Lucene search
K
PacketstormnewsRecent

6803 matches found

Packet Storm News
Packet Storm News
•added 2026/02/12 12:0 a.m.•5 views

Secrecy and Verifiability: An Introduction to Electronic Voting

Democracies are built upon secure and reliable voting systems. Electronic voting systems seek to replace ballot papers and boxes with computer hardware and software. Proposed electronic election schemes have been subjected to scrutiny, with researchers spotting inherent faults and weaknesses...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/12 12:0 a.m.•5 views

Agentic AI for Cybersecurity: A Meta-Cognitive Architecture for Governable Autonomy

Contemporary AI-driven cybersecurity systems are predominantly architected as model-centric detection and automation pipelines optimized for task-level performance metrics such as accuracy and response latency. While effective for bounded classification tasks, these architectures struggle to...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/12 12:0 a.m.•29 views

MalTool: Malicious Tool Attacks on LLM Agents

In a malicious tool attack, an attacker uploads a malicious tool to a distribution platform; once a user installs the tool and the LLM agent selects it during task execution, the tool can compromise the user's security and privacy. Prior work primarily focuses on manipulating tool names and...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•6 views

Kill It with FIRE: On Leveraging Latent Space Directions for Runtime Backdoor Mitigation in Deep Neural Networks

Machine learning models are increasingly present in our everyday lives; as a result, they become targets of adversarial attackers seeking to manipulate the systems we interact with. A well-known vulnerability is a backdoor introduced into a neural network by poisoned training data or a malicious...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•6 views

TRACE: Timely Retrieval and Alignment for Cybersecurity Knowledge Graph Construction and Expansion

The rapid evolution of cyber threats has highlighted significant gaps in security knowledge integration. Cybersecurity Knowledge Graphs CKGs relying on structured data inherently exhibit hysteresis, as the timely incorporation of rapidly evolving unstructured data remains limited, potentially...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•6 views

Agentic Knowledge Distillation: Autonomous Training of Small Language Models for SMS Threat Detection

SMS-based phishing smishing attacks have surged, yet training effective on-device detectors requires labelled threat data that quickly becomes outdated. To deal with this issue, we present Agentic Knowledge Distillation, which consists of a powerful LLM acts as an autonomous teacher that fine-tun...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•4 views

SecureScan: An AI-Driven Multi-Layer Framework for Malware and Phishing Detection Using Logistic Regression and Threat Intelligence Integration

The growing sophistication of modern malware and phishing campaigns has diminished the effectiveness of traditional signature-based intrusion detection systems. This work presents SecureScan, an AI-driven, triple-layer detection framework that integrates logistic regression-based classification,...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•13 views

Wazuh 4.14.3

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•7 views

Vulnerabilities in Partial TEE-Shielded LLM Inference with Precomputed Noise

The deployment of large language models LLMs on third-party devices requires new ways to protect model intellectual property. While Trusted Execution Environments TEEs offer a promising solution, their performance limits can lead to a critical compromise: using a precomputed, static secret basis ...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•6 views

Multi Layer Protection against Low Rate DDoS Attacks in Containerized Systems

Low rate Distributed Denial of Service DDoS attacks have emerged as a major threat to containerized cloud infrastructures. Due to their low traffic volumes, these attacks can be difficult to detect and mitigate, potentially causing serious harm to internet applications. This work proposes a DDoS...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•13 views

Security Threat Modeling for Emerging AI-Agent Protocols: A Comparative Analysis of MCP, A2A, Agora, and ANP

The rapid development of the AI agent communication protocols, including the Model Context Protocol MCP, Agent2Agent A2A, Agora, and Agent Network Protocol ANP, is reshaping how AI agents communicate with tools, services, and each other. While these protocols support scalable multi-agent...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•7 views

Practical Quantum Tokens: Challenges and Perspectives

The concept of quantum tokens dates back alongside quantum cryptography to Stephen Wiesner's seminal work in 19831. Already this initial work proposes society-relevant applications such as secure quantum banknotes, which can be exchanged between a bank and a customer. This quantum currency is bas...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•6 views

glibc 2.38 Buffer Overflow

This is a local privilege escalation exploit for CVE-2023-4911, also known as "Looney Tunables", caused by a buffer overflow in the glibc dynamic loader's environment variable parsing logic. The vulnerability is triggered by crafting a maliciously long GLIBCTUNABLES string which corrupts internal...

9.8CVSS6.5AI score0.81422EPSS
Exploits29
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•7 views

Security Assessment of Intel TDX with Support for Live Migration

In the second and third quarters of 2025, Google collaborated with Intel to conduct a security assessment of Intel Trust Domain Extensions TDX, extending Google's previous review and covering major changes since Intel TDX Module 1.0 - namely support for Live Migration and Trusted Domain TD...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•7 views

motionEye 0.43.1b4 Remote Code Execution

Client-side validation in motionEye's web UI can be bypassed via overriding the JS validation function. Arbitrary values including shell interpolation syntax can be saved into the motion config. When motion is restarted, the motion process interprets the config and can execute shell syntax embedd...

7.2CVSS5.9AI score0.18993EPSS
Exploits17
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•7 views

GoodVibe: Security-By-Vibe for LLM-Based Code Generation

Large language models LLMs are increasingly used for code generation in fast, informal development workflows, often referred to as vibe coding, where speed and convenience are prioritized, and security requirements are rarely made explicit. In this setting, models frequently produce functionally...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•6 views

Crontab Privilege Escalation

Two group crontab to root privilege separation bypasses were found. This is older research from 2017 that was missing from the archive...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•8 views

Jailbreaking Leaves a Trace: Understanding and Detecting Jailbreak Attacks from Internal Representations of Large Language Models

Jailbreaking large language models LLMs has emerged as a critical security challenge with the widespread deployment of conversational AI systems. Adversarial users exploit these models through carefully crafted prompts to elicit restricted or unsafe outputs, a phenomenon commonly referred to as...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•5 views

Optimizing Agent Planning for Security and Autonomy

Indirect prompt injection attacks threaten AI agents that execute consequential actions, motivating deterministic system-level defenses. Such defenses can provably block unsafe actions by enforcing confidentiality and integrity policies, but currently appear costly: they reduce task completion...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•8 views

H.265/HEVC Video Steganalysis Based on CU Block Structure Gradients and IPM Mapping

Existing H.265/HEVC video steganalysis research mainly focuses on statistical feature modeling at the levels of motion vectors MV, intra prediction modes IPM, or transform coefficients. In contrast, studies targeting the coding-structure level - especially the analysis of block-level steganograph...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/11 12:0 a.m.•7 views

VulReaD: Knowledge-Graph-Guided Software Vulnerability Reasoning and Detection

Software vulnerability detection SVD is a critical challenge in modern systems. Large language models LLMs offer natural-language explanations alongside predictions, but most work focuses on binary evaluation, and explanations often lack semantic consistency with Common Weakness Enumeration CWE...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•7 views

QRS: A Rule-Synthesizing Neuro-Symbolic Triad for Autonomous Vulnerability Discovery

Static Application Security Testing SAST tools are integral to modern DevSecOps pipelines, yet tools like CodeQL, Semgrep, and SonarQube remain fundamentally constrained: they require expert-crafted queries, generate excessive false positives, and detect only predefined vulnerability patterns...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•5 views

October 2025 Burp Cross Site Scripting Cheatsheet

This is Portswigger's really useful cross site scripting cheatsheet. Last updated in October of 2025...

4.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•4 views

FreeBSD Security Advisory - FreeBSD-SA-26:03.blocklistd

FreeBSD Security Advisory - Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a...

5.5AI score0.00359EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•4 views

SAFuzz: Semantic-Guided Adaptive Fuzzing for LLM-Generated Code

While AI-coding assistants accelerate software development, current testing frameworks struggle to keep pace with the resulting volume of AI-generated code. Traditional fuzzing techniques often allocate resources uniformly and lack semantic awareness of algorithmic vulnerability patterns, leading...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•7 views

OpenSSH 10.2p1 Authorized Keys Persistence Tool

This Metasploit Auxiliary module establishes persistent access to remote systems by adding an SSH public key to a target user's authorizedkeys file after successful authentication. The module requires valid SSH credentials password or private key and supports both Unix-like and Windows SSH...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•6 views

jsonpath 1.1.1 Prototype Pollution Scanner

jsonpath version 1.1.1 prototype pollution scanner that checks if a system is vulnerable to CVE-2025-61140 without any actual exploitation...

9.8CVSS5.5AI score0.00399EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•7 views

The Role of Learning in Attacking Intrusion Detection Systems

Recent work on network attacks have demonstrated that ML-based network intrusion detection systems NIDS can be evaded with adversarial perturbations. However, these attacks rely on complex optimizations that have large computational overheads, making them impractical in many real-world settings. ...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•4 views

OpenSSL 3.x Malicious AES‑GCM ASN.1 Parameter Injection

This C code is a security research proof of concept targeting OpenSSL's CMS Cryptographic Message Syntax handling. It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES-256-GCM, then injects a custom-crafted ASN.1 AESGCMPARAMETERS sequence with an abnormally lar...

9.8CVSS5.6AI score0.47621EPSS
Exploits7
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•21 views

GPU-Fuzz: Finding Memory Errors in Deep Learning Frameworks

GPU memory errors are a critical threat to deep learning DL frameworks, leading to crashes or even security issues. We introduce GPU-Fuzz, a fuzzer locating these issues efficiently by modeling operator parameters as formal constraints. GPU-Fuzz utilizes a constraint solver to generate test cases...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•31 views

When Handshakes Tell the Truth: Detecting Web Bad Bots Via TLS Fingerprints

Automated traffic continued to surpass human-generated traffic on the web, and a rising proportion of this automation was explicitly malicious. Evasive bots could pretend to be real users, even solve Captchas and mimic human interaction patterns. This work explores a less intrusive, protocol-leve...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•5 views

Protecting Context and Prompts: Deterministic Security for Non-Deterministic AI

Large Language Model LLM applications are vulnerable to prompt injection and context manipulation attacks that traditional security models cannot prevent. We introduce two novel primitives--authenticated prompts and authenticated context--that provide cryptographically verifiable provenance acros...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•12 views

StealthRL: Reinforcement Learning Paraphrase Attacks for Multi-Detector Evasion of AI-Text Detectors

AI-text detectors face a critical robustness challenge: adversarial paraphrasing attacks that preserve semantics while evading detection. We introduce StealthRL, a reinforcement learning framework that stress-tests detector robustness under realistic adversarial conditions. StealthRL trains a...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•10 views

Following Dragons: Code Review-Guided Fuzzing

Modern fuzzers scale to large, real-world software but often fail to exercise the program states developers consider most fragile or security-critical. Such states are typically deep in the execution space, gated by preconditions, or overshadowed by lower-value paths that consume limited fuzzing...

6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•6 views

Spinel: A Post-Quantum Signature Scheme Based on SLn(Fp) Hashing

The advent of quantum computation compels the cryptographic community to design digital signature schemes whose security extends beyond the classical hardness assumptions. In this work, we introduce Spinel, a post-quantum digital signature scheme that combines the proven security of SPHINCS+ CCS...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•12 views

LLM-FS: Zero-Shot Feature Selection for Effective and Interpretable Malware Detection

Feature selection FS remains essential for building accurate and interpretable detection models, particularly in high-dimensional malware datasets. Conventional FS methods such as Extra Trees, Variance Threshold, Tree-based models, Chi-Squared tests, ANOVA, Random Selection, and Sequential...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•6 views

Breaking 5G on the Lower Layer

As 3GPP systems have strengthened security at the upper layers of the cellular stack, plaintext PHY and MAC layers have remained relatively understudied, though interest in them is growing. In this work, we explore lower-layer exploitation in modern 5G, where recent releases have increased the...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•4 views

I2P 2.11.0

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•5 views

Robust Vision Systems for Connected and Autonomous Vehicles: Security Challenges and Attack Vectors

This article investigates the robustness of vision systems in Connected and Autonomous Vehicles CAVs, which is critical for developing Level-5 autonomous driving capabilities. Safe and reliable CAV navigation undeniably depends on robust vision systems that enable accurate detection of objects,...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•6 views

When Skills Lie: Hidden-Comment Injection in LLM Agents

LLM agents often rely on Skills to describe available tools and recommended procedures. We study a hidden-comment prompt injection risk in this documentation layer: when a Markdown Skill is rendered to HTML, HTML comment blocks can become invisible to human reviewers, yet the raw text may still b...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•16 views

Rethinking Security of Diffusion-Based Generative Steganography

Generative image steganography is a technique that conceals secret messages within generated images, without relying on pre-existing cover images. Recently, a number of diffusion model-based generative image steganography DM-GIS methods have been introduced, which effectively combat traditional...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•4 views

GNU Transport Layer Security Library 3.8.12

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS 12, OpenPGP, and other...

5.3CVSS5.4AI score0.01382EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•10 views

Next.js 15.2.3 Middleware Bypass Scanner

A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests, potentially allowing attackers to bypass authentication. This is a scanner to test version 15.2.3...

9.1CVSS5.5AI score0.99301EPSS
Exploits58
Packet Storm News
Packet Storm News
•added 2026/02/10 12:0 a.m.•16 views

SecCodePRM: A Process Reward Model for Code Security

Large Language Models are rapidly becoming core components of modern software development workflows, yet ensuring code security remains challenging. Existing vulnerability detection pipelines either rely on static analyzers or use LLM/GNN-based detectors trained with coarse program-level...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/09 12:0 a.m.•6 views

DyMA-Fuzz: Dynamic Direct Memory Access Abstraction for Re-Hosted Monolithic Firmware Fuzzing

The rise of smart devices in critical domains--including automotive, medical, industrial--demands robust firmware testing. Fuzzing firmware in re-hosted environments is a promising method for automated testing at scale, but remains difficult due to the tight coupling of code with a...

6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/09 12:0 a.m.•5 views

XMap: Fast Internet-Wide IPv4 and IPv6 Network Scanner

XMap is an open-source network scanner designed for performing fast Internet-wide IPv4 and IPv6 network research scanning. XMap was initially developed as the research artifact of a paper published at 2021 IEEE/IFIP International Conference on Dependable Systems and Networks DSN '21 and then made...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/09 12:0 a.m.•7 views

Reverse Online Guessing Attacks on PAKE Protocols

Though not yet widely deployed, password-authenticated key exchange PAKE protocols have been the subject of several recent standardization efforts, partly because of their resistance against various guessing attacks, but also because they do not require a public-key infrastructure PKI, making the...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/09 12:0 a.m.•5 views

Framework for Integrating Zero Trust in Cloud-Based Endpoint Security for Critical Infrastructure

Cyber threats have become highly sophisticated, prompting a heightened concern for endpoint security, especially in critical infrastructure, to new heights. A security model, such as Zero Trust Architecture ZTA, is required to overcome this challenge. ZTA treats every access request as new and...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/09 12:0 a.m.•7 views

libssh 0.7.6 Advanced SSH Security Testing Tool

This is an advanced SSH security testing tool for libssh that provides robust session management, signal handling, safe memory management, and multiple operational modes while also checking banners to see if libssh is vulnerable to CVE-2018-10933...

9.1CVSS5.5AI score0.91789EPSS
Exploits11
Packet Storm News
Packet Storm News
•added 2026/02/09 12:0 a.m.•6 views

Exploring Semantic Labeling Strategies for Third-Party Cybersecurity Risk Assessment Questionnaires

Third-Party Risk Assessment TPRA is a core cybersecurity practice for evaluating suppliers against standards such as ISO/IEC 27001 and NIST. TPRA questionnaires are typically drawn from large repositories of security and compliance questions, yet tailoring assessments to organizational needs...

5.5AI score
Exploits0
Total number of security vulnerabilities6803