Lucene search
K
PacketstormnewsRecent

6803 matches found

Packet Storm News
Packet Storm News
•added 2026/05/20 12:0 a.m.•12 views

GenAI-Driven Threat Detection with Microsoft Security Copilot

Defending against today's increasingly sophisticated cyberattacks requires security analysts to continuously translate evolving attacker tradecraft into detection logic. This places defenders in a reactive posture, requiring constantly updated expertise across an increasingly fragmented security...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/20 12:0 a.m.•28 views

FreeBSD Security Advisory - FreeBSD-SA-26:23.bsdinstall

FreeBSD Security Advisory - When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not...

7.5CVSS5.9AI score0.00305EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/20 12:0 a.m.•17 views

Domijn: The Security of Domain Registrars and the Risk of a Domain Name Takeover

Domain names are key assets for organisation. They anchor an organisation's online presence and reputation, and serve as linking pin for web services and, e.g., email. Consequently, a malicious takeover of a domain can lead to significant damages. Organisations register domain names through...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/20 12:0 a.m.•13 views

FreeBSD Security Advisory - FreeBSD-SA-26:20.fusefs

FreeBSD Security Advisory - When a fusefs file system implements extended attributes, the kernel may send a FUSELISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated...

5.5CVSS5.9AI score0.00284EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•32 views

XAI FL-IDS: A Federated Learning and SHAP-Based Explainable Framework for Distributed Intrusion Detection Systems

An Intrusion Detection System IDS is vital in cybersecurity, detecting unauthorized activity across networks. With attacks on network layers increasing, stronger IDSs are needed. Yet most IDSs rely on centralized detection, forcing IoT nodes to ship data to a server, adding overhead and offering ...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•11 views

Loaded Dice: Solving the Non-Selection Problem for Scalable Probabilistic RowHammer Defense

DRAM scaling has exacerbated the RowHammer vulnerability. To counter this, JEDEC recently introduced Per Row Activation Counting PRAC with the Alert Back-Off protocol as an optional DDR5 feature. While promising, PRAC requires per-row counter cells that incur area overhead, and updating them on...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•32 views

Suricata IDPE 8.0.5

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and...

5.8AI score0.02219EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•13 views

A Hybrid Cluster-Based Classification Model for Anomaly Detection in Unbalanced IoT Networks

Detecting anomalies in Internet of Things IoT networks is a critical security challenge, often hampered by highly imbalanced and diverse network traffic datasets. Standard classifiers struggle to perform well across all traffic types. This paper proposes a hybrid detection model to address this...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•12 views

SCARA: A Semantics-Constrained Autonomous Remediation Agent for Opaque Industrial Software Vulnerabilities

Critical-infrastructure operators are increasingly expected to assess and remediate vulnerabilities in deployed industrial software. However, much of this software exists as opaque industrial software OIS, including stripped firmware, proprietary protocol handlers, and compiled control logic...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•9 views

Awakening the Hydra: Stabilizing Multi-Concept Backdoor Injection in Text-To-Image Diffusion Models

Text-to-image diffusion models are increasingly developed through open-source reuse and repeated downstream fine-tuning, where reused checkpoints are difficult to verify and thus more susceptible to hidden backdoor behaviors. In such ecosystems, a single pretrained model may be sequentially adapt...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•10 views

DASM: Domain-Aware Sharpness Minimization for Multi-Domain Voice Stream Steganalysis

The growing use of information hiding in network streaming media for covert communication poses a significant security threat, necessitating the development of robust detection technologies. However, existing steganalysis methods for network voice streams mostly rely on data distributions in...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•12 views

Detecting Data Exfiltration through I2P Anonymity Networks: A Two-Phase Machine Learning Approach

The Invisible Internet Project I2P provides strong anonymity through garlic routing and distributed network architecture, making it attractive for legitimate privacy needs. Nevertheless, the same properties can be exploited by malicious actors to steal sensitive information from corporate network...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•14 views

Taking Cryptography out of the Data Path Via Near-Memory Processing in DRAM

Cryptographic algorithms such as AES-128 and SHA-256 are fundamental to ensuring data security and integrity. Although these algorithms are computationally efficient, their performance is often constrained by the processor-centric architectures e.g., CPUs, GPUs, primarily due to the memory...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•22 views

Hunting Vulnerability Variants in AI Infra: Measurement and Reference-Driven Detection

AI infra has become a shared execution layer for model training, deployment, and agent orchestration. Because many projects reimplement similar model-centric workflows, a vulnerability disclosed in one repository can recur as a variant in another repository with a related design. Yet the prevalen...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•20 views

Joern 4.0.542

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•14 views

Set Shaping Theory As a Complementary Payload-Shaping Layer for Steganography

This paper studies the use of Set Shaping Theory SST as a reversible payload-shaping layer for least significant bit LSB image steganography. The proposal is not intended to replace existing steganographic methods or to compete with them as a new embedding scheme. Instead, SST is positioned as a...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•15 views

Impacket 0.13.1

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and, for some protocols e.g. SMB1-3 and MSRPC, the protocol implementation itself. Packets can be constructed from scratch, as well as parse...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•10 views

Fifty Shades of Darknet

The Invisible Internet Project I2P is a peer-to-peer anonymous overlay network whose architecture includes a structurally distinct sublayer not characterized in existing security literature. We term this sublayer the Exclusive Network: nodes here host operational services and draw on I2P's routin...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•16 views

Refusal Evaluation in Coding LLMs and Code Agents: A Systematic Review of Thirteen Malicious-Code Prompt Corpora (2023-2025)

The evaluation of large language model refusal on malicious-coding tasks now spans at least thirteen publicly released prompt corpora AdvBench, the CyberSecEval family, RMCBench, RedCode, MCGMark, JailbreakBench, CySecBench, MalwareBench, CIRCLE, MOCHA, ASTRA, Scam2Prompt / Innoc2Scam-bench, and...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/19 12:0 a.m.•13 views

SAGE: Scalable Automatic Gating Ensemble for Confident Negative Harvesting in Fraud Detection

Music streaming fraud, where bad actors artificially inflate stream counts to manipulate chart rankings and royalty payments, poses a significant threat to streaming services and legitimate content creators. Traditional fraud detection approaches struggle with a critical challenge: many legitimat...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•22 views

Apple Security Advisory 05-11-2026-11

Apple Security Advisory 05-11-2026-11 - visionOS 26.5 addresses buffer overflow, bypass, denial of service, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

8.8CVSS6.9AI score0.01385EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•16 views

Apple Security Advisory 05-11-2026-10

Apple Security Advisory 05-11-2026-10 - watchOS 26.5 addresses buffer overflow, bypass, denial of service, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

8.8CVSS6.9AI score0.01385EPSS
Exploits5
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•49 views

Apple Security Advisory 05-11-2026-1

Apple Security Advisory 05-11-2026-1 - iOS 26.5 and iPadOS 26.5 addresses buffer overflow, bypass, denial of service, information leakage, null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

8.8CVSS6.9AI score0.01385EPSS
Exploits5
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•11 views

Apple Security Advisory 05-11-2026-3

Apple Security Advisory 05-11-2026-3 - iPadOS 17.7.11 addresses a failed deletion issue...

6.2CVSS6AI score0.0288EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•13 views

Joern 4.0.540

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•13 views

Edupage Cross Site Request Forgery / Spoofing

Non-sanitised submission of malicious SVG files on the Edupage portal in combination with cross site request forgery attacks allows the triggering various actions on behalf of other users, e.g. identity spoofing, sending fake messages, giving fake approvals, etc...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•13 views

Flawfinder 2.0.20

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•11 views

Federated Naive Bayes with Real Mixture of Gaussians and Institutional Governance Regularization for Network Intrusion Detection

Federated learning for intrusion detection rests on a flawed premise: that every participating institution contributes equally to the shared model. In practice, a financial institution with mature security controls and low vulnerability exposure produces fundamentally different data than a...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•50 views

Apple Security Advisory 05-13-2026-1

Apple Security Advisory 05-13-2026-1 - Safari 26.5 addresses use-after-free vulnerabilities...

8.8CVSS7.1AI score0.00693EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•30 views

Backdooring Masked Diffusion Language Models

Masked diffusion language models MDLMs are emerging as a compelling new paradigm for text generation, but their training-time security remains largely unexplored. Existing backdoor attacks on Gaussian diffusion models or autoregressive language models do not directly apply to MDLMs because MDLMs...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•14 views

Three Heads Are Better Than One: A Multi-Perspective Reasoning Framework for Enhanced Vulnerability Detection

Automated vulnerability detection is crucial for enhancing software security by identifying potential flaws that attackers could exploit, thereby reducing the reliance on labor-intensive manual code audits. Recent advancements have shifted towards leveraging large language models LLMs for...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•12 views

OX Dovecot Pro / CE Improper Handling / Denial of Service / Bypass

OX Dovecot Pro and Ox Dovecot CE suffer from bypass, denial of service, and insecure handling vulnerabilities. Versions affected vary based on the issue...

9.1CVSS5.8AI score0.00454EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•11 views

Edupage Information Disclosure

Both authenticated and publicly accessible anonymous guest accounts on Edupage portal allow an attacker to capture the complete list of user IDs, names students, parents, and teachers, and the associated banking details IBAN codes...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•25 views

Bridging the Cybersecurity Gap between Web2 and Web3 - an Incident-Based Analysis of Organizational and Application-Level Security Failures

The rapid adoption of Web3 infrastructures has led to a growing number of security incidents affecting cryptocurrency exchanges, custody services and blockchain-based platforms. While existing research predominantly focuses on vulnerabilities in smart contracts and blockchain protocols, a...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•12 views

Apple Security Advisory 05-11-2026-9

Apple Security Advisory 05-11-2026-9 - tvOS 26.5 addresses buffer overflow, denial of service, information leakage, null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities...

8.8CVSS6.9AI score0.01385EPSS
Exploits5
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•10 views

Devilray: A Systematic Adversarial Model Revealing Blind Spots in Fake Base Station Detection

Fake Base Station FBS detection has been a critical focus of cellular security research for over two decades. However, significant financial and regulatory barriers to accessing commercial FBS C-FBS devices have limited direct visibility into real-world operations, forcing detection systems to be...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•25 views

Apple Security Advisory 05-11-2026-5

Apple Security Advisory 05-11-2026-5 - iOS 15.8.8 and iPadOS 15.8.8 addresses a failed deletion issue...

6.2CVSS6AI score0.0288EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•28 views

Babel: Jailbreaking Safety Attention Via Obfuscation Distribution Optimized Sampling

Despite rigorous safety alignment, Large Language Models LLMs remain vulnerable to jailbreak attacks. Existing black-box methods often rely on heuristic templates or exhaustive trials, lacking mechanistic interpretability and query efficiency. In this study, we investigate an intrinsic...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•13 views

nimrm 1.2.0

nimrm is a native WinRM interactive shell client written in Nim. It's designed to be a compact and fast tool for system administration and authorized security testing. Key features include NTLM and Kerberos authentication, in-memory operations, file transfers, OPSEC awareness, and cross platform...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•18 views

Learning to Look Benign: Targeted Evasion of Malware Detectors Via API Import Injection

Machine learning-based malware detectors are widely deployed in antivirus and endpoint detection systems, yet their reliance on static features makes them vulnerable to adversarial manipulation. This paper investigates whether a malware sample can be intentionally misclassified as a specific beni...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•15 views

Apple Security Advisory 05-11-2026-4

Apple Security Advisory 05-11-2026-4 - iOS 16.7.16 and iPadOS 16.7.16 addresses a failed deletion issue...

6.2CVSS6AI score0.0288EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•11 views

A No-Defense Defense against Gradient-Based Adversarial Attacks on ML-NIDS: Is Less More?

Gradient-based adversarial attacks subtly manipulate inputs of Machine Learning ML models to induce incorrect predictions. This paper investigates whether careful architectural choices alone can yield an inherently robust Deep Neural Network DNN-based Network Intrusion Detection Systems NIDS,...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•20 views

Be Kind, Rewrite: Benign Projections Via Rewriting Defend against LLM Data Poisoning Attacks

Large language models LLMs are highly susceptible to backdoor attacks BAs, wherein training samples are poisoned using trigger-based harmful content. Furthermore, existing defenses have proven ineffective when extensively tested across BA patterns. To better combat BAs, we explore the use of LLM...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•12 views

Botan C++ Crypto Algorithms Library 3.12.0

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...

5.8AI score0.00324EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•12 views

From Detection to Response: A Deep Learning and Retrieval-Augmented Generation Framework for Network Intrusion Mitigation

Machine-learning-based Intrusion Detection Systems IDS have achieved impressive accuracy in classifying network attacks, yet they consistently fall short on the question that matters most to a security analyst: what should I do next? This paper presents a unified, end-to-end framework that closes...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•12 views

Apple Security Advisory 05-11-2026-8

Apple Security Advisory 05-11-2026-8 - macOS Sonoma 14.8.7 addresses buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds write, and use-after-free vulnerabilities...

8.8CVSS6AI score0.07112EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•12 views

Agent Security Is a Systems Problem

We take the position that agent security must be approached as a systems problem: the AI model powering the agent must be treated as an untrusted component, and security invariants must be enforced at the system level. Through this lens, efforts to increase model robustness the dominant viewpoint...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•11 views

Hallucination As Exploit: Evidence-Carrying Multimodal Agents

Multimodal agents use screenshots, documents, and webpages to choose tool calls. When a false visual claim triggers a click, email, extraction, or transfer, hallucination becomes an authorization failure rather than an answer-quality error. We formalize this failure mode as hallucination-to-actio...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•15 views

Not What You Asked For: Typographic Attacks in Household Robot Manipulation

Open-vocabulary embodied AI agents increasingly rely on vision-language models such as CLIP for object perception and task grounding. However, the shared embedding space that enables this flexibility introduces a structural vulnerability to typographic attacks, where printed text in a physical...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/18 12:0 a.m.•13 views

Apple Security Advisory 05-11-2026-2

Apple Security Advisory 05-11-2026-2 - iOS 18.7.9 and iPadOS 18.7.9 addresses buffer overflow, bypass, code execution, denial of service, information leakage, integer overflow, out of bounds write, resource exhaustion, and use-after-free vulnerabilities...

8.8CVSS6.9AI score0.07112EPSS
Exploits2
Total number of security vulnerabilities6803