Lucene search
K
PacketstormnewsRecent

6819 matches found

Packet Storm News
Packet Storm News
•added 2026/02/05 12:0 a.m.•6 views

Entropy Bounds Via Hypothesis Testing and Its Applications to Two-Way Key Distillation in Quantum Cryptography

Quantum key distribution QKD achieves information-theoretic security, without relying on computational assumptions, by distributing quantum states. To establish secret bits, two honest parties exploit key distillation protocols over measurement outcomes resulting after the the distribution of...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/05 12:0 a.m.•8 views

Characterizing and Modeling the GitHub Security Advisories Review Pipeline

GitHub Security Advisories GHSA have become a central component of open-source vulnerability disclosure and are widely used by developers and security tools. A distinctive feature of GHSA is that only a fraction of advisories are reviewed by GitHub, while the mechanisms associated with this revie...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/05 12:0 a.m.•9 views

Microsoft Windows 10 DLL Hijacking Scanner

This PHP class provides a security assessment tool for detecting potential DLL hijacking vulnerabilities on Windows systems. It's designed for educational and defensive security purposes only. that can be exploited on many recent versions of Windows 10, Windows 11, Windows Server 2022...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/05 12:0 a.m.•11 views

Deep Learning for Contextualized NetFlow-Based Network Intrusion Detection: Methods, Data, Evaluation and Deployment

Network Intrusion Detection Systems NIDS have progressively shifted from signature-based techniques toward machine learning and, more recently, deep learning methods. Meanwhile, the widespread adoption of encryption has reduced payload visibility, weakening inspection pipelines that depend on...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/05 12:0 a.m.•8 views

Persistent Human Feedback, LLMs, and Static Analyzers for Secure Code Generation and Vulnerability Detection

Existing literature heavily relies on static analysis tools to evaluate LLMs for secure code generation and vulnerability detection. We reviewed 1,080 LLM-generated code samples, built a human-validated ground-truth, and compared the outputs of two widely used static security tools, CodeQL and...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/05 12:0 a.m.•5 views

GNSS SpAmming: A Spoofing-Based GNSS Denial-Of-Service Attack

GNSSs are vulnerable to attacks of two kinds: jamming i.e. denying access to the signal and spoofing i.e. impersonating a legitimate satellite. These attacks have been extensively studied, and we have a myriad of countermeasures to mitigate them. In this paper we expose a new type of attack:...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/04 12:0 a.m.•4 views

Availability Attacks without an Adversary: Evidence from Enterprise LANs

Denial-of-Service DoS conditions in enterprise networks are commonly attributed to malicious actors. However, availability can also be compromised by benign non-malicious insider behavior. This paper presents an empirical study of a production enterprise LAN that demonstrates how routine docking...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/04 12:0 a.m.•7 views

Cockpit CMS 0.13.0 Multi-Endpoint Injection Scanner

Cockpit CMS version 0.13.0 multi-endpoint injection scanner. This tool is a defensive security scanner designed to safely assess web application endpoints for potential input-validation and injection weaknesses without executing any commands. It sends non-executable canary payloads through...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/04 12:0 a.m.•16 views

CVE-Factory: Scaling Expert-Level Agentic Tasks for Code Security Vulnerability

CVE-Factory is a Multi-Agent system for fully automated, end-to-end CVE reproduction. Given CVE records, the system automatically researches details, generates test cases, builds Docker environments, and validates that each vulnerability can be both exploited and patched. The pipeline transforms...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/04 12:0 a.m.•6 views

Inference-Time Backdoors Via Hidden Instructions in LLM Chat Templates

Open-weight language models are increasingly used in production settings, raising new security challenges. One prominent threat in this context is backdoor attacks, in which adversaries embed hidden behaviors in language models that activate under specific conditions. Previous work has assumed th...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/04 12:0 a.m.•37 views

Crypto-RV: High-Efficiency FPGA-Based RISC-V Cryptographic Co-Processor for IoT Security

Cryptographic operations are critical for securing IoT, edge computing, and autonomous systems. However, current RISC-V platforms lack efficient hardware support for comprehensive cryptographic algorithm families and post-quantum cryptography. This paper presents Crypto-RV, a RISC-V co-processor...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/04 12:0 a.m.•6 views

Hallucination-Resistant Security Planning with a Large Language Model

Large language models LLMs are promising tools for supporting security management tasks, such as incident response planning. However, their unreliability and tendency to hallucinate remain significant challenges. In this paper, we address these challenges by introducing a principled framework for...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/04 12:0 a.m.•6 views

Post-Quantum Identity-Based TLS for 5G Service-Based Architecture and Cloud-Native Infrastructure

Cloud-native application platforms and latency-sensitive systems such as 5G Core networks rely heavily on certificate-based Public Key Infrastructure PKI and mutual TLS to secure service-to-service communication. While effective, this model introduces significant operational and performance...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/04 12:0 a.m.•7 views

Bypassing AI Control Protocols Via Agent-As-A-Proxy Attacks

As AI agents automate critical workloads, they remain vulnerable to indirect prompt injection IPI attacks. Current defenses rely on monitoring protocols that jointly evaluate an agent's Chain-of-Thought CoT and tool-use actions to ensure alignment with user intent. We demonstrate that these...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/04 12:0 a.m.•24 views

Trojan Attacks on Neural Network Controllers for Robotic Systems

Neural network controllers are increasingly deployed in robotic systems for tasks such as trajectory tracking and pose stabilization. However, their reliance on potentially untrusted training pipelines or supply chains introduces significant security vulnerabilities. This paper investigates...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/03 12:0 a.m.•7 views

Reading between the Code Lines: On the Use of Self-Admitted Technical Debt for Security Analysis

Static Analysis Tools SATs are central to security engineering activities, as they enable early identification of code weaknesses without requiring execution. However, their effectiveness is often limited by high false-positive rates and incomplete coverage of vulnerability classes. At the same...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/03 12:0 a.m.•5 views

Cyber Insurance, Audit, and Policy: Review, Analysis and Recommendations

Cyber insurance, which protects insured organizations against financial losses from cyberattacks and data breaches, can be difficult and expensive to obtain for many organizations. These difficulties stem from insurers difficulty in understanding and accurately assessing the risks that they are...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/03 12:0 a.m.•5 views

Mopri - an Analysis Framework for Unveiling Privacy Violations in Mobile Apps

Everyday services of society increasingly rely on mobile applications, resulting in a conflicting situation between the possibility of participation on the one side and user privacy and digital freedom on the other. In order to protect users' rights to informational self-determination, regulatory...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/03 12:0 a.m.•9 views

AIDE 0.19.3

AIDE Advanced Intrusion Detection Environment is a free replacement for Tripwiretm. It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms ...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/03 12:0 a.m.•10 views

Can Developers Rely on LLMs for Secure IaC Development?

We investigated the capabilities of GPT-4o and Gemini 2.0 Flash for secure Infrastructure as Code IaC development. For security smell detection, on the Stack Overflow dataset, which primarily contains small, simplified code snippets, the models detected at least 71% of security smells when prompt...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/03 12:0 a.m.•3 views

Steganographic Information Hiding Via Symmetric Numerical Semigroups

We introduce a steganographic information hiding scheme based on structural properties of numerical semigroups arising from the Frobenius coin problem. Instead of encoding data through representable integers, the proposed protocol embeds information into the gap structure of carefully chosen...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/03 12:0 a.m.•12 views

Reference-Free EM Validation Flow for Detecting Triggered Hardware Trojans

Hardware Trojans HTs threaten the trust and reliability of integrated circuits ICs, particularly when triggered HTs remain dormant during standard testing and activate only under rare conditions. Existing electromagnetic EM side-channel-based detection techniques often rely on golden references o...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/03 12:0 a.m.•6 views

I Can't Believe It's Not a Valid Exploit

Recently Large Language Models LLMs have been used in security vulnerability detection tasks including generating proof-of-concept PoC exploits. A PoC exploit is a program used to demonstrate how a vulnerability can be exploited. Several approaches suggest that supporting LLMs with additional...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•3 views

ImpressCMS 1.3.10 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in ImpressCMS version 1.3.10, including both reflected and persistent cross site scripting. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•4 views

phpMemAdmin Cross Site Scripting

A cross site scripting vulnerability exists in phpMemAdmin. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•4 views

Microweber 1.0.8 Reflected Cross Site Scripting

A reflected cross site scripting vulnerability exists in Microweber CMS version 1.0.8. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•5 views

OrangeForum 1.4.0 Open Redirection

An open redirection vulnerability exists in OrangeForum version 1.4.0. The vulnerability allows remote attackers to redirect users to arbitrary external websites. This issue is older research added to the archive...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

IlchCMS 2.1.37 Cross Site Scripting

A cross site scripting vulnerability exists in IlchCMS version 2.1.37. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

TWiki 6.0.1 Cross Site Scripting

A cross site scripting vulnerability exists in TWiki version 6.0.1 via the WebSearch functionality. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.01903EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

Flat Nuke 3.1.2 Cross Site Scripting

A cross site scripting vulnerability exists in Flat Nuke version 3.1.2. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•5 views

The Bug Genie 3.2.7.1 Cross Site Scripting

A cross site scripting vulnerability exists in The Bug Genie version 3.2.7.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

MyLittleForum 2.3.5 Cross Site Scripting

Multiple Reflected cross site scripting vulnerabilities exist in MyLittleForum version 2.3.5. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•14 views

Concrete5 5.7.3.1 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in Concrete5 CMS version 5.7.3.1. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.02111EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

MailPoet Newsletters 2.6.19 Cross Site Scripting

A cross site scripting vulnerability exists in MailPoet Newsletters WordPress Plugin version 2.6.19. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.0107EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•5 views

Subrion CMS 3.2.2 Cross Site Scripting

A cross site scripting vulnerability exists in Subrion CMS version 3.2.2. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.0099EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

Plikli CMS 4.0.0 Blind SQL Injection

A blind SQL injection vulnerability exists in Plikli CMS version 4.0.0. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This is older research added to the archive...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•11 views

Co-RedTeam: Orchestrated Security Discovery and Exploitation with LLM Agents

Large language models LLMs have shown promise in assisting cybersecurity tasks, yet existing approaches struggle with automatic vulnerability discovery and exploitation due to limited interaction, weak execution grounding, and a lack of experience reuse. We propose Co-RedTeam, a security-aware...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

phpMoAdmin Cross Site Scripting

A cross site scripting vulnerability exists in phpMoAdmin. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•13 views

Malware Detection through Memory Analysis

This paper summarizes the research conducted for a malware detection project using the Canadian Institute for Cybersecurity's MalMemAnalysis-2022 dataset. The purpose of the project was to explore the effectiveness and efficiency of machine learning techniques for the task of binary classificatio...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

QuietPrint: Protecting 3D Printers against Acoustic Side-Channel Attacks

The 3D printing market has experienced significant growth in recent years, with an estimated revenue of 15 billion USD for 2025. Cyber-attacks targeting the 3D printing process whether through the machine itself, the supply chain, or the fabricated components are becoming increasingly common. One...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•4 views

Storytlr 1.2.0 Cross Site Scripting

Multiple reflected cross site scripting vulnerabilities exist in Storytlr version 1.2.0. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•5 views

Plikli CMS 4.0.0 Cross Site Scripting

A cross site scripting vulnerability exists in Plikli CMS version 4.0.0. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•4 views

Benchmarking Large Language Models for Zero-Shot and Few-Shot Phishing URL Detection

The Uniform Resource Locator URL, introduced in a connectivity-first era to define access and locate resources, remains historically limited, lacking future-proof mechanisms for security, trust, or resilience against fraud and abuse, despite the introduction of reactive protections like HTTPS...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•5 views

TestLink 1.9.13 Cross Site Scripting

A cross site scripting vulnerability exists in TestLink version 1.9.13. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

Geeklog 2.2.1 Cross Site Scripting

A cross site scripting vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•25 views

DF-LoGiT: Data-Free Logic-Gated Backdoor Attacks in Vision Transformers

The widespread adoption of Vision Transformers ViTs elevates supply-chain risk on third-party model hubs, where an adversary can implant backdoors into released checkpoints. Existing ViT backdoor attacks largely rely on poisoned-data training, while prior data-free attempts typically require...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•12 views

WordPress Google Analyticator Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in Google Analyticator WordPress plugin versions prior to 6.4.9.6. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.02671EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

The Trigger in the Haystack: Extracting and Reconstructing LLM Backdoor Triggers

Detecting whether a model has been poisoned is a longstanding problem in AI security. In this work, we present a practical scanner for identifying sleeper agent-style backdoors in causal language models. Our approach relies on two key findings: first, sleeper agents tend to memorize poisoning dat...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•23 views

SysFuSS: System-Level Firmware Fuzzing with Selective Symbolic Execution

Firmware serves as the critical interface between hardware and software in computing systems, making any bugs or vulnerabilities particularly dangerous as they can cause catastrophic system failures. While fuzzing is a promising approach for identifying design flaws and security vulnerabilities,...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•9 views

Booked Scheduler 2.5.15 Cross Site Request Forgery

A cross site request forgery vulnerability exists in Booked Scheduler version 2.5.15. The vulnerability allows remote attackers to perform unauthorized actions on behalf of authenticated users. This issue is older research added to the archive...

5.2AI score
Exploits0
Total number of security vulnerabilities6819