Lucene search
K
PacketstormnewsRecent

6746 matches found

Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.5 views

FreeBSD Security Advisory - FreeBSD-SA-26:49.iconv

FreeBSD Security Advisory - Several encoding modules, including HZ, UTF-7, VIQR, and ZW, did not properly check the size of the caller-supplied output buffer before writing converted characters. The ISO-2022 encoding module used a stack buffer sized to MBLENMAX 6 bytes for intermediate character...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.3 views

FreeBSD Security Advisory - FreeBSD-SA-26:42.unlinkat

FreeBSD Security Advisory - The kernel function that implements unlinkat2 and funlinkat2 validated the ATRESOLVEBENEATH flag but failed to pass it through to the underlying path lookup. The flag was silently dropped, so path resolution was not actually restricted...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.7 views

CVE2PoC Exploit Finder

CVE2PoC is a tool that helps penetration testers, bug hunters, and security researchers quickly find public exploits, proof of concepts PoCs, and advisories related to a CVE ID...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.3 views

FreeBSD Security Advisory - FreeBSD-SA-26:39.execve

FreeBSD Security Advisory - During execve2 of a SUID binary, the new virtual address space is installed before the process credentials are updated. During this window, a process running as the same user can access the target process's memory via procfs or linprocfs, because the kernel's debugging...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.2 views

Securing the AI Agent: A Unified Framework for Multi-Layer Agent Red Teaming

The fast growth of open-source AI infrastructure, from model serving engines and agent platforms to the Model Context Protocol MCP ecosystem and the language models themselves, has outpaced the security tooling available to defend it. We present AI-Infra-Guard, an open-source framework that...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.2 views

EnclaveX: End-To-End Confidential AI with CPU/GPU TEEs

Large Language Models LLMs have rapidly proliferated, driving widespread adoption of AI applications. Most deployments rely on centralized infrastructures such as Microsoft Azure, Google Cloud, or AWS, requiring users to share sensitive data and training or fine-tuning code. This dependence raise...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.2 views

Witness Complexity of Short Descriptions: A Cryptographic Perspective

In cryptographic practice, where protocols impose strict time bounds, implementations demand predictable resource usage, and real-world systems require immediate verification for security and usability, a short key or certificate is useful only if it can be expanded or verified within a bounded...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.2 views

CVE-TTP KG: Knowledge Graph Linking Software Vulnerabilities to Attack Behaviors

In the evolving threat landscape, adversaries exploit software vulnerabilities to launch sophisticated attacks, challenging traditional defenses. Although databases like CVE and NVD provide detailed technical information, they often lack links to attacker behaviors such as tactics and techniques,...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.2 views

Robocalls: A Worldwide or US-Only Problem? Analyzing Spam and Fraud in International Phone Calls

Unsolicited automated phone calls robocalls are a serious threat: in the US alone, these calls resulted in reported losses of 1.1$ billion during 2025. Phishing and spoofing consistently rank among the most reported crimes within the FBI's Internet Crime Complaint Center, with phone call scams...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.2 views

Comparative Analysis of Machine Learning Based Intrusion Detection in Realistic IoT Networks

The Internet of Things IoT is rapidly growing and expanding into various sectors, such as healthcare, transportation, smart homes, and more. Despite the benefits of using IoT devices, they present several challenges. Given the significant role these devices play in our lives, it is crucial to...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.2 views

FLARE-AI: Flaw Reporting for AI

Flaw reporting for deployed AI systems is fundamental to identifying system failures and improving AI safety. Yet the AI reporting ecosystem is fragmented: researchers who identify flaws often do not know what or where to report, and groups who receive reports rarely share them with other relevan...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.2 views

Exploring Side-Channel Protections in Hardware Implementations of PQC ML-KEM Verification

As ML-KEM is adopted as a post-quantum cryptographic standard, resilience against physical side-channel attacks has become essential. Among the constituent steps, the decapsulation Fujisaki-Okamoto FO verification is particularly vulnerable to side-channel power and electromagnetic EM analysis. I...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.2 views

Hybrid Topological Data Analysis and LSTM Networks for Enhanced Network Intrusion Detection Using CIC-IDS2017 Dataset

Network intrusion detection systems NIDS are crucial in cybersecurity infrastructure, needing advanced techniques to detect hostile activity in network traffic. This research introduces a hybrid approach that combines Topological Data Analysis TDA with Long Short-Term Memory LSTM networks to...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.7 views

(A)I Sees What You Don't: Exploiting New Attack Surfaces in Third-Party Mobile Agents

Third-party mobile agents powered by Vision-Language Models VLMs have emerged as a promising paradigm for automating smartphone interactions. These agents act as high-privilege decision-makers, perceiving device states through screenshots and executing actions via VLM reasoning, transforming how ...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.3 views

A Forgery Attack on the Block.Co Blockchain-Based Digital Credential Certification System

Certification of digital documents, such as academic credentials, seems a particularly suitable application for the use of blockchain and distributed ledger technologies. Indeed, these technologies enable decentralized certification systems that rely on the immutability and persistence of their...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.3 views

FreeBSD Security Advisory - FreeBSD-SA-26:46.ktls

FreeBSD Security Advisory - When building the iovec array for a received TLS 1.2 CBC record, ktlsocftlscbcdecrypt incremented the iovec index for every mbuf in the chain, including mbufs that were skipped because they contained only TLS header bytes. This left uninitialized entries in the iovec...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.4 views

FreeBSD Security Advisory - FreeBSD-SA-26:48.compat32

FreeBSD Security Advisory - The compat32 kevent handler translates a 64-bit kevent struct into a stack- declared 32-bit struct. It did not first zero the stack struct...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.12 views

Nuclei 3.10.0

Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.11 views

Flounder 0.1.2

Flounder turns modern coding agents into an end-to-end security audit system. Give it an authorized target boundary - a repository, source tree, package, deployed clue, or prior run - and the agent can prepare the workspace, read the code and supporting material, map the attack surface, dig into...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.2 views

FreeBSD Security Advisory - FreeBSD-SA-26:40.zfs

FreeBSD Security Advisory - The ZFSIOCUSERSPACEMANY ioctl, used by zfs-userspace8, truncated a 64-bit output buffer size to a 32-bit integer for the kernel allocation, but used the original 64-bit size as the buffer limit when writing records. The ZFSIOCRECVNEW ioctl, in the heal receive path,...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.2 views

FreeBSD Security Advisory - FreeBSD-SA-26:41.libalias

FreeBSD Security Advisory - The RTSP handler in libalias rewrote outgoing packets into a fixed-length stack buffer without checking whether the rewritten data fit in the buffer, or whether the result fit back in the original packet...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.2 views

FreeBSD Security Advisory - FreeBSD-SA-26:43.tcp

FreeBSD Security Advisory - The RACK setsockopt2 handler drops the connection lock in order to copy option data from userspace, then reacquires the lock. After reacquiring, it verifies that the TCP stack had not been switched away, but did not reload its pointer to the stack's per-connection...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.6 views

A Lifecycle and Application-Stack Survey of Large Language Model Vulnerabilities: Attacks, Risks, Defenses, and Open Problems

Large language models are no longer only text generators. They are increasingly embedded in retrieval pipelines, enterprise assistants, coding environments, robotic systems, security-operation workflows, and autonomous agents that can read private data, call tools, write files, execute code, and...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.3 views

An Empirical Study of Security Calibration in Large Language Models for Code

Large Language Models LLMs are rapidly transforming software development, yet their use in security-critical contexts raises a key question: do models know when their generated code is insecure? This property, known as calibration, measures whether a model's confidence aligns with the true...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/30 12:0 a.m.3 views

FreeBSD Security Advisory - FreeBSD-SA-26:45.audit

FreeBSD Security Advisory - When auditing a system call executed via ptracePTSCREMOTE, the kernel passed the return value of an internal setup function to AUDITSYSCALLEXIT rather than the actual result of the executed system call. As a result, committed audit records for system calls which return...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.10 views

Hephaestus: Toward a Cybersecurity AI Scientist

Cyber offense is moving to machine speed; cyber research itself is not. Existing AI scientist systems make end-to-end research automation increasingly plausible, but they target relatively stable scientific domains. We argue that AI-native cybersecurity is a different kind of scientific object. I...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.7 views

Wireless Backdoor Attack and Defense for Semantic Communications over Multiple Access Channel

Semantic communication SemCom aims to preserve semantic meaning and task-oriented information beyond conventional message recovery over wireless channels. The adoption of SemCom in shared-access wireless networks introduces new vulnerabilities for multi-user semantic inference. This paper conside...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.8 views

Authentication in Quantum Networks

In this review, we survey the cryptographic task of authentication from the perspective of quantum communication. We review three main flavours of authentication that are often conflated in the literature: authentication of classical messages, authentication of quantum messages, and entity...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.7 views

A Multi-Task Mixture of Experts Framework for Malware Classification, Packing Detection, and Family Attribution

Malware classification remains a challenging problem due to its inherent heterogeneity, the presence of packed binaries, and the diverse distribution of malware families. Traditional single-model detection mechanisms often fail to generalize across such diverse data, leading to degraded...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.7 views

Multi-Level Distributional Entropy for Explainable Network Intrusion Detection

Machine learning network intrusion detection systems IDS rely on aggregate flow statistics that discard distributional structure, while established entropy measures require raw packet sequences unavailable in pre-aggregated flow datasets. We propose Multi-Level Distributional Entropy MDE, an...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.12 views

A Hybrid Framework for Crypto-Ransomware Detection in Enterprise Shared Storage

Most corporate workplace environments enforce policies and technical controls that limit the storage of sensitive data on client endpoints. Consequently, ransomware operators have evolved variants that expand their attack surface from local systems to network drives and shared storage resources. ...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.3 views

RedAmon 5.1.0

An autonomous AI framework that chains reconnaissance, exploitation, and post-exploitation into a single pipeline, then goes further by triaging every finding, implementing code fixes, and opening pull requests on your repository. From first packet to merged patch, with human oversight at every...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.3 views

Win32k Callback Detouring: Abusing Legitimate Kernel-to-User Callback Dispatch for Code Execution

This injection technique abuses the kernel-to-user callback dispatch path used by the Windows graphical subsystem win32k.sys to obtain code execution inside a remote process. By locating the KernelCallbackTablethrough the target process's Process Environment Block PEB, an operator can enumerate...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.3 views

GLPI Plugin Surface Mapper

This is a source-derived GLPI plugin surface mapper for building canonical plugin path wordlists and probing reachable code paths under /plugins/ and /marketplace/...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.2 views

Flounder 0.1.1

Flounder turns modern coding agents into an end-to-end security audit system. Give it an authorized target boundary - a repository, source tree, package, deployed clue, or prior run - and the agent can prepare the workspace, read the code and supporting material, map the attack surface, dig into...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.2 views

Maestro 0.17.2

Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.2 views

TOR Virtual Network Tunneling Tool 0.4.9.11

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.2 views

IronCurtain 0.12.0

IronCurtain is an early-stage research project exploring how to make AI agents safe enough to be genuinely useful. It is a runtime for autonomous AI agents, where security policy is derived from a human-readable constitution. APIs, configuration formats, and architecture may change...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.3 views

Joern 4.0.568

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.2 views

Beyond Wireless Security: Covert Communications in Large Language Model-Enabled Edge Networks

Large language model LLM-enabled edge networks LLMENs offer mobile users high-quality and low-latency AI-generated content services in the 6G era. However, unlike typical edge networks, LLMENs present unique security challenges due to the inherent complexity of LLMs, their high computational...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.2 views

AI-Generated PowerShell Malware: An Experimental Framework and Dataset

Generative AI has emerged as a significant cybersecurity threat, with several recent attack campaigns leveraging LLMs to generate code for malicious purposes via scripting languages such as PowerShell. Consequently, for cybersecurity analysts, it is imperative to investigate the offensive...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.2 views

Security--Fidelity Tradeoffs: The Hidden Cost of Prompt Injection Defense

We identify a security-fidelity tradeoff in defending LLMs against indirect prompt injection: defenses resist injected instructions largely by suppressing untrusted text, which corrupts tasks that must preserve it, such as translation and document editing. Attack-success metrics cannot see this,...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.2 views

Understanding and Evaluating Claw-Like Agent Security through a Computer-Systems Lens

Claw-like AI agents e.g., OpenClaw are always-on processes with persistent access to credentials, files, tools, and external services. They take on system-level responsibilities -- installing packages, maintaining state, scheduling subtasks, and mediating I/O -- making security failures far more...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.2 views

Continuous-Variable Source-Independent Quantum Random Number Generation with General POVMs

Continuous-variable source-independent quantum random number generators offer the highest generation rates among semi-device-independent protocols. In reality, the protocol design is limited due to permissible measurement configurations. In this work, we propose a rigorous security proof framewor...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.2 views

An AI-Based Solution for Secure Service Provisioning in IoT

As the Internet of Things IoT continues its rapid expansion, the attack surface grows accordingly, with emerging threats targeting smart objects and their interactions. In this evolving landscape, securing service provisioning is crucial to ensure the proper functioning, security, and reliability...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.4 views

American Fuzzy Lop plus plus 5.02c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.13 views

Your Space Is My Zone: Demystifying the Security Risks of AI-Powered Applications on Pre-Trained Model Hubs

AI-powered Applications AI-Apps, hosted on platforms such as Hugging Face, are democratizing access to pre-trained models through online inference and fine-tuning services. While lowering AI adoption barriers, these platforms introduce an unexplored attack surface, as AI-Apps are often developed ...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.14 views

Uncovering Similar but Different Packages in PyPI and Potential Security Threats

In this study, we present a large-scale, in-depth study of package replication in PyPI. As a vital platform, PyPI streamlines Python package distribution for developers. However, beyond small-scale code cloning, we observe that many replicated packages exist on PyPI, which duplicate most of the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.16 views

Explainability-Aware Frustum Attack: Exposing Structural Vulnerabilities in LiDAR-Based 3D Object Detectors

The structural vulnerabilities of point cloud-based 3D object detectors remain poorly understood. Prior work has studied adversarial robustness primarily on isolated 3D object models, while recent LiDAR spoofing attacks target richer and more realistic driving scenes but focus mainly on physical...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/29 12:0 a.m.13 views

MESA: Prioritizing Vulnerable Communication Channels for Securing Multi-Agent Systems

Multi-agent systems MAS are increasingly used to automate complex, distributed workflows. However, their inter-agent communication channels introduce new attack surfaces that remain poorly understood and are difficult to defend against. In this paper, we address how defenders should prioritize...

5.7AI score
Exploits0
Total number of security vulnerabilities6746