Lucene search
K
PacketstormnewsRecent

6803 matches found

Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•13 views

LangChain Core 1.3.2 / 0.3.84 Tracer Deserialization / Credential Disclosure

LangChain Core has a tracer deserialization vulnerability that could allow unauthenticated remote credential exfiltration in affected deployments. Versions 1.3.2 and 0.3.84 are affected...

5.8AI score0.00406EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•14 views

OverrideFuzz: Semantic-Aware Grammar Fuzzing for Script-Runtime Vulnerabilities

Script-language runtimes such as Python, Lua, and JavaScript are widely deployed in security sensitive contexts, yet they remain difficult to test because valid inputs must satisfy syntax, dynamic type constraints, and object-level semantics. Existing grammar and reflection-based fuzzers improve...

6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•13 views

Windows/x86 (XP SP3) (English) calc.exe Shellcode

15 bytes small Windows/x86 XP SP3 English calc.exe shellcode...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•12 views

Comment and Control: Hijacking Agentic Workflows Via Context-Grounded Evolution

Automation platforms such as GitHub Actions and n8n are increasingly adopting so-called agentic workflows, which integrate Large Language Model LLM agents for tasks such as code review and data synchronization. While bringing convenience for developers, this integration exposes a new risk: An...

6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•13 views

Guaranteed Jailbreaking Defense Via Disrupt-And-Rectify Smoothing

This paper proposes a guaranteed defense method for large language models LLMs to safeguard against jailbreaking attacks. Drawing inspiration from the denoised-smoothing approach in the adversarial defense domain, we propose a novel smoothing-based defense method, termed Disrupt-and-Rectify...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•20 views

Context-Aware Spear Phishing: Generative AI-Enabled Attacks against Individuals Via Public Social Media Data

We demonstrate how publicly available social-media data and generative AI GenAI can be misused to automate and scale highly personalized, context-aware spear-phishing campaigns. With minimal attacker effort, a small amount of public activity per target is sufficient for GenAI models to extract...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•16 views

Can You Keep a Secret? Involuntary Information Leakage in Language Model Writing

Language models are deployed in settings that require compartmentalization: system prompts should not be disclosed, chain-of-thought reasoning is hidden from users, and sensitive data passes through shared contexts. We test whether models can keep prompted information out of their writing. We giv...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•82 views

Under the Hood of SKILL.Md: Semantic Supply-Chain Attacks on AI Agent Skill Registry

Autonomous AI agents increasingly extend their capabilities through Agent Skills: modular filesystem packages whose SKILL.md files describe when and how agents should use them. While this design enables scalable, on-demand capability expansion, it also introduces a semantic supply-chain risk in...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•22 views

xpath 1.0.0

xpath is a multi-technique XPath injection scanner written entirely in Nim with no external dependencies. It's a single static binary that handles error-based, boolean blind, time-based blind, union injection, and authentication bypass detection, plus data extraction once injection is confirmed. ...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•12 views

Windows Registry Privilege Escalation Scanner / Audit Tool

This PowerShell script is a defensive security auditing tool designed to inspect Windows registry areas commonly associated with privilege escalation EoP techniques and system misconfigurations...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•9 views

Janus: Compiler-Based Defense against Transient Execution Attacks Using ARM Hardware Primitives

We present Janus, a compiler-based security framework that mitigates transient execution attacks like Spectre and control-flow hijacking on ARM64 platforms. Janus integrates speculative execution and control flow dependencies with PA modifiers, using PA and BTI microarchitectural features to...

6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•12 views

Adversarial SQL Injection Generation with LLM-Based Architectures

SQL injection SQLi attacks are still one of the serious attacks ranked in the Open Worldwide Application Security Project OWASP Top 10 threats. Today, with advances in Artificial Intelligence AI, especially in Large Language Models LLMs, an opportunity has been created for automating adversarial...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•14 views

Cybercrime and Prevention: Colonel Blotto in Social Engineering

Cybercriminals increasingly target the human factor rather than continuously advancing technological defense mechanisms. Consequently, institutions that allocate substantial resources to strengthening their cybersecurity infrastructure may remain vulnerable if a deceived employee voluntarily...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•11 views

A Systematic Security Testing Approach for InterUSS-Based Environments

Unmanned Traffic Management UTM federated ecosystems, such as InterUSS, enable secure coordination among UAS Service Suppliers USSs. However, they bring up some security challenges at the infrastructure level that haven't been fully explored. This paper presents a security testing approach for...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•11 views

When Prompts Become Payloads: A Framework for Mitigating SQL Injection Attacks in Large Language Model-Driven Applications

Natural language interfaces to structured databases are becoming increasingly common, largely due to advances in large language models LLMs that enable users to query data using conversational input rather than formal query languages such as SQL. While this paradigm significantly improves usabili...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•11 views

LITMUS: Benchmarking Behavioral Jailbreaks of LLM Agents in Real OS Environments

The rapid proliferation of LLM-based autonomous agents in real operating system environments introduces a new category of safety risk beyond content safety: behavior jailbreak, where an adversary induces an agent to execute dangerous OS-level operations with irreversible consequences. Existing...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•15 views

Windows Registry Security Audit Scanner

This C++ program is a Windows Registry Security Scanner designed for defensive auditing. It checks the presence and status of critical system registry keys such as LSA, Windows Defender, Winlogon, and system policy configurations. It also inspects user accessibility-related registry paths under...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•14 views

OSK ATBroker Registry Security Scanner

This program is a defensive Windows security scanner designed to inspect registry locations related to On-Screen Keyboard osk.exe and Accessibility/ATBroker configuration, which are sometimes abused in privilege escalation or persistence attacks...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•12 views

MARGIN: Margin-Aware Regularized Geometry for Imbalanced Vulnerability Detection

Software vulnerability detection is critical for ensuring software security and reliability. Despite recent advances in deep learning, real-world vulnerability datasets suffer from two severe challenges: frequency imbalance and difficulty imbalance. We reinterpret these challenges from an embeddi...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•9 views

Can a Single Message Paralyze the AI Infrastructure? the Rise of AbO-DDoS Attacks through Targeted Mobius Injection

Large Language Model LLM agents have emerged as key intermediaries, orchestrating complex interactions between human users and a wide range of digital services and LLM infrastructures. While prior research has extensively examined the security of LLMs and agents in isolation, the systemic risk of...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•11 views

Re-Triggering Safeguards within LLMs for Jailbreak Detection

This paper proposes a jailbreaking prompt detection method for large language models LLMs to defend against jailbreak attacks. Although recent LLMs are equipped with built-in safeguards, it remains possible to craft jailbreaking prompts that bypass them. We argue that such jailbreaking prompts ar...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•12 views

Agentic Fuzzing: Opportunities and Challenges

Fuzzers and static analyzers find many bugs but struggle with logic bugs in mature codebases. Triggering such a bug often requires multi-step reasoning that produces no distinctive execution feedback, and variants can appear across implementations too different for a single pattern to match. Rece...

6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•11 views

GhostLock: SMB Deny-Share Handles As a Zero-Privilege Availability Weapon

GhostLock demonstrates that a low-privileged Windows domain user with standard read access to an SMB share can produce ransomware-equivalent organizational availability impact with zero writes, zero encryption, and zero signals in every behavioral defense the modern enterprise security stack...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•13 views

Threat Modelling Using Domain-Adapted Language Models: Empirical Evaluation and Insights

Large Language ModelsLLMs are increasingly explored for cybersecurity applications such as vulnerability detection. In the domain of threat modelling, prior work has primarily evaluated a number of general-purpose Large Language Models under limited prompting settings. In this study, we extend th...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/11 12:0 a.m.•9 views

Key Encapsulation Mechanism-Based Integrated Encryption Scheme (KEM-IES)

The Elliptic Curve Integrated Encryption Scheme ECIES is widely regarded as a practical method and has been adopted by multiple standards. However, the advancement of quantum computing technologies poses potential security risks to ECIES. Therefore, this study proposes a Key Encapsulation...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/10 12:0 a.m.•18 views

Governing AI-Assisted Security Operations: A Design Science Framework for Operational Decision Support

Engineering managers increasingly must decide how to introduce generative artificial intelligence AI, retrieval-augmented generation, and coding agents into high-risk operational functions without weakening accountability, privacy, cost discipline, or auditability. The central message of this stu...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/10 12:0 a.m.•9 views

Skill Description Deception Attack against Task Routing in Internet of Agents

A new paradigm, Internet of Agents IoA, is transforming networked systems into LLM-driven service networks, where heterogeneous agents collaborate through task routing based on their self-declared skill descriptions. Although this promising paradigm enables agentic, distributed, and advanced...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/10 12:0 a.m.•9 views

Strategic Commitments Shape Collective Cybersecurity under AI Inequality

The growing integration of AI into cybersecurity is reshaping the balance between attackers and defenders. When access to advanced AI-enabled defence tools is uneven, resource-limited defenders may be unable to adopt effective protection, creating persistent system vulnerabilities. We study the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/10 12:0 a.m.•9 views

Operationalizing Cybersecurity Governance for Mitigation Planning with Attack-Path Modeling and Reinforcement Learning

We address a fundamental challenge in cybersecurity operations of translating governance frameworks into actionable mitigation decisions under realistic resource constraints. Frameworks such as the NIST Cybersecurity Framework CSF provide widely adopted measures of organizational maturity, but do...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/10 12:0 a.m.•10 views

Position: AI Security Policy Should Target Systems, Not Models

We present swarm-attack, an open-source adversarial testing framework in which multiple lightweight LLM agents coordinate through shared memory, parallel exploration, and evolutionary optimization. Together, our results demonstrate that both safety bypass of frontier models and software...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/10 12:0 a.m.•13 views

Oracle Poisoning: Corrupting Knowledge Graphs to Weaponise AI Agent Reasoning

We define Oracle Poisoning, an attack class in which an adversary corrupts a structured knowledge graph that AI agents query at runtime via tool-use protocols, causing incorrect conclusions through correct reasoning. Unlike prompt injection, Oracle Poisoning manipulates the data agents reason ove...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/10 12:0 a.m.•39 views

AgentShield: Deception-Based Compromise Detection for Tool-Using LLM Agents

Defenses against indirect prompt injection IPI in tool-using LLM agents share two structural weaknesses. First, they all attempt to prevent attacks rather than detect the compromises that slip through. Second, they have only been evaluated in English, leaving users of low-resource languages such ...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/10 12:0 a.m.•18 views

The Authorization-Execution Gap Is a Major Safety and Security Problem in Open-World Agents

This position paper argues that the Authorization-Execution Gap AEG is a major safety and security problem in open-world agents. The AEG is the divergence between what a principal intends to authorize and what an open-world agent ultimately executes. Because such agents act autonomously across...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/10 12:0 a.m.•35 views

Security Risks in Tool-Enabled AI Agents: A Systematic Analysis of Privileged Execution Environments

Tool-enabled AI agents are increasingly deployed in cloud-hosted environments and offered as services, where they perform side-effecting operations through privileged tools within execution environments. While such agents enable powerful automation, the security implications of hosting autonomous...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/10 12:0 a.m.•9 views

Trust Me, Import This: Dependency Steering Attacks Via Malicious Agent Skills

LLM-powered coding agents increasingly make software supply chain decisions. They generate imports, recommend packages, and write installation commands. Prior work showed that these systems can hallucinate non-existent package names, which attackers may register as malicious packages. In this...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/10 12:0 a.m.•8 views

MonitoringBench: Semi-Automated Red-Teaming for Agent Monitoring

We introduce a red-teaming methodology that exposes harder-to-catch attacks for coding-agent monitors, suggesting that current practices may under-elicit attacks and overstate monitor performance. We identify three challenges with current red-teaming. First, mode collapse in attack generation,...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/09 12:0 a.m.•20 views

AI Native Asset Intelligence

Modern security environments generate fragmented signals across cloud resources, identities, configurations, and third-party security tools. Although AI-native security assistants improve access to this data, they remain largely reactive: users must ask the right questions and interpret...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/09 12:0 a.m.•15 views

Enhancing Adversarial Robustness in Network Intrusion Detection: A Layer-Wise Adaptive Regularization Approach

The new wave of adversarial attacks that utilize gradient-related vulnerabilities in neural network-based classifiers makes Network Intrusion Detection Systems more open to such threats. Although state-of-the-art adversarial training methods have shown promising results in producing more robust...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/09 12:0 a.m.•27 views

MT-JailBench: A Modular Benchmark for Understanding Multi-Turn Jailbreak Attacks

Multi-turn jailbreaks exploit the ability of large language models to accumulate and act on conversational context. Instead of stating a harmful request directly, an attacker can gradually steer the conversation toward an unsafe answer. Recent methods demonstrate this risk, but they are usually...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/09 12:0 a.m.•18 views

Smart Contract Security beyond Detection

Smart contract security has progressed from vulnerability detection toward a broader research agenda that includes semantic reasoning, automated repair, adversarial robustness, and real-time exploit detection. This paper develops a capstone-oriented research narrative around four directions:...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/09 12:0 a.m.•10 views

AI-Accelerated Brute Force Cryptanalysis

Modern cryptography is hinged on "not learning from mistakes": trying numerous wrong keys, should not help one identify the right key. Indeed, it worked -- until recently when the surprising power of AI to see pattern in apparent randomness has turned the 'wrong plaintexts' generated by the 'wron...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/09 12:0 a.m.•12 views

The Art of the Jailbreak: Formulating Jailbreak Attacks for LLM Security beyond Binary Scoring

Jailbreak attacks -- adversarial prompts that bypass LLM alignment through purely linguistic manipulation -- pose a growing operational security threat, yet the field lacks large-scale, reproducible infrastructure for generating, categorizing, and evaluating them systematically. This paper...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/08 12:0 a.m.•13 views

Apache mod_http2 Double-Free Detector

This is a python script that assist with detecting whether or not a server is vulnerable to the Apache modhttp2 double-free vulnerability...

8.8CVSS6AI score0.4581EPSS
Exploits16
Packet Storm News
Packet Storm News
•added 2026/05/08 12:0 a.m.•44 views

Maestro 0.15.4

Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/08 12:0 a.m.•12 views

ingress-nginx Configuration Injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS6.3AI score0.06669EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2026/05/08 12:0 a.m.•15 views

OrchJail: Jailbreaking Tool-Calling Text-To-Image Agents by Orchestration-Guided Fuzzing

Tool-calling text-to-image T2I agents can plan and execute multi-step tool chains to accomplish complex generation and editing queries. However, this capability introduces a new safety attack surface: harmful outputs may arise from tool orchestration, where individually benign steps combine into...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/08 12:0 a.m.•11 views

AI-Driven Security Alert Screening and Alert Fatigue Mitigation in Security Operations Centers: A Comprehensive Survey

Security alert screening is the downstream task of filtering, prioritizing, correlating, and contextualizing alerts for analyst attention in Security Operations Centers. This survey reviews artificial-intelligence-driven alert screening and alert-fatigue mitigation from 2015 to 2026. We synthesiz...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/08 12:0 a.m.•31 views

SecureForge: Finding and Preventing Vulnerabilities in LLM-Generated Code Via Prompt Optimization

LLM coding agents now generate code at an unprecedented scale, yet LLM-generated code introduces cybersecurity vulnerabilities into codebases without human involvement. Even when frontier models are explicitly asked to write secure production code with relevant weaknesses to avoid in context, we...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/08 12:0 a.m.•10 views

Joern 4.0.536

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/05/08 12:0 a.m.•15 views

TOR Virtual Network Tunneling Tool 0.4.9.8

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

5.9AI score
Exploits0
Total number of security vulnerabilities6803