolutionized contractual processes, enhancing efficiency and trust through smart contracts. Ethereum, as a pioneer in this domain, offers a platform for decentralized applications but is challenged by the immutability of smart contracts, which makes upgrades cumbersome...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/14 12:0 a.m.•7 views

Investigating Cybersecurity Incidents Using Large Language Models in Latest-Generation Wireless Networks

The purpose of research: Detection of cybersecurity incidents and analysis of decision support and assessment of the effectiveness of measures to counter information security threats based on modern generative models. The methods of research: Emulation of signal propagation data in MIMO systems,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/14 12:0 a.m.•5 views

Research on CNN-BiLSTM Network Traffic Anomaly Detection Model Based on MindSpore

With the widespread adoption of the Internet of Things IoT and Industrial IoT IIoT technologies, network architectures have become increasingly complex, and the volume of traffic has grown substantially. This evolution poses significant challenges to traditional security mechanisms, particularly ...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/11 12:0 a.m.•11 views

WordPress Processing Projects 1.0.2 Shell Upload

WordPress Processing Projects plugin versions 1.0.2 and below suffer from a remote shell upload vulnerability...

9.1CVSS7.2AI score0.00574EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/04/11 12:0 a.m.•8 views

Ivanti Connect Secure / Policy Secure / ZTA Gateways Remote Code Execution

Proof of concept exploit that demonstrates a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2...

9.8CVSS7.5AI score0.99979EPSS
Exploits8
Packet Storm News
Packet Storm News
•added 2025/04/10 12:0 a.m.•4 views

Centreon API 19.04 Bruteforcer

Centreon version 19.04 login password bruteforcing tool...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/10 12:0 a.m.•3 views

OpenSSH 10.0

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/10 12:0 a.m.•3 views

Wapiti Web Application Vulnerability Scanner 3.2.4

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/10 12:0 a.m.•10 views

WordPress Simple Dashboard 2.0 Privilege Escalation

WordPress Simple Dashboard plugin versions 2.0 and below suffer from an unauthenticated privilege escalation vulnerability...

9.8CVSS7.4AI score0.00609EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/04/10 12:0 a.m.•6 views

OpenSSH 10.0p1

OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/10 12:0 a.m.•4 views

The Riskiest Connected Devices of 2025

Since 2020, Forescout Research - Vedere Labs has been monitoring the riskiest devices in organizational networks, leveraging data sourced directly from the devices themselves. This marks their fifth report in six years...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/10 12:0 a.m.•4 views

Multi-Party Private Set Operations from Predicative Zero-Sharing

Typical protocols in the multi-party private set operations MPSO setting enable m 2 parties to perform certain secure computation on the intersection or union of their private sets, realizing a very limited range of MPSO functionalities. Most works in this field focus on just one or two specific...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/09 12:0 a.m.•4 views

CrushFTP 10 / 11 Authentication Bypass

This proof of concept will exploit the authentication bypass vulnerability in CrushFTP versions 10 before 10.8.4 and 11 before 11.3.1. It will create a new user account with administrative level permissions. It requires the username of an existing user as the target and the default is set to...

9.8CVSS7AI score0.99947EPSS
Exploits22
Packet Storm News
Packet Storm News
•added 2025/04/09 12:0 a.m.•6 views

FASTRPC_ATTR_KEEP_MAP Use-After-Free

A FASTRPCATTRKEEPMAP logic bug allows fastrpcinternalmunmapfd to concurrently free in-use mappings leading to a use-after-free condition...

6.7CVSS7AI score0.00138EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/08 12:0 a.m.•9 views

WordPress Bricks Builder 1.9.6 Remote Code Execution

WordPress Bricks Builder plugin versions 1.9.6 and below unauthenticated remote code execution exploit...

10CVSS8.3AI score0.88234EPSS
Exploits18
Packet Storm News
Packet Storm News
•added 2025/04/08 12:0 a.m.•7 views

WordPress Motors 1.4.64 Arbitrary Plugin Installation

WordPress Motors plugin versions 1.4.64 and below suffer from an arbitrary plugin installation vulnerability...

8.8CVSS7.1AI score0.00836EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/04/07 12:0 a.m.•9 views

Next.js Middleware 15.2.2 Authorization Bypass

Next.js Middleware authorization bypass proof of concept exploit. Versions affected include 13.0.0 through 13.5.8, 14.0.0 through 14.2.24, 15.0.0 through 15.2.2, and 11.1.4 through 12.3...

9.1CVSS7AI score0.99301EPSS
Exploits58
Packet Storm News
Packet Storm News
•added 2025/04/07 12:0 a.m.•8 views

AIDE 0.19

AIDE Advanced Intrusion Detection Environment is a free replacement for Tripwiretm. It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms ...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/07 12:0 a.m.•5 views

OpenSCAP Libraries 1.3.12

The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/04 12:0 a.m.•12 views

WordPress RomethemeKit for Elementor 1.5.4 Arbitrary Plugin Installation

WordPress RomethemeKit For Elementor plugin versions 1.5.4 and below suffer from an authenticated arbitrary plugin installation and activation vulnerability that can lead to remote code execution...

9.9CVSS8AI score0.01823EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/04/04 12:0 a.m.•5 views

Firefox xslt/txNodeSorter Out-Of-Bounds Access

An inconsistent comparator in xslt/txNodeSorter leads to out-of-bounds access in Firefox...

8.1CVSS8.8AI score0.00391EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•2 views

Apple Security Advisory 03-31-2025-6

Apple Security Advisory 03-31-2025-6 - iOS 15.8.4 and iPadOS 15.8.4 addresses an out of bounds write vulnerabilities...

8.8CVSS6.9AI score0.04371EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•4 views

Apple Security Advisory 03-31-2025-2

Apple Security Advisory 03-31-2025-2 - Xcode 16.3 addresses issues where a malicious app could access private information or overwrite arbitrary files...

5.5CVSS6.7AI score0.00248EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•2 views

Apple Security Advisory 03-31-2025-5

Apple Security Advisory 03-31-2025-5 - iOS 16.7.11 and iPadOS 16.7.11 addresses an out of bounds write vulnerability...

8.8CVSS6.7AI score0.04371EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•15 views

Apple Security Advisory 03-31-2025-4

Apple Security Advisory 03-31-2025-4 - iPadOS 17.7.6 addresses buffer overflow, out of bounds read, spoofing, and use-after-free vulnerabilities...

9.8CVSS7.2AI score0.18668EPSS
Exploits12
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•3 views

Apple Security Advisory 03-31-2025-9

Apple Security Advisory 03-31-2025-9 - macOS Ventura 13.7.5 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

9.8CVSS7.4AI score0.18668EPSS
Exploits11
Packet Storm News
Packet Storm News
•added 2025/04/03 12:0 a.m.•4 views

Apple Security Advisory 03-31-2025-11

Apple Security Advisory 03-31-2025-11 - visionOS 2.4 addresses buffer overflow, bypass, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...

9.8CVSS7.2AI score0.0197EPSS
Exploits4
Total number of security vulnerabilities6803