Lucene search
K
PacketstormnewsRecent

6803 matches found

Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•3 views

Risk-Adjusted Harm Scoring for Automated Red Teaming for LLMs in Financial Services

The rapid adoption of large language models LLMs in financial services introduces new operational, regulatory, and security risks. Yet most red-teaming benchmarks remain domain-agnostic and fail to capture failure modes specific to regulated BFSI settings, where harmful behavior can be elicited...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•9 views

Adversarial Reinforcement Learning for Detecting False Data Injection Attacks in Vehicular Routing

In modern transportation networks, adversaries can manipulate routing algorithms using false data injection attacks, such as simulating heavy traffic with multiple devices running crowdsourced navigation applications, to mislead vehicles toward suboptimal routes and increase congestion. To addres...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•4 views

Silent Subversion: Sensor Spoofing Attacks Via Supply Chain Implants in Satellite Systems

Spoofing attacks are among the most destructive cyber threats to terrestrial systems, and they become even more dangerous in space, where satellites cannot be easily serviced, and operators depend on accurate telemetry to ensure mission success. When telemetry is compromised, entire spaceborne...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•7 views

FP-Predictor - False Positive Prediction for Static Analysis Reports

Static Application Security Testing SAST tools play a vital role in modern software development by automatically detecting potential vulnerabilities in source code. However, their effectiveness is often limited by a high rate of false positives, which wastes developer's effort and undermines trus...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•2 views

Microsoft Graph Advanced Intelligence Collector

This Metasploit auxiliary module interacts with the Microsoft Graph API to perform advanced intelligence collection in Microsoft 365 environments. The module supports Azure AD application authentication or direct access tokens and enables enumeration of Azure users, SharePoint sites, OneDrive...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•3 views

Security-By-Design for LLM-Based Code Generation: Leveraging Internal Representations for Concept-Driven Steering Mechanisms

Large Language Models LLMs show remarkable capabilities in understanding natural language and generating complex code. However, as practitioners adopt CodeLLMs for increasingly critical development tasks, research reveals that these models frequently generate functionally correct yet insecure cod...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•41 views

The Attack and Defense Landscape of Agentic AI: A Comprehensive Survey

AI agents that combine large language models with non-AI system components are rapidly emerging in real-world applications, offering unprecedented automation and flexibility. However, this unprecedented flexibility introduces complex security challenges fundamentally different from those in...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•3 views

Microsoft Graph Cloud Intelligence Collector

The Microsoft Graph Cloud Intelligence Collector is a Metasploit Auxiliary module designed to interact with the Microsoft Graph API to gather information from Microsoft 365 and Microsoft Azure Active Directory environments. The module authenticates using the OAuth2 Client Credentials flow with a...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•3 views

Advanced Python Payload Encryption Framework with Hybrid Cryptography Steganography and Anti‑Debugging

This Python program implements an advanced payload protection framework that combines multiple security and obfuscation techniques to encrypt, package, and distribute Python code. The framework supports hybrid encryption, multi‑key protection, anti‑debugging checks, and optional steganographic...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•11 views

AttriGuard: Defeating Indirect Prompt Injection in LLM Agents Via Causal Attribution of Tool Invocations

LLM agents are highly vulnerable to Indirect Prompt Injection IPI, where adversaries embed malicious directives in untrusted tool outputs to hijack execution. Most existing defenses treat IPI as an input-level semantic discrimination problem, which often fails to generalize to unseen payloads. We...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•2 views

Dynamic Python Payload Encryption Framework with Loader Generator

This Python program implements a small payload framework designed to encrypt, decrypt, analyze, and execute Python code using layered encoding and obfuscation techniques. It also automatically generates a self‑contained loader capable of restoring and executing the protected payload...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•6 views

SharePoint / OneDrive Explorer via Microsoft Graph API

The SharePoint / OneDrive Explorer is a Metasploit Auxiliary module designed to interact with Microsoft Graph API in order to explore and retrieve information from Microsoft SharePoint and Microsoft OneDrive environments. The module authenticates using OAuth2 Client Credentials with a Tenant ID,...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•5 views

Enhancing Network Intrusion Detection Systems: A Multi-Layer Ensemble Approach to Mitigate Adversarial Attacks

Adversarial examples can represent a serious threat to machine learning ML algorithms. If used to manipulate the behaviour of ML-based Network Intrusion Detection Systems NIDS, they can jeopardize network security. In this work, we aim to mitigate such risks by increasing the robustness of NIDS...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•20 views

LROO Rug Pull Detector: A Leakage-Resistant Framework Based on On-Chain and OSINT Signals

Smart contract-based ecosystems enable decentralized applications without trusted intermediaries, but their immutability and permissionless design also facilitate large-scale fraud. One of the most prevalent attacks is the rug pull, where project operators abruptly withdraw liquidity after...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•4 views

D-SLAMSpoof: An Environment-Agnostic LiDAR Spoofing Attack Using Dynamic Point Cloud Injection

In this work, we introduce Dynamic SLAMSpoof D-SLAMSpoof, a novel attack that compromises LiDAR SLAM even in feature-rich environments. The attack leverages LiDAR spoofing, which injects spurious measurements into LiDAR scans through external laser interference. By designing both spatial injectio...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•5 views

Incremental Federated Learning for Intrusion Detection in IoT Networks under Evolving Threat Landscape

The expansion of Internet of Things IoT devices has increased the attack surface of networks, necessitating a robust and adaptive intrusion detection systems. Machine learning based systems have been considered promising in enhancing the detection performance. Federated learning settings enabled ...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•3 views

Layered Performance Analysis of TLS 1.3 Handshakes: Classical, Hybrid, and Pure Post-Quantum Key Exchange

In this paper, we present a laboratory study focused on the impact of post-quantum cryptography PQC algorithms on multiple layers of stateful HTTP over TLS transactions: the TCP handshake, the intermediate TCP-TLS layer, the TLS handshake, the intermediate TLS layer, and the HTTP application laye...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•3 views

QuaNTUM: A Modular Quantum Communication Testbed for Scalable Fiber and Satellite Integration

Secure communication is essential for modern society, from financial transactions to critical infrastructure. As classical encryption faces threats from advancing computational power, quantum communication provides a fundamentally secure alternative based on physical laws. We present QuaNTUM...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•3 views

Multi‑Layer Python Payload Encryptor, Decryptor, and Loader Generator

This Python program is a utility designed to encrypt, decrypt, and package Python payloads using multiple layers of encoding and obfuscation. It provides a simple command‑line menu that allows users to convert a Python script into an encoded payload and automatically generate a loader that can...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•4 views

Systematic Scaling Analysis of Jailbreak Attacks in Large Language Models

Large language models remain vulnerable to jailbreak attacks, yet we still lack a systematic understanding of how jailbreak success scales with attacker effort across methods, model families, and harm types. We initiate a scaling-law framework for jailbreaks by treating each attack as a...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/11 12:0 a.m.•4 views

TOSSS: A CVE-Based Software Security Benchmark for Large Language Models

With their increasing capabilities, Large Language Models LLMs are now used across many industries. They have become useful tools for software engineers and support a wide range of development tasks. As LLMs are increasingly used in software development workflows, a critical question arises: are...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•5 views

WebDAV Advanced Penetration Testing Script

This Python-based WebDAV penetration testing script tests methods available, attempts directory listing with PROPFIND, file upload with PUT, and more...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•3 views

Robust Provably Secure Image Steganography Via Latent Iterative Optimization

We propose a robust and provably secure image steganography framework based on latent-space iterative optimization. Within this framework, the receiver treats the transmitted image as a fixed reference and iteratively refines a latent variable to minimize the reconstruction error, thereby improvi...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•4 views

Multilingual AI-Driven Password Strength Estimation with Similarity-Based Detection

Considering the rise of cyberattacks incidents worldwide, the need to ensure stronger passwords is necessary. Developing a password strength meter PSM can help users create stronger passwords when creating an account on an online platform. This research aimed to explore whether incorporating a...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•3 views

PixelConfig: Longitudinal Measurement and Reverse-Engineering of Meta Pixel Configurations

Tracking pixels are used to optimize online ad campaigns through personalization, re-targeting, and conversion tracking. Past research has primarily focused on detecting the prevalence of tracking pixels on the web, with limited attention to how they are configured across websites. A tracking pix...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•3 views

Enhanced Security in Quantum Token Protocols Using Hybrid Spin-Photon Interfaces

Quantum token protocols enable unforgeable quantum tokens promising unconditional security beyond classical cryptographic assumptions. We show here that the three stages of the Quantum token protocols involving the preparation, storage and verification can be made more secure when involving...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•7 views

CLIOPATRA: Extracting Private Information from LLM Insights

As AI assistants become widely used, privacy-aware platforms like Anthropic's Clio have been introduced to generate insights from real-world AI use. Clio's privacy protections rely on layering multiple heuristic techniques together, including PII redaction, clustering, filtering, and LLM-based...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•5 views

External Entropy Supply for IoT Devices Employing a RISC-V Trusted Execution Environment

Entropy--a measure of randomness--is compulsory for the generation of secure cryptographic keys; however, Internet of Things IoT devices that are small or constrained often struggle to collect suf ficient entropy. In this article, we solve the entropy provisioning problem for a fleet of IoT devic...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•21 views

MCP-In-SoS: Risk Assessment Framework for Open-Source MCP Servers

Model Context Protocol MCP servers have rapidly emerged over the past year as a widely adopted way to enable Large Language Model LLM agents to access dynamic, real-world tools. As MCP servers proliferate and become easy to adopt via open-source releases, understanding their security risks become...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•4 views

Game-Theoretic Modeling of Stealthy Intrusion Defense against MDP-Based Attackers

The rapid expansion of Internet use has increased system exposure to cyber threats, with advanced persistent threats APTs being especially challenging due to their stealth, prolonged duration, and multi-stage attacks targeting high-value assets. In this study, we model APT evolution as a strategi...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•4 views

Execution Is the New Attack Surface: Survivability-Aware Agentic Crypto Trading with OpenClaw-Style Local Executors

OpenClaw-style agent stacks turn language into privileged execution: LLM intents flow through tool interception, policy gates, and a local executor. In parallel, skill marketplaces such as skills.sh make capability acquisition as easy as installing skills and CLIs, creating a growing capability...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•5 views

PRoADS: Provably Secure and Robust Audio Diffusion Steganography with Latent Optimization and Backward Euler Inversion

This paper proposes PRoADS, a provably secure and robust audio steganographic framework based on audio diffusion models. As a generative steganography scheme, PRoADS embeds secret messages into the initial noise of diffusion models via orthogonal matrix projection. To address the reconstruction...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•5 views

Why LLMs Fail: A Failure Analysis and Partial Success Measurement for Automated Security Patch Generation

Large Language Models LLMs show promise for Automated Program Repair APR, yet their effectiveness on security vulnerabilities remains poorly characterized. This study analyzes 319 LLM-generated security patchesacross 64 Java vulnerabilities from the Vul4J benchmark. Using tri-axis evaluation...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•3 views

Vertex AI Experiments Bucket Squatting Defensive Scanner

The Vertex AI Bucket Squatting Defensive Scanner is a security assessment tool designed to detect potential Google Cloud Storage bucket hijacking risks related to predictable naming patterns in Vertex AI experiment workflows. Instead of exploiting the vulnerability, this defensive version perform...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•2 views

Measuring Onion Website Discovery and Tor Users' Interests with Honeypots

Tor enables anonymous web browsing and access to anonymous onion websites. Prior work has focused on crawling and content analysis rather than on what users actually try to access. Our honeypot approach measures engagement across onion-site categories, revealing behavioral interest rather than...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•6 views

An Analysis of Modern Web Security Vulnerabilities Inside WebAssembly Applications

The growth in the adoption of the WebAssembly WASM standard has given rise to a rapidly increasing landscape of binary applications that are natively ported to the environment of websites. The flexibility of WASM has made it the preferred way to run fast and resource-heavy applications, replacing...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•4 views

Vertex AI SDK 1.131.0 Cross Site Scripting Scanner

This script is a defensive behavioral security scanner designed to test whether HTML reports generated by the internal visualization module of the google-cloud-aiplatform part of Google Cloud improperly render unescaped user-controlled input...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•5 views

FalconEYE 2.1.0

FalconEYE represents a paradigm shift in static code analysis. Instead of relying on predefined vulnerability patterns, it leverages large language models to reason about your code the same way a security expert would, understanding context, intent, and subtle security implications that tradition...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/10 12:0 a.m.•17 views

ProvAgent: Threat Detection Based on Identity-Behavior Binding and Multi-Agent Collaborative Attack Investigation

Advanced Persistent Threats APTs pose critical challenges to modern cybersecurity due to their multi-stage and stealthy nature. While provenance-based detection approaches show promise in capturing causal attack semantics, current threat provenance practices face two paradoxical issues: 1 expert...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/09 12:0 a.m.•4 views

SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction

Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/09 12:0 a.m.•5 views

A Comparative Study of Recent Advances in Internet of Intrusion Detection Things

The Internet of Things IoT has revolutionized the way devices communicate and interact with each other, but it has also created new challenges in terms of security. In this context, intrusion detection has become a crucial mechanism to ensure the safety of IoT systems. To address this issue, a...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/09 12:0 a.m.•5 views

TLS 1.3 SNI Scanner

A command-line PHP vulnerability testing tool was developed to analyze TLS behavior through observation and logical reasoning, rather than relying on fixed rules or CVE numbers. The tool establishes multiple TLS connections to the same server and port using different SNI values. It then compares...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/09 12:0 a.m.•4 views

Cybersecurity AI: Hacking Consumer Robots in the AI Era

Is robot cybersecurity broken by AI? Consumer robots -- from autonomous lawnmowers to powered exoskeletons and window cleaners -- are rapidly entering homes and workplaces, yet their security remains rooted in assumptions of specialized attacker expertise. This paper presents evidence that...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/09 12:0 a.m.•4 views

WAV Fuzzer 1.0

This script is a fuzzer tool for WAV file processing programs that targets memory corruption vulnerabilities...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/09 12:0 a.m.•7 views

SlowBA: An Efficiency Backdoor Attack Towards VLM-Based GUI Agents

Modern vision-language-model VLM based graphical user interface GUI agents are expected not only to execute actions accurately but also to respond to user instructions with low latency. While existing research on GUI-agent security mainly focuses on manipulating action correctness, the security...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/09 12:0 a.m.•4 views

OAuthHub: Mitigating OAuth Data Overaccess through a Local Data Hub

Most OAuth service providers, such as Google and Microsoft, offer only a limited range of coarse-grained data access. As a result, third-party OAuth applications often end up accessing more user data than necessary, even if their developers want to minimize data access. We present OAuthHub, a...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/09 12:0 a.m.•8 views

M365Pwned Red Team Tool

M365Pwned is two WinForms GUI tools for enumerating, searching, and exfiltrating data from Microsoft 365 environments using application-level OAuth tokens without any user interaction required...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/09 12:0 a.m.•4 views

AgenticCyOps: Securing Multi-Agentic AI Integration in Enterprise Cyber Operations

Multi-agent systems MAS powered by LLMs promise adaptive, reasoning-driven enterprise workflows, yet granting agents autonomous control over tools, memory, and communication introduces attack surfaces absent from deterministic pipelines. While current research largely addresses prompt-level...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/09 12:0 a.m.•3 views

Towards Modeling Cybersecurity Behavior of Humans in Organizations

We undertake a comprehensive and structured synthesis of the drivers of human behavior in cybersecurity, focusing specifically on people within organizations i.e., especially employees in companies, and integrate key concepts such as awareness, security culture, and usability into a coherent...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/03/09 12:0 a.m.•4 views

SoK: Harmonizing Attack Graphs and Intrusion Detection Systems

Detecting and responding to cyber attacks is increasingly difficult as high-volume, complex network traffic allows threats to remain concealed. While Intrusion Detection Systems IDSs identify anomalous behavior, Attack Graphs AGs serve as the primary threat model for analyzing attacker strategies...

5.8AI score
Exploits0
Total number of security vulnerabilities6803