Lucene search
K
PacketstormnewsRecent

6803 matches found

Packet Storm News
Packet Storm News
•added 2026/03/22 12:0 a.m.•8 views

Estimating the Social Cost of Corporate Data Breaches

While the size of a data breach is typically measured by the number of consumer, customer, or user records exposed or compromised, its economic impact is generally measured from the point of view of the corporation suffering the data breach: cost in crisis management, legal fees, drop in stock...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/21 12:0 a.m.•17 views

T-MAP: Red-Teaming LLM Agents with Trajectory-Aware Evolutionary Search

While prior red-teaming efforts have focused on eliciting harmful text outputs from large language models LLMs, such approaches fail to capture agent-specific vulnerabilities that emerge through multi-step tool execution, particularly in rapidly growing ecosystems such as the Model Context Protoc...

6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/21 12:0 a.m.•12 views

AEGIS: From Clues to Verdicts -- Graph-Guided Deep Vulnerability Reasoning Via Dialectics and Meta-Auditing

Large Language Models LLMs are increasingly adopted for vulnerability detection, yet their reasoning remains fundamentally unsound. We identify a root cause shared by both major mitigation paradigms agent-based debate and retrieval augmentation: reasoning in an ungrounded deliberative space that...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/21 12:0 a.m.•5 views

Cyber Deception for Mission Surveillance Via Hypergame-Theoretic Deep Reinforcement Learning

Unmanned Aerial Vehicles UAVs are valuable for mission-critical systems like surveillance, rescue, or delivery. Not surprisingly, such systems attract cyberattacks, including Denial-of-Service DoS attacks to overwhelm the resources of mission drones MDs. How can we defend UAV mission systems...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/20 12:0 a.m.•5 views

Fluxion 6.28

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with hopefully fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering phishing attack. It's compatible wi...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/20 12:0 a.m.•6 views

Cryptanalysis of Four Arbitrated Quantum Signature Schemes

Arbitrated quantum signature AQS schemes aim at ensuring the authenticity of a message with the help of an arbitrator. Moreover, they aim at preventing repudiation, both from a sender that denies the origin of a message, and from a receiver who disavows its reception. Such protocols use quantum...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/20 12:0 a.m.•3 views

Full Network Nonlocality Based Security in Quantum Key Distribution

In the last decade research of quantum nonlocality has moved beyond the regime of standard Bell nonlocality to consider network-based experimental set-ups involving multiple independent sources. Notion of full network nonlocality has emerged as some truly network phenomena that cannot be realized...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/20 12:0 a.m.•3 views

An Agentic Multi-Agent Architecture for Cybersecurity Risk Management

Getting a real cybersecurity risk assessment for a small organization is expensive -- a NIST CSF-aligned engagement runs $15,000 on the low end, takes weeks, and depends on practitioners who are genuinely scarce. Most small companies skip it entirely. We built a six-agent AI system where each age...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/20 12:0 a.m.•3 views

Improving Generalization on Cybersecurity Tasks with Multi-Modal Contrastive Learning

The use of ML in cybersecurity has long been impaired by generalization issues: Models that work well in controlled scenarios fail to maintain performance in production. The root cause often lies in ML algorithms learning superficial patterns shortcuts rather than underlying cybersecurity concept...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/20 12:0 a.m.•21 views

NASimJax: GPU-Accelerated Policy Learning Framework for Penetration Testing

Penetration testing, the practice of simulating cyberattacks to identify vulnerabilities, is a complex sequential decision-making task that is inherently partially observable and features large action spaces. Training reinforcement learning RL policies for this domain faces a fundamental...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/20 12:0 a.m.•2 views

Channel Prediction-Based Physical Layer Authentication under Consecutive Spoofing Attacks

Wireless networks are highly vulnerable to spoofing attacks, especially when attackers transmit consecutive spoofing packets. Conventional physical layer authentication PLA methods have mostly focused on single-packet spoofing attack. However, under consecutive spoofing attacks, they become...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/20 12:0 a.m.•7 views

Pensar Apex AI-Powered Penetration Testing

Pensar Apex is an AI-powered penetration testing using autonomous agents - directly in your terminal. Run blackbox and whitebox pentests that explore, reason, and surface real vulnerabilities...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/20 12:0 a.m.•8 views

Trojan'S Whisper: Stealthy Manipulation of OpenClaw through Injected Bootstrapped Guidance

Trojan's Whisper: Stealthy Manipulation Of OpenClaw Through Injected Bootstrapped Guidance...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/20 12:0 a.m.•6 views

Security of Binary-Modulated Optical Key Distribution against Quantum-Enhanced Coherent Eavesdropping

Optical key distribution OKD protects the physical layer of communication links by taking advantage of the inherent noise present in the photodetection process. It allows for efficient generation of a shared random key between two distant users which can subsequently be used for cryptographic...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/20 12:0 a.m.•11 views

Memory Poisoning and Secure Multi-Agent Systems

Memory poisoning attacks for Agentic AI and multi-agent systems MAS have recently caught attention. It is partially due to the fact that Large Language Models LLMs facilitate the construction and deployment of agents. Different memory systems are being used nowadays in this context, including...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/19 12:0 a.m.•13 views

Cyber-Resilient Digital Twins: Discriminating Attacks for Safe Critical Infrastructure Control

Industrial Cyber-Physical Systems ICPS face growing threats from cyber-attacks that exploit sensor and control vulnerabilities. Digital Twin DT technology can detect anomalies via predictive modelling, but current methods cannot distinguish attack types and often rely on costly full-system...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/19 12:0 a.m.•6 views

Quantifying Memory Cells Vulnerability for DRAM Security

Dynamic Random Access Memory DRAM is pervasive in computer systems. Cell vulnerabilities caused by unintended phenomena forced retention failure, latency alteration, rowhammer and rowpress lead to unintended bit flips in memory. These phenomena have been explored as attacks to violate data...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/19 12:0 a.m.•4 views

Weaver: Fuzzing JavaScript Engines at the JavaScript-WebAssembly Boundary

The security of modern JavaScript JS engines is critical since they provide the primary defense mechanism for executing untrusted code on the web. The recent integration of WebAssembly Wasm has transformed these engines into complex polyglot environments, creating a novel attack surface at the...

6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/19 12:0 a.m.•4 views

A Novel Solution for Zero-Day Attack Detection in IDS Using Self-Attention and Jensen-Shannon Divergence in WGAN-GP

The increasing sophistication of cyber threats, especially zero-day attacks, poses a significant challenge to cybersecurity. Zero-day attacks exploit unknown vulnerabilities, making them difficult to detect and defend against. Existing approaches patch flaws and deploy an Intrusion Detection Syst...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/19 12:0 a.m.•3 views

On the Effectiveness of the UK NIS Regulations As a Mandatory Cybersecurity Reporting Regime

Existing cybersecurity literature lacks a source of empirical, representative data as to the true nature of cyberattacks on Critical National Infrastructure. We have obtained UK-wide data on incidents reported under the Network and Information Systems NIS Regulations in 2024 causing "a significan...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/19 12:0 a.m.•21 views

Measuring and Exploiting Confirmation Bias in LLM-Assisted Security Code Review

Security code reviews increasingly rely on systems integrating Large Language Models LLMs, ranging from interactive assistants to autonomous agents in CI/CD pipelines. We study whether confirmation bias i.e., the tendency to favor interpretations that align with prior expectations affects LLM-bas...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/19 12:0 a.m.•15 views

Cross-Ecosystem Vulnerability Analysis for Python Applications

Python applications depend on native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these libraries, determining which Python packages are affected requires cross-ecosystem analysis spanning Python dependency...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/19 12:0 a.m.•7 views

Security Awareness in LLM Agents: The NDAI Zone Case

NDAI zones let inventor and investor agents negotiate inside a Trusted Execution Environment TEE where any disclosed information is deleted if no deal is reached. This makes full IP disclosure the rational strategy for the inventor's agent. Leveraging this infrastructure, however, requires agents...

6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/19 12:0 a.m.•18 views

Benchmarking Post-Quantum Cryptography on Resource-Constrained IoT Devices: ML-KEM and ML-DSA on ARM Cortex-M0+

The migration to post-quantum cryptography is urgent for Internet of Things devices with 10-20 year lifespans, yet no systematic benchmarks exist for the finalised NIST standards on the most constrained 32-bit processor class. This paper presents the first isolated algorithm-level benchmarks of...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/19 12:0 a.m.•95 views

A Framework for Formalizing LLM Agent Security

Security in LLM agents is inherently contextual. For example, the same action taken by an agent may represent legitimate behavior or a security violation depending on whose instruction led to the action, what objective is being pursued, and whether the action serves that objective. However,...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/18 12:0 a.m.•6 views

Toward Scalable Automated Repository-Level Datasets for Software Vulnerability Detection

Software vulnerabilities continue to grow in volume and remain difficult to detect in practice. Although learning-based vulnerability detection has progressed, existing benchmarks are largely function-centric and fail to capture realistic, executable, interprocedural settings. Recent repo-level...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/18 12:0 a.m.•5 views

Apple Security Advisory 03-17-2026-1

Apple Security Advisory 03-17-2026-1 - Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2 addresses a bypass vulnerability...

5.4CVSS6AI score0.00354EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2026/03/18 12:0 a.m.•5 views

Defending the Power Grid by Segmenting the EV Charging Cyber Infrastructure

This paper examines defending the power grid against load-altering attacks using electric vehicle charging. It proposes to preventively segment the cyber infrastructure that charging station operators CSOs use to communicate with and control their charging stations, thereby limiting the impact of...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/18 12:0 a.m.•5 views

FreePBX Filestore Module Exposure Scanner

This python script is a lightweight security scanner designed to detect installations of FreePBX and check basic indicators related to the vulnerability CVE-2025-64328...

8.6CVSS6.1AI score0.84618EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2026/03/18 12:0 a.m.•5 views

A New Approach to Code Smoothing Bounds

To analyze the security of code-based cryptosystems, the smoothing parameter, which is closely related to the total variation distance of codes, has been investigated. While previous studies have bounded this distance using the Fourier transform on locally compact abelian groups, we take an...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/17 12:0 a.m.•14 views

Suricata IDPE 8.0.4

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and...

5.8AI score0.00351EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/17 12:0 a.m.•3 views

A Longitudinal Study of Usability in Identity-Based Software Signing

Identity-based software signing tools aim to make software artifact provenance verifiable while reducing the operational burden of long-lived key management. However, there is limited cross-tool longitudinal evidence about which usability problems arise in practice and how those problems evolve a...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/17 12:0 a.m.•6 views

WordPress WPvivid 0.9.123 Payload Generator / Scanner

This Python script is a proof of concept tool designed to generate a crafted payload targeting the WPvivid Backup Migration plugin mechanism in WordPress. The script encrypts a JSON object containing file data using AES-CBC with a null key and IV, formats it according to the plugin's expected...

9.8CVSS7.7AI score0.32714EPSS
Exploits13
Packet Storm News
Packet Storm News
•added 2026/03/17 12:0 a.m.•10 views

Synchronized DNA Sources for Unconditionally Secure Cryptography

Secure communication is the cornerstone of modern infrastructures, yet achieving unconditional security -resistant to any computational attack- remains a fundamental challenge. The One-Time Pad OTP, proven by Shannon to offer perfect secrecy, requires a shared random key as long as the message,...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/17 12:0 a.m.•4 views

Secure Quantum Communication: Simulation and Analysis of Quantum Key Distribution Protocols

Quantum computing poses significant threats to conventional cryptographic techniques such as RSA and AES, motivating the need for quantum secure communication methods. Quantum Key Distribution QKD offers information theoretic security based on fundamental quantum principles. This paper presents a...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/17 12:0 a.m.•6 views

DeepStage: Learning Autonomous Defense Policies against Multi-Stage APT Campaigns

This paper presents DeepStage, a deep reinforcement learning DRL framework for adaptive, stage-aware defense against Advanced Persistent Threats APTs. The enterprise environment is modeled as a partially observable Markov decision process POMDP, where host provenance and network telemetry are fus...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/17 12:0 a.m.•7 views

Terrapack Arbitrary File Upload

Terrapack software suffers from an arbitrary file upload vulnerability that may allow attackers to execute arbitrary code. Affected software includes Terrapack TkWebCoreNG version 1.0.20200914, TKServerCGI version 2.5.4.150, and TpkWebGIS - Client version 1.0.0...

6AI score0.00384EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/17 12:0 a.m.•22 views

VulnAgent-X: A Layered Agentic Framework for Repository-Level Vulnerability Detection

VulnAgent-X is a layered agentic framework integrating lightweight risk screening, bounded context expansion, specialized analysis agents, selective dynamic verification, and evidence fusion into a unified pipeline. Included in this archive is also a whitepaper from the researchers...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/17 12:0 a.m.•4 views

Security Assessment and Mitigation Strategies for Large Language Models: A Comprehensive Defensive Framework

Large Language Models increasingly power critical infrastructure from healthcare to finance, yet their vulnerability to adversarial manipulation threatens system integrity and user safety. Despite growing deployment, no comprehensive comparative security assessment exists across major LLM...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/17 12:0 a.m.•39 views

Poisoning the Pixels: Revisiting Backdoor Attacks on Semantic Segmentation

Semantic segmentation models are widely deployed in safety-critical applications such as autonomous driving, yet their vulnerability to backdoor attacks remains largely underexplored. Prior segmentation backdoor studies transfer threat settings from existing image classification tasks, focusing...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/17 12:0 a.m.•24 views

Wazuh 4.14.4

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/17 12:0 a.m.•25 views

Detecting Data Poisoning in Code Generation LLMs Via Black-Box, Vulnerability-Oriented Scanning

Code generation large language models LLMs are increasingly integrated into modern software development workflows. Recent work has shown that these models are vulnerable to backdoor and poisoning attacks that induce the generation of insecure code, yet effective defenses remain limited. Existing...

6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/16 12:0 a.m.•26 views

PISmith: Reinforcement Learning-Based Red Teaming for Prompt Injection Defenses

Prompt injection poses serious security risks to real-world LLM applications, particularly autonomous agents. Although many defenses have been proposed, their robustness against adaptive attacks remains insufficiently evaluated, potentially creating a false sense of security. In this work, we...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/16 12:0 a.m.•51 views

How Vulnerable Are AI Agents to Indirect Prompt Injections? Insights from a Large-Scale Public Competition

LLM based agents are increasingly deployed in high stakes settings where they process external data sources such as emails, documents, and code repositories. This creates exposure to indirect prompt injection attacks, where adversarial instructions embedded in external content manipulate agent...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/16 12:0 a.m.•3 views

A Binary Classifier-Based Wire Resistance Attack on the KLJN Secure Key Exchanger

The statistical fluctuations of the mean-square noise voltages measured at Alice's and Bob's ends in the KLJN scheme are used to implement a binary classifier for a new type of wire resistance-based attack. The data are plotted on a two-dimensional graph, where the x- and y- axes represent the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/16 12:0 a.m.•3 views

The Impact of AI-Assisted Development on Software Security: A Study of Gemini and Developer Experience

The ongoing shortage of skilled developers, particularly in security-critical software development, has led organizations to increasingly adopt AI-powered development tools to boost productivity and reduce reliance on limited human expertise. These tools, often based on large language models, aim...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/16 12:0 a.m.•5 views

Evasive Intelligence: Lessons from Malware Analysis for Evaluating AI Agents

Artificial intelligence AI systems are increasingly adopted as tool-using agents that can plan, observe their environment, and take actions over extended time periods. This evolution challenges current evaluation practices where the AI models are tested in restricted, fully observable settings. I...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/16 12:0 a.m.•32 views

From Storage to Steering: Memory Control Flow Attacks on LLM Agents

Modern agentic systems allow Large Language Model LLM agents to tackle complex tasks through extensive tool usage, forming structured control flows of tool selection and execution. Existing security analyses often treat these control flows as ephemeral, one-off sessions, overlooking the persisten...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/16 12:0 a.m.•4 views

Hunting CUDA Bugs at Scale with cuFuzz

GPUs play an increasingly important role in modern software. However, the heterogeneous host-device execution model and expanding software stacks make GPU programs prone to memory-safety and concurrency bugs that evade static analysis. While fuzz-testing, combined with dynamic error checking tool...

6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/16 12:0 a.m.•34 views

Uncovering Security Threats and Architecting Defenses in Autonomous Agents: A Case Study of OpenClaw

The rapid evolution of Large Language Models LLMs into autonomous, tool-calling agents has fundamentally altered the cybersecurity landscape. Frameworks like OpenClaw grant AI systems operating-system-level permissions and the autonomy to execute complex workflows. This level of access creates...

6.1AI score
Exploits0
Total number of security vulnerabilities6803