Lucene search
K
PacketstormnewsRecent

6803 matches found

Packet Storm News
Packet Storm News
•added 2026/04/25 12:0 a.m.•66 views

ARIstoteles -- Dissecting Apple's Baseband Interface

Wireless chips and interfaces expose a substantial remote attack surface. As of today, most cellular baseband security research is performed on the Android ecosystem, leaving a huge gap on Apple devices. With iOS jailbreaks, last-generation wireless chips become fairly accessible for performance...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•5 views

GNU Privacy Guard 2.5.19

GnuPG the GNU Privacy Guard or GPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As suc...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•10 views

The Security Cost of Intelligence: AI Capability, Cyber Risk, and Deployment Paradox

Firms are deploying more capable AI systems, but organizational controls often have not kept pace. These systems can generate greater productivity gains, but high-value uses require broader authority exposure -- data access, workflow integration, and delegated authority -- when governance control...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•6 views

Detecting Concept Drift in Evolving Malware Families Using Rule-Based Classifier Representations

This work proposes a structural approach to concept drift detection in malware classification using decision tree rulesets. Classifiers are trained across temporal windows on the EMBER2024 dataset, and drift is quantified by comparing extracted rule representations using feature importance,...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•8 views

Joern 4.0.527

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•7 views

Apple Silicon Vulnerability Research — A18 Pro (MacBook Neo)

This is systematic security research targeting Apple's A18 Pro chip MacBook Neo / Mac17,5, the first A-series SoC shipped in a Mac laptop. The MacBook Neo is used as an authorized Apple Security Research Device SRD and doubles as a high-visibility proxy for iPhone 16 Pro research, since A18 Pro i...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•8 views

Rosemary 1.0.4

Rosemary is a cross-platform transparent tunneling platform designed for network pivoting. Unlike traditional tools that rely on TUN/TAP interfaces or require per-application proxy configuration like proxychains, Rosemary intercepts traffic at the kernel level...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•8 views

listmonk Admin Authentication / Password Flow Security Assessment Module

This Metasploit auxiliary module is a web application security testing tool designed to evaluate authentication and password management logic in a Listmonk admin panel deployment...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•6 views

Self-Supervised Learning for Android Malware Detection on a Time-Stamped Dataset

Android malware detectors built with machine learning often suffer from temporal bias: models are trained and evaluated without respecting apps' actual release times, inflating accuracy and weakening real-world robustness. We address this by constructing a time-stamped dataset of benign and...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•7 views

Training a General Purpose Automated Red Teaming Model

Automated methods for red teaming LLMs are an important tool to identify LLM vulnerabilities that may not be covered in static benchmarks, allowing for more thorough probing. They can also adapt to each specific LLM to discover weaknesses unique to it. Most current automated red teaming methods a...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•5 views

Adversarial Co-Evolution of Malware and Detection Models: A Bilevel Optimization Perspective

Machine learning-based malware detectors are increasingly vulnerable to adversarial examples. Traditional defenses, such as one-shot adversarial training, often fail against adaptive attackers who use reinforcement learning to bypass detection. This paper proposes a robust defense framework based...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•9 views

NLTK Simple Random Input Fuzzer for Function Testing

This script is a basic fuzzing tool that generates random inputs strings containing letters, numbers, and special characters and feeds them into a target function to test its stability. It runs multiple iterations, monitors for exceptions or crashes, and counts how many errors occur during...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•11 views

Automation-Exploit: A Multi-Agent LLM Framework for Adaptive Offensive Security with Digital Twin-Based Risk-Mitigated Exploitation

The offensive security landscape is highly fragmented: enterprise platforms avoid memory-corruption vulnerabilities due to Denial of Service DoS risks, Automatic Exploit Generation AEG systems suffer from semantic blindness, and Large Language Model LLM agents face safety alignment filters and...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•60 views

MetInfo CMS 8.1 WeChat Module Vulnerability Detection Scanner

This Metasploit auxiliary module is a non-exploit vulnerability detection scanner designed to assess potential security weaknesses in the MetInfo CMS WeChat module, specifically related to weixinreply.class.php handling logic...

9.8CVSS5.2AI score0.39688EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2026/04/24 12:0 a.m.•16 views

Libgcrypt 1.12.2

Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers AES, DES, Blowfish, CAST5, Twofish, and Arcfour, hash algorithms MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192, MACs HMAC for all hash...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•7 views

CrossCommitVuln-Bench: A Dataset of Multi-Commit Python Vulnerabilities Invisible to Per-Commit Static Analysis

We present CrossCommitVuln-Bench, a curated benchmark of 15 real-world Python vulnerabilities CVEs in which the exploitable condition was introduced across multiple commits - each individually benign to per-commit static analysis - but collectively critical. We manually annotate each CVE with its...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•8 views

On the Challenges of Holistic Intrusion Detection in ICS

Past attacks against industrial control systems ICS show that adversaries often target both the ICS network and the physical process to achieve potential catastrophic impact. To secure ICS, intrusion detection systems promise timely uncovering of such adversaries. However, as these detection...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•7 views

A Sociotechnical, Practitioner-Centered Approach to Technology Adoption in Cybersecurity Operations: An LLM Case

Technology for security operations centers SOCs has a storied history of slow adoption due to concerns about trust and reliability. These concerns are amplified with artificial intelligence, particularly large language models LLMs, which exhibit issues such as hallucinations and inconsistent...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•5 views

AutoRISE: Agent-Driven Strategy Evolution for Red-Teaming Large Language Models

Automated red-teaming methods for large language models typically optimize attack prompts within a fixed, human-designed strategy, leaving the attack strategy itself unchanged. We instead optimize the strategy. We propose AutoRISE, a method that searches over executable attack programs rather tha...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•8 views

A-THENA: Early Intrusion Detection for IoT with Time-Aware Hybrid Encoding and Network-Specific Augmentation

The proliferation of Internet of Things IoT devices has significantly expanded attack surfaces, making IoT ecosystems particularly susceptible to sophisticated cyber threats. To address this challenge, this work introduces A-THENA, a lightweight early intrusion detection system EIDS that...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•5 views

FixV2W: Correcting Invalid CVE-CWE Mappings with Knowledge Graph Embeddings

Accurate mapping between Common Vulnerabilities and Exposures CVE and Common Weakness Enumeration CWE entries is critical for effective vulnerability management and risk assessment. However, public databases, such as the National Vulnerability Database NVD, suffer from inconsistent and incomplete...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•8 views

MCP Pitfall Lab: Exposing Developer Pitfalls in MCP Tool Server Security under Multi-Vector Attacks

Model Context Protocol MCP is increasingly adopted for tool-integrated LLM agents, but its multi-layer design and third-party server ecosystem expand risks across tool metadata, untrusted outputs, cross-tool flows, multimodal inputs, and supply-chain vectors. Existing MCP benchmarks largely measu...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•14 views

Rosemary 1.0.3

Rosemary is a cross-platform transparent tunneling platform designed for network pivoting. Unlike traditional tools that rely on TUN/TAP interfaces or require per-application proxy configuration like proxychains, Rosemary intercepts traffic at the kernel level...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•9 views

ID-Eraser: Proactive Defense against Face Swapping Via Identity Perturbation

Deepfake technologies have rapidly advanced with modern generative AI, and face swapping in particular poses serious threats to privacy and digital security. Existing proactive defenses mostly rely on pixel-level perturbations, which are ineffective against contemporary swapping models that extra...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•7 views

Rigorous Security Proofs for Practical Quantum Key Distribution

This thesis is concerned with rigorous security analyses of practical Quantum Key Distribution QKD protocols, using a variety of modern proof techniques. The main results are as follows. First, we establish a security proof for variable-length QKD protocols against IID collective attacks, and...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•6 views

Strategic Heterogeneous Multi-Agent Architecture for Cost-Effective Code Vulnerability Detection

Automated code vulnerability detection is critical for software security, yet existing approaches face a fundamental trade-off between detection accuracy and computational cost. We propose a heterogeneous multi-agent architecture inspired by game-theoretic principles, combining cloud-based LLM...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•10 views

Keras 3.13.0 Safe Parallel ML Stress Test Generator

This script is a safe and lightweight stress-testing utility designed to simulate machine learning model generation workloads without actually allocating large memory or creating real heavy files. It was designed to test Keras 3.13.0...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•18 views

Grav CMS Authenticated Scanner

This Python script is a safe, read-only scanner designed to detect whether a target running Grav CMS with its Admin plugin may be vulnerable to CVE-2025-50286, based purely on version analysis...

8.1CVSS5.7AI score0.09319EPSS
Exploits7
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•10 views

Keras 3.13.0 HDF5 Shape Fuzzing for Robustness Testing

This script performs fuzz testing against Keras version 3.13.0 on randomly generated tensor shapes using NumPy and HDF5 to evaluate stability and error handling in file creation workflows...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•12 views

Keras 3.13.0 Bulk Generator for Large-Scale HDF5 Shape Test Models

This script is a parallel batch generator designed to create multiple .keras model files using a thread pool. Each file is generated with a predefined set of large tensor shapes intended for stress testing or memory-impact evaluation in HDF5/Keras workflows...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•8 views

EspoCRM 9.3.3 API Security Audit Tool

This Python script is a lightweight, non-invasive security audit tool designed to test the API surface of EspoCRM version 9.3.3...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•8 views

Risk Models As Mediating Artifacts: A Postphenomenological Analysis of the CIIM Framework in Cybersecurity Practice

This article applies postphenomenological theory to the field of cybersecurity risk management, arguing that formal risk models function as mediating artifacts that shape how security practitioners or analysts perceive, interpret, and act on threats. Based on Don Ihde's taxonomy on human-technolo...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•13 views

Can SOC Operators Explain Their Decisions While Triaging Alarms? A Real-World Study

Security Operations Centers SOCs are pivotal in modern enterprises. Tasked to monitor complex network environments constantly under attack, SOCs can be active 24/7 and can include hundreds of operators supported by state-of-the-art technologies. Abundant research has studied the internal processe...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•7 views

Transient Turn Injection: Exposing Stateless Multi-Turn Vulnerabilities in Large Language Models

Large language models LLMs are increasingly integrated into sensitive workflows, raising the stakes for adversarial robustness and safety. This paper introduces Transient Turn InjectionTTI, a new multi-turn attack technique that systematically exploits stateless moderation by distributing...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•10 views

FreeScout 1.8.206 Network Reachability and HTTP Security Audit Scanner

The provided PHP script is a network reconnaissance and auditing tool designed to scan a local IP range and identify reachable hosts potentially running web services such as FreeScout...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•8 views

Mitigate or Fail: How Risk Management Shapes Cybersecurity Competency

Contemporary cybersecurity governance assumes that professionals apply risk reasoning. Yet major organisational failures persist despite investment in tools, staffing, and credentials. This study investigates the structural source of that paradox. Cybersecurity speaks the language of risk, but it...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•7 views

Wazuh 4.14.5

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/23 12:0 a.m.•8 views

Joern 4.0.526

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/22 12:0 a.m.•8 views

DNG File Security Scanner for Detecting Malformed Metadata and Overflow Indicators

This Python script is a defensive security tool designed to analyze DNG Digital Negative image files and detect signs of structural corruption or potentially malicious metadata manipulation. It performs low-level parsing of TIFF/DNG structures by reading the file header and iterating through Imag...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/22 12:0 a.m.•18 views

A Ground-Truth-Based Evaluation of Vulnerability Detection across Multiple Ecosystems

Automated vulnerability detection tools are widely used to identify security vulnerabilities in software dependencies. However, the evaluation of such tools remains challenging due to the heterogeneous structure of vulnerability data sources, inconsistent identifier schemes, and ambiguities in...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/22 12:0 a.m.•11 views

Synthesizing Multi-Agent Harnesses for Vulnerability Discovery

LLM agents have begun to find real security vulnerabilities that human auditors and automated fuzzers missed for decades, in source-available targets where the analyst can build and instrument the code. In practice the work is split among several agents, wired together by a harness: the program...

8.8CVSS5.8AI score0.00395EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/22 12:0 a.m.•7 views

Joern 4.0.525

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/22 12:0 a.m.•14 views

ATBroker Registry Security Scanner

This code is a defensive Windows security scanner designed to audit potentially sensitive Registry paths related to ATBroker Accessibility Technology Broker and core system hives. It only checks for the presence of certain registry keys to see if they're protected or accessible...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/22 12:0 a.m.•13 views

Towards Certified Malware Detection: Provable Guarantees against Evasion Attacks

Machine learning-based static malware detectors remain vulnerable to adversarial evasion techniques, such as metamorphic engine mutations. To address this vulnerability, we propose a certifiably robust malware detection framework based on randomized smoothing through feature ablation and targeted...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/22 12:0 a.m.•12 views

Towards Secure Logging: Characterizing and Benchmarking Logging Code Security Issues with LLMs

Logging code plays an important role in software systems by recording key events and behaviors, which are essential for debugging and monitoring. However, insecure logging practices can inadvertently expose sensitive information or enable attacks such as log injection, posing serious threats to...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/22 12:0 a.m.•6 views

HTTP Chunked Encoding Behavior Analyzer

This script is a security analysis tool designed to test how a web server such as Kestrel-based applications handles HTTP requests using chunked transfer encoding...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/22 12:0 a.m.•9 views

Threat Detection and Resilience Techniques in PRS-Assisted OTDOA 5G Positioning Systems

Precise positioning is a key enabler for emerging 5G applications, from autonomous transport to industrial automation. Yet the open physical layer PL leaves standard positioning reference signals PRSs vulnerable to manipulation. This work addresses the security of downlink observed time differenc...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/22 12:0 a.m.•5 views

angr 9.2.212

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/22 12:0 a.m.•25 views

TLSCheck 2.0: An Enhanced Memory Forensics Approach to Efficiently Detect TLS Callbacks

Memory analysis is a crucial technique in digital forensics that enables investigators to examine the runtime state of a system through physical memory dumps. While significant advances have been made in memory forensics, the detection and analysis of Thread Local Storage TLS callbacks remain...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/04/22 12:0 a.m.•11 views

Adaptive Instruction Composition for Automated LLM Red-Teaming

Many approaches to LLM red-teaming leverage an attacker LLM to discover jailbreaks against a target. Several of them task the attacker with identifying effective strategies through trial and error, resulting in a semantically limited range of successes. Another approach discovers diverse attacks ...

5.4AI score
Exploits0
Total number of security vulnerabilities6803