Lucene search
K
PacketstormnewsRecent

6803 matches found

Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.7 views

CodeQL 2.25.2

Discover vulnerabilities across a codebase with CodeQL, an industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.22 views

Security Is Relative: Training-Free Vulnerability Detection Via Multi-Agent Behavioral Contract Synthesis

Deep learning for vulnerability detection has shown promising results on early benchmarks, but recent evaluations reveal catastrophic degradation: models achieving F1 0.68 on legacy datasets collapse to 0.031 under strict deduplication. We identify the root cause as the semantic ambiguity problem...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.7 views

MetInfo CMS 8.1 XML Endpoint Behavior Analysis Tool

This script is a PHP-based analysis tool designed to interact with MetInfo CMS 8.1 endpoints through an XML-based interface. It uses cURL to send structured requests to a specific MetInfo module endpoint and evaluates the HTTP responses for basic fingerprinting indicators such as known keywords a...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/20 12:0 a.m.7 views

Zeek 8.0.7

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.7 views

What Security and Privacy Transparency Users Need from Consumer-Facing Generative AI

Users increasingly rely on consumer-facing generative AI GenAI for tasks ranging from everyday needs to sensitive use cases. Yet, it remains unclear whether and how existing security and privacy S&P communications in GenAI tools shape users' adoption decisions and subsequent experiences...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.7 views

A Novel Quantum Augmented Framework to Improve Microgrid Cybersecurity

Small modular nuclear reactors SMRs are redefining the energy generation landscape by enabling the deployment of modular, scalable, and pre-built power units that can be used to build distributed autonomous microgrids for critical infrastructure and burgeoning AI factories. Often, these microgrid...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.8 views

SoK: Reshaping Research on Network Intrusion Detection Systems

Network Intrusion Detection Systems NIDS have been studied for decades. Hundreds of papers have, e.g., proposed ways to enhance, harden or bypass NIDS. However, the findings of prior literature are hardly reflected in real-world operational contexts. Such a disconnection is problematic for resear...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.22 views

SDLLMFuzz: Dynamic-Static LLM-Assisted Greybox Fuzzing for Structured Input Programs

Fuzzing has become a widely adopted technique for vulnerability discovery, yet it remains ineffective for structured-input programs due to strict syntactic constraints and limited semantic awareness. Traditional greybox fuzzers rely on mutation-based strategies and coarse-grained coverage feedbac...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.51 views

Terminal Wrench: A Dataset of 331 Reward-Hackable Environments and 3,632 Exploit Trajectories

The authors of this paper release Terminal Wrench, a subset of 331 terminal-agent benchmark environments, copied from the popular open benchmarks that are demonstrably reward-hackable. The data set includes 3,632 hack trajectories and 2,352 legitimate baseline trajectories across three frontier...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.9 views

Bit-Flip Vulnerability of Shared KV-Cache Blocks in LLM Serving Systems

Rowhammer on GPU DRAM has enabled adversarial bit flips in model weights; shared KV-cache blocks in LLM serving systems present an analogous but previously unexamined target. In vLLM's Prefix Caching, these blocks exist as a single physical copy without integrity protection. Using software fault...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.9 views

Original Sin of Npm: A Study on Vulnerability Propagation in JavaScript Dependency Networks

Understanding vulnerability propagation is essential for assessing how vulnerabilities spread across components of a software package. This supports more accurate impact analysis and enhances threat detection and mitigation. In this paper, we investigate how a small number of vulnerable JavaScrip...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.37 views

GuardPhish: Securing Open-Source LLMs from Phishing Abuse

The rapid adoption of open-source Large Language Models LLMs in offline and enterprise environments has introduced a largely unexamined security risk like susceptibility to adversarial phishing prompts under static safety configurations. In this work, we systematically investigate this...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.7 views

Explainable Attention-Based LSTM Framework for Early Detection of AI-Assisted Ransomware Via File System Behavioral Analysis

Ransomware continues to evolve as one of the most disruptive cyber threats, with recent variants increasingly leveraging automated and AI-assisted techniques to evade traditional signature-based defenses. Early detection of such attacks remains a significant challenge, particularly when malicious...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/18 12:0 a.m.12 views

Enclawed: A Configurable, Sector-Neutral Hardening Framework for Single-User AI Assistant Gateways

We present enclawed, a hard-fork hardening framework built on top of the OpenClaw single-user personal artificial intelligence AI assistant gateway. enclawed targets deployments that need attestable peer trust, deny-by-default external connectivity, signed-module loading, and a tamper-evident aud...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/18 12:0 a.m.6 views

Global Web, Local Privacy? an International Review of Web Tracking

Web tracking by ad networks, social networks, and other third parties is privacy-invasive. To protect users' privacy an increasing number of countries are adopting new privacy laws. However, a major reason why their application on the web is so challenging is that privacy laws are local while the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/18 12:0 a.m.7 views

HarmChip: Evaluating Hardware Security Centric LLM Safety Via Jailbreak Benchmarking

The integration of large language models LLMs into electronic design automation EDA workflows has introduced powerful capabilities for RTL generation, verification, and design optimization, but also raises critical security concerns. Malicious LLM outputs in this domain pose hardware-level threat...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/18 12:0 a.m.19 views

False Security Confidence in Benign LLM Code Generation

Prior work has demonstrated that functionally correct yet vulnerable outputs arise systematically in threat-oriented settings, where adversarial or implicit channels are used to induce security failures in code agents and automated patching workflows. This note introduces a complementary but...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/17 12:0 a.m.9 views

Eclipse Che Machine-Exec WebSocket Service Exposure Detector

This Python script is a lightweight security detection tool designed to identify potentially exposed or misconfigured machine-exec WebSocket services associated with Eclipse Che running on port 3333...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/17 12:0 a.m.9 views

QUACK! Making the (Rubber) Ducky Talk: A Systematic Study of Keystroke Dynamics for HID Injection Detection

Modern computing systems inherently trust human input devices, creating an exploitable attack surface for adversarial automation. USB Human Interface Device HID emulation attacks, such as those enabled by the USB Rubber Ducky, exploit this assumption to inject arbitrary keystroke sequences while...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/17 12:0 a.m.8 views

GLPI 10.0.18 Log Exposure Probe Script Directory Leak Detection

This Python script is designed to assess a GLPI application for potential information disclosure vulnerabilities, specifically focusing on exposed log files and sensitive directories...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/17 12:0 a.m.20 views

Surgical Repair of Insecure Code Generation in LLMs

Large language models write production code, and yet they routinely introduce well-known vulnerabilities. We show that this is not a knowledge deficit: the same models that generate insecure code, correctly identify and explain the vulnerability when asked directly, this is a gap we call the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/17 12:0 a.m.9 views

A Practical Semi-Quantum Signature Protocol with Improved Eavesdropping Detection

Semi-quantum signature SQS schemes aim to enable quantum signature functionality in scenarios where only a subset of participants possess full quantum capabilities, thereby improving practical deployability while preserving quantum security advantages. Within this framework, we present a practica...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/17 12:0 a.m.10 views

Privacy-Aware Machine Unlearning with SISA for Reinforcement Learning-Based Ransomware Detection

Ransomware detection systems increasingly rely on behavior-based machine learning to address evolving attack strategies. However, emerging privacy compliance, data governance, and responsible AI deployment demand not only accurate detection but also the ability to efficiently remove the influence...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/17 12:0 a.m.21 views

Dahua Security Assessment Tool - Authentication, Scan, and Exposure Testing Script

This Python script is a security assessment tool designed to evaluate the exposure and potential vulnerabilities of Dahua-based devices commonly IP cameras and NVR systems. It combines multiple testing modules into one CLI utility...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/17 12:0 a.m.6 views

Modeling Sparse and Bursty Vulnerability Sightings: Forecasting under Data Constraints

Understanding and anticipating vulnerability-related activity is a major challenge in cyber threat intelligence. This work investigates whether vulnerability sightings, such as proof-of-concept releases, detection templates, or online discussions, can be forecast over time. Building on our earlie...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/16 12:0 a.m.7 views

ConGISATA: A Framework for Continuous Gamified Information Security Awareness Training and Assessment

The incidence of cybersecurity attacks utilizing social engineering techniques has increased. Such attacks exploit the fact that in every secure system, there is at least one individual with the means to access sensitive information. Since it is easier to deceive a person than it is to bypass the...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/16 12:0 a.m.6 views

Too Private to Tell: Practical Token Theft Attacks on Apple Intelligence

Apple Intelligence is a generative AI GenAI service provided by Apple on its devices. While offering a similar set of features as other similar GenAI services, Apple Intelligence is claimed to be designed with an extra focus on user security and privacy through a two-stage authentication and...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/16 12:0 a.m.9 views

LLM4C2Rust: Large Language Models for Automated Memory-Safe Code Transpilation

Memory safety has long been a critical challenge in software engineering, particularly for legacy systems written in memory-unsafe languages such as C and C++. Rust, one of the youngest modern programming languages, offers built-in memory-safety guarantees that make it a strong candidate for secu...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/16 12:0 a.m.7 views

CSLE: A Reinforcement Learning Platform for Autonomous Security Management

Reinforcement learning is a promising approach to autonomous and adaptive security management in networked systems. However, current reinforcement learning solutions for security management are mostly limited to simulation environments and it is unclear how they generalize to operational systems...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/16 12:0 a.m.8 views

MLDAS: Machine Learning Dynamic Algorithm Selection for Software-Defined Networking Security

Network security is a critical concern in the digital landscape of today, with users demanding secure browsing experiences and protection of their personal data. This study explores the dynamic integration of Machine Learning ML algorithms with Software-Defined Networking SDN controllers to enhan...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/16 12:0 a.m.7 views

NFTDELTA: Detecting Permission Control Vulnerabilities in NFT Contracts through Multi-View Learning

Permission control vulnerabilities in Non-fungible token NFT contracts can result in significant financial losses, as attackers may exploit these weaknesses to gain unauthorized access or circumvent critical permission checks. In this paper, we propose NFTDELTA, a framework that leverages static...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/16 12:0 a.m.5 views

Half-Moon Cookie: Private, Similarity-Based Blocklisting with TOCTOU-Attack Resilience

Blocklisting is a common technique for preventing the use of known malicious content. However, conventional blocklisting infrastructures require either the blocklist to be public or clients to reveal their queries to the blocklist server. In this work, we introduce a private blocklisting framewor...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.7 views

RealVuln: Benchmarking Rule-Based, General-Purpose LLM, and Security-Specialized Scanners on Real-World Code

How do security scanners perform on real-world code? We present RealVuln, the first open-source benchmark comparing Rule-Based SAST, General-Purpose LLMs, and Security-Specialized scanners on 26 intentionally vulnerable Python repositories educational and Capture-The-Flag applications with 796...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.8 views

MCPThreatHive: Automated Threat Intelligence for Model Context Protocol Ecosystems

The rapid proliferation of Model Context Protocol MCP-based agentic systems has introduced a new category of security threats that existing frameworks are inadequately equipped to address. We present MCPThreatHive, an open-source platform that automates the end-to-end lifecycle of MCP threat...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.6 views

Understanding Student Experiences with TLS Client Authentication

Mutual TLS mTLS provides strong, certificate-based authentication for both clients and servers, yet its adoption for user-facing websites remains rare. This paper presents a longitudinal study of mTLS usability, tracking 46 senior and graduate computer science students who configured client...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.5 views

AndroScanner: Automated Backend Vulnerability Detection for Android Applications

Mobile applications rely on complex backends that introduce significant security risks, yet developers often lack the tools to assess these risks effectively. This paper presents AndroScanner, an automated pipeline for detecting vulnerabilities in Android application backends through combined...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.8 views

Windows Persistence Bits Job

This Metasploit module establishes persistence through a BITS job that downloads and executes a payload. Background Intelligent Transfer Service BITS is a Windows service for transferring files in the background using idle network bandwidth. BITS jobs are persistent and will resume across reboots...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.6 views

Challenges and Future Directions in Agentic Reverse Engineering Systems

Agentic systems built on large language models LLMs are increasingly being used for complex security tasks, including binary reverse engineering RE. Despite recent growth in popularity and capability, these systems continue to face limitations in realistic settings. Cutting-edge systems still fai...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.12 views

Powershell Profile Persistence

This Metasploit module establishes persistence by modifying a PowerShell profile script, which is automatically executed when PowerShell starts. The module supports multiple profile scopes current user or all users and safely backs up any existing profile prior to modification, enabling clean...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.7 views

VeriCWEty: Embedding Enabled Line-Level CWE Detection in Verilog

Large Language Models LLMs have shown significant improvement in RTL code generation. Despite the advances, the generated code is often riddled with common vulnerabilities and weaknesses CWEs that can slip by untrained eyes. Attackers can often exploit these weaknesses to fulfill their nefarious...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.9 views

Towards Personalizing Secure Programming Education with LLM-Injected Vulnerabilities

According to constructivist theory, students learn software security more effectively when examples are grounded in their own code. Generic examples often fail to connect with students' prior work, limiting engagement and understanding. Advances in LLMs are now making it possible to automatically...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.5 views

Robustness Analysis of Machine Learning Models for IoT Intrusion Detection under Data Poisoning Attacks

Ensuring the reliability of machine learning-based intrusion detection systems remains a critical challenge in Internet of Things IoT environments, particularly as data poisoning attacks increasingly threaten the integrity of model training pipelines. This study evaluates the susceptibility of fo...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/15 12:0 a.m.7 views

V2E: Validating Smart Contract Vulnerabilities through Profit-Driven Exploit Generation and Execution

Smart contracts are a critical component of blockchain systems. Due to the large amount of digital assets carried by smart contracts, their security is of critical importance. Although numerous tools have been developed for detecting smart contract vulnerability, their effectiveness remains...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.6 views

Evaluating Differential Privacy against Membership Inference in Federated Learning: Insights from the NIST Genomics Red Team Challenge

While Federated Learning FL mitigates direct data exposure, the resulting trained models remain susceptible to membership inference attacks MIAs. This paper presents an empirical evaluation of Differential Privacy DP as a defense mechanism against MIAs in FL, leveraging the environment of the 202...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.7 views

Robust Semi-Supervised Temporal Intrusion Detection for Adversarial Cloud Networks

Cloud networks increasingly rely on machine learning based Network Intrusion Detection Systems to defend against evolving cyber threats. However, real-world deployments are challenged by limited labeled data, non-stationary traffic, and adaptive adversaries. While semi-supervised learning can...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.10 views

LLM-Guided Prompt Evolution for Password Guessing

Passwords still remain a dominant authentication method, yet their security is routinely subverted by predictable user choices and large-scale credential leaks. Automated password guessing is a key tool for stress-testing password policies and modeling attacker behavior. This paper applies...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.7 views

Tamper-Proofing with Self-Modifying Code

Classical computability theory tells us that self-modifying code SMC on a deterministic universal Turing machine can be simulated by non-SMC code on the same model. That abstraction, however, omits the external timing inputs, concurrency, and microarchitectural state that dominate practical...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.6 views

OpenSSL Toolkit 4.0.0

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 4.0 release...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.13 views

Security and Resilience in Autonomous Vehicles: A Proactive Design Approach

Autonomous vehicles AVs promise efficient, clean and cost-effective transportation systems, but their reliance on sensors, wireless communications, and decision-making systems makes them vulnerable to cyberattacks and physical threats. This chapter presents novel design techniques to strengthen t...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/14 12:0 a.m.8 views

Proxmark3 4.21611 Custom Firmware

This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed "BREAKMEIFYOUCAN!"...

5.8AI score
Exploits0
Total number of security vulnerabilities6803