Lucene search
K
PacketstormnewsRecent

6819 matches found

Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•4 views

ElkArte 1.1.0 Cross Site Scripting

A cross site scripting vulnerability exists in ElkArte Forum version 1.1.0. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

TestLink 1.9.13 SQL Injection

A SQL injection vulnerability exists in TestLink version 1.9.13. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This issue is older research added to the archive...

9.8CVSS6.1AI score0.01589EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•10 views

WordPress Blubrry PowerPress 6.0 Cross Site Scripting

A cross site scripting vulnerability exists in Blubrry PowerPress WordPress Plugin version 6.0. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.02237EPSS
Exploits3
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•5 views

SpiderFoot 2.7.1 Cross Site Scripting

Multiple reflected cross site scripting vulnerabilities exist in SpiderFoot version 2.7.1. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•5 views

HTMLy Cross Site Scripting

A cross site scripting vulnerability exists in HTMLy CMS. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•8 views

Yii Framework 2.0.9 Reflected Cross Site Scripting

A reflected cross site scripting vulnerability exists in Yii Framework version 2.0.9 and earlier versions before 2.0.14. The vulnerability exists in the error handler component. This issue is older research added to the archive...

7.5CVSS4.9AI score0.02859EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•5 views

Eventum 3.3.4 Open Redirection

An open redirection vulnerability exists in Eventum Issue Tracker version 3.3.4. The vulnerability allows remote attackers to redirect users to arbitrary external websites. This issue is older research added to the archive...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•10 views

miniBB 3.1 Cross Site Scripting

A cross site scripting vulnerability exists in miniBB Forum version 3.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

TWiki 6.0.1 Cross Site Scripting

A cross site scripting vulnerability exists in TWiki version 6.0.1 via the QUERYSTRING parameter. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

4.3CVSS5.2AI score0.01903EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•8 views

FreshRSS 1.11.1 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in FreshRSS version 1.11.1. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

SOPlanning 1.41 SQL Injection

A SQL injection vulnerability exists in SOPlanning version 1.41. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This issue is older research added to the archive...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•4 views

Openbiz Cubi SQL Injection

Multiple SQL injection vulnerabilities exist in Openbiz Cubi. These vulnerabilities allow remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research added to the archive...

6.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•5 views

Openbiz Cubi Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in Openbiz Cubi. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

TikiWiki 17.1 Cross Site Scripting

A cross site scripting vulnerability exists in TikiWiki CMS version 17.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•5 views

e107 2.0 Cross Site Scripting / SQL Injection

Multiple vulnerabilities including cross site scripting and SQL injection exist in e107 CMS version 2.0. These vulnerabilities allow remote attackers to execute malicious scripts and SQL commands. This issue is older research added to the archive...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•5 views

OSSEC HIDS 4.0.0

OSSEC is a full platform to monitor and control your systems. It mixes together all the aspects of HIDS host-based intrusion detection, log monitoring and SIM/SIEM together in a simple, powerful and open source solution. This is the source code release...

10CVSS5.5AI score0.02277EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2026/02/02 12:0 a.m.•6 views

IlchCMS 2.1.37 Cross Site Scripting

A cross site scripting vulnerability exists in IlchCMS version 2.1.37. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/01 12:0 a.m.•9 views

SMCP: Secure Model Context Protocol

Agentic AI systems built around large language models LLMs are moving away from closed, single-model frameworks and toward open ecosystems that connect a variety of agents, external tools, and resources. The Model Context Protocol MCP has emerged as a standard to unify tool access, allowing agent...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/01 12:0 a.m.•12 views

To Defend against Cyber Attacks, We Must Teach AI Agents to Hack

For over a decade, cybersecurity has relied on human labor scarcity to limit attackers to high-value targets manually or generic automated attacks at scale. Building sophisticated exploits requires deep expertise and manual effort, leading defenders to assume adversaries cannot afford tailored...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/01 12:0 a.m.•7 views

Sleep Reveals the Nonce: Breaking ECDSA Using Sleep-Based Power Side-Channel Vulnerability

Security of Elliptic Curve Digital Signature Algorithm ECDSA depends on the secrecy of the per-signature nonce. Even partial nonce leakage can expose the long-term private key through lattice-based cryptanalysis. In this paper, we introduce a previously unexplored power side-channel vulnerability...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/01 12:0 a.m.•6 views

HACK NDSU: A Real-World Event to Promote Student Interest in Cybersecurity

Hack NDSU let students scan, probe, and hack North Dakota State University's campus network, under professionals' supervision, providing an aspirational experience, potentially motivating them to enter the field. This paper provides a blueprint for educational hacking events against production...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/02/01 12:0 a.m.•7 views

DuoLungo: Usability Study of Duo 2FA

Multi-Factor Authentication MFA enhances login security by requiring multiple authentication factors. Its adoption has increased in response to more frequent and sophisticated attacks. Duo is widely used by organizations including Fortune 500 companies and major educational institutions, yet its...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/31 12:0 a.m.•6 views

From Detection to Prevention: Explaining Security-Critical Code to Avoid Vulnerabilities

Security vulnerabilities often arise unintentionally during development due to a lack of security expertise and code complexity. Traditional tools, such as static and dynamic analysis, detect vulnerabilities only after they are introduced in code, leading to costly remediation. This work explores...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/31 12:0 a.m.•9 views

Jailbreaking LLMs Via Calibration

Safety alignment in Large Language Models LLMs often creates a systematic discrepancy between a model's aligned output and the underlying pre-aligned data distribution. We propose a framework in which the effect of safety alignment on next-token prediction is modeled as a systematic distortion of...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•6 views

Zeek 8.0.6

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...

6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•6 views

Windows Registry Run Persistence

This Metasploit module is a Windows persistence module designed to maintain access to a compromised system after a successful exploitation and an active Meterpreter session has been obtained...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•23 views

CISA: Assembling a Multi-Disciplinary Insider Threat Management Team

In CISA's continuing work to strengthen infrastructure security, the Assembling a Multi-Disciplinary Insider Threat Management Team infographic aims to enhance the awareness of critical infrastructure stakeholders regarding insider threats, the potential damage they can inflict, and the steps...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•6 views

SpyDir: Spy Device Localization through Accurate Direction Finding

Hidden spy cameras have become a great privacy threat recently, as these low-cost, low-power, and small form-factor IoT devices can quietly monitor human activities in the indoor environment without generating any side-channel information. As such, it is difficult to detect and even more...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•5 views

Secure Integrated Sensing and Communication against Communication and Sensing Eavesdropping

Sensing privacy and communication confidentiality play fundamentally different but interconnected roles in adversarial wireless environments. Capturing this interplay within a single physical-layer framework is particularly challenging in integrated sensing and communication ISAC systems, where t...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•6 views

Evaluating Large Language Models for Security Bug Report Prediction

Early detection of security bug reports SBRs is critical for timely vulnerability mitigation. We present an evaluation of prompt-based engineering and fine-tuning approaches for predicting SBRs using Large Language Models LLMs. Our findings reveal a distinct trade-off between the two approaches...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•4 views

ICA Foreign Threats to the 2020 US Federal Elections

This is the originally publicly disclosed government document titled Foreign Threats to the 2020 US Federal Elections. This document is a declassified version of a classified report. The analytic judgments outlined here are identical to those in the classified version, but this declassified...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•9 views

Now You Hear Me: Audio Narrative Attacks against Large Audio-Language Models

Large audio-language models increasingly operate on raw speech inputs, enabling more seamless integration across domains such as voice assistants, education, and clinical triage. This transition, however, introduces a distinct class of vulnerabilities that remain largely uncharacterized. We exami...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•5 views

Human-Centered Explainability in AI-Enhanced UI Security Interfaces: Designing Trustworthy Copilots for Cybersecurity Analysts

Artificial intelligence AI copilots are increasingly integrated into enterprise cybersecurity platforms to assist analysts in threat detection, triage, and remediation. However, the effectiveness of these systems depends not only on the accuracy of underlying models but also on the degree to whic...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•6 views

WiFiPenTester: Advancing Wireless Ethical Hacking with Governed GenAI

Wireless ethical hacking relies heavily on skilled practitioners manually interpreting reconnaissance results and executing complex, time-sensitive sequences of commands to identify vulnerable targets, capture authentication handshakes, and assess password resilience; a process that is inherently...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•6 views

Towards a Cognitive-Support Tool for Threat Hunters

Cybersecurity increasingly relies on threat hunters to proactively identify adversarial activity, yet the cognitive work underlying threat hunting remains underexplored or insufficiently supported by existing tools. Building on prior studies that examined how threat hunters construct and share...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•27 views

Trojan-Resilient NTT: Protecting against Control Flow and Timing Faults on Reconfigurable Platforms

Number Theoretic Transform NTT is the most essential component for polynomial multiplications used in lattice-based Post-Quantum Cryptography PQC algorithms such as Kyber, Dilithium, NTRU etc. However, side-channel attacks SCA and hardware vulnerabilities in the form of hardware Trojans may alter...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•10 views

RPP: A Certified Poisoned-Sample Detection Framework for Backdoor Attacks under Dataset Imbalance

Deep neural networks are highly susceptible to backdoor attacks, yet most defense methods to date rely on balanced data, overlooking the pervasive class imbalance in real-world scenarios that can amplify backdoor threats. This paper presents the first in-depth investigation of how the dataset...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•10 views

Semantic-Aware Advanced Persistent Threat Detection Using Autoencoders on LLM-Encoded System Logs

Advanced Persistent Threats APTs are among the most challenging cyberattacks to detect. They are carried out by highly skilled attackers who carefully study their targets and operate in a stealthy, long-term manner. Because APTs exhibit "low-and-slow" behavior, traditional statistical methods and...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•5 views

AEGIS: White-Box Attack Path Generation Using LLMs and Training Effectiveness Evaluation for Large-Scale Cyber Defence Exercises

Creating attack paths for cyber defence exercises requires substantial expert effort. Existing automation requires vulnerability graphs or exploit sets curated in advance, limiting where it can be applied. We present AEGIS, a system that generates attack paths using LLMs, white-box access, and...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•7 views

Whispers of Wealth: Red-Teaming Google's Agent Payments Protocol Via Prompt Injection

Large language model LLM based agents are increasingly used to automate financial transactions, yet their reliance on contextual reasoning exposes payment systems to prompt-driven manipulation. The Agent Payments Protocol AP2 aims to secure agent-led purchases through cryptographically verifiable...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•11 views

Semantics-Preserving Evasion of LLM Vulnerability Detectors

LLM-based vulnerability detectors are increasingly deployed in security-critical code review, yet their resilience to evasion under behavior-preserving edits remains poorly understood. We evaluate detection-time integrity under a semantics-preserving threat model by instantiating diverse...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•14 views

The Semantic Trap: Do Fine-Tuned LLMs Learn Vulnerability Root Cause or Just Functional Pattern?

LLMs demonstrate promising performance in software vulnerability detection after fine-tuning. However, it remains unclear whether these gains reflect a genuine understanding of vulnerability root causes or merely an exploitation of functional patterns. In this paper, we identify a critical failur...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•5 views

No More, No Less: Least-Privilege Language Models

Least privilege is a core security principle: grant each request only the minimum access needed to achieve its goal. Deployed language models almost never follow it, instead being exposed through a single API endpoint that serves all users and requests. This gap exists not because least privilege...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•6 views

Rust and Go Directed Fuzzing with LibAFL-DiFuzz

In modern SSDLC, program analysis and automated testing are essential for minimizing vulnerabilities before software release, with fuzzing being a fast and widely used dynamic testing method. However, traditional coverage-guided fuzzing may be less effective in specific tasks like verifying stati...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•6 views

PIDSMaker: Building and Evaluating Provenance-Based Intrusion Detection Systems

Recent provenance-based intrusion detection systems PIDSs have demonstrated strong potential for detecting advanced persistent threats APTs by applying machine learning to system provenance graphs. However, evaluating and comparing PIDSs remains difficult: prior work uses inconsistent preprocessi...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•5 views

CERT.pl Energy Sector Incident 29 December

This is the official report from CERT.pl on the coordinated attacks against Poland's energy sector. These events affected both information systems IT and physical industrial equipment OT, which is rarely observed in attacks reported publicly to date...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•5 views

Optimal Transport-Guided Adversarial Attacks on Graph Neural Network-Based Bot Detection

The rise of bot accounts on social media poses significant risks to public discourse. To address this threat, modern bot detectors increasingly rely on Graph Neural Networks GNNs. However, the effectiveness of these GNN-based detectors in real-world settings remains poorly understood. In practice...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•54 views

Sifting the Noise: A Comparative Study of LLM Agents in Vulnerability False Positive Filtering

Static Application Security Testing SAST tools are essential for identifying software vulnerabilities, but they often produce a high volume of false positives FPs, imposing a substantial manual triage burden on developers. Recent advances in Large Language Model LLM agents offer a promising...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•7 views

Okara: Detection and Attribution of TLS Man-In-The-Middle Vulnerabilities in Android Apps with Foundation Models

Transport Layer Security TLS is fundamental to secure online communication, yet vulnerabilities in certificate validation that enable Man-in-the-Middle MitM attacks remain a pervasive threat in Android apps. Existing detection tools are hampered by low-coverage UI interaction, costly...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2026/01/30 12:0 a.m.•54 views

From Similarity to Vulnerability: Key Collision Attack on LLM Semantic Caching

Semantic caching has emerged as a pivotal technique for scaling LLM applications, widely adopted by major providers including AWS and Microsoft. By utilizing semantic embedding vectors as cache keys, this mechanism effectively minimizes latency and redundant computation for semantically similar...

5.4AI score
Exploits0
Total number of security vulnerabilities6819