Lucene search
K
PacketstormnewsRecent

6819 matches found

Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.6 views

XAMPP and PHPMyAdmin Web Security Research Playbook

This is a comprehensive security testing guide for XAMPP services. It follows a structured approach: 1 Reconnaissance and Information Gathering, 2 Initial Access Attempts, 3 Post-Authentication Exploitation. Each scenario includes realistic commands and expected outcomes for professional security...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.7 views

OpenSSL Toolkit 3.6.1

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.6 release...

5.3CVSS5.9AI score0.47621EPSS
Exploits7
Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.4 views

Reference-Free Spectral Analysis of EM Side-Channels for Always-On Hardware Trojan Detection

Always-on hardware Trojans HTs pose a critical risk to trusted microelectronics, yet most side-channel detection methods rely on unavailable golden references. We present a reference-free approach that combines time-frequency EM analysis with Gaussian Mixture Models GMMs. By applying Short-Time...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/26 12:0 a.m.5 views

Apache bRPC 1.14.0 Exposure / Misconfiguration Checker

Apache bRPC versions 1.14.0 and below exposure and misconfiguration audit tool that does not exploit CVE-2025-60021 but rather validates unsafe exposure conditions that can lead to it...

9.8CVSS5.9AI score0.26163EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2026/01/26 12:0 a.m.20 views

Explainability Methods for Hardware Trojan Detection: A Systematic Comparison

Hardware trojan detection requires accurate identification and interpretable explanations for security engineers to validate and act on results. This work compares three explainability categories for gate-level trojan detection on the Trust-Hub benchmark: 1 domain-aware property-based analysis of...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/26 12:0 a.m.6 views

Fundamentals, Recent Advances, and Challenges Regarding Cryptographic Algorithms for the Quantum Computing Era

This book arises from the need to provide a clear and up-to-date overview of the impacts of quantum computing on cryptography. The goal is to provide a reference in Portuguese for undergraduate, master's, and doctoral students in the field of data security and cryptography. Throughout the chapter...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/26 12:0 a.m.15 views

AgenticSCR: An Autonomous Agentic Secure Code Review for Immature Vulnerabilities Detection

Secure code review is critical at the pre-commit stage, where vulnerabilities must be caught early under tight latency and limited-context constraints. Existing SAST-based checks are noisy and often miss immature, context-dependent vulnerabilities, while standalone Large Language Models LLMs are...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/26 12:0 a.m.5 views

Benchmarking Machine Learning Models for IoT Malware Detection under Data Scarcity and Drift

The rapid expansion of the Internet of Things IoT in domains such as smart cities, transportation, and industrial systems has heightened the urgency of addressing their security vulnerabilities. IoT devices often operate under limited computational resources, lack robust physical safeguards, and...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/26 12:0 a.m.5 views

macOS Mavericks 10.9 Local Privilege Escalation Tooling

This is not an exploit but rather a theoretical ROP chain construction framework for macOS Mavericks 10.9 that is inspired by older research...

9.3CVSS7.3AI score0.0046EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2026/01/25 12:0 a.m.7 views

Data Siphoning through Advanced Persistent Transmission Attacks at the Physical Layer

Data at the physical layer transmits via media such as copper cable, fiber optic, or wireless. Physical attack vectors exist that challenge data confidentiality and availability. Protocols and encryption standards help obfuscate but often cannot keep the data type and destination secure, with...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/25 12:0 a.m.7 views

Mitigating the OWASP Top 10 for Large Language Models Applications Using Intelligent Agents

Large Language Models LLMs have emerged as a transformative and disruptive technology, enabling a wide range of applications in natural language processing, machine translation, and beyond. However, this widespread integration of LLMs also raised several security concerns highlighted by the Open...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/25 12:0 a.m.6 views

Multi-Agent Collaborative Intrusion Detection for Low-Altitude Economy IoT: An LLM-Enhanced Agentic AI Framework

The rapid expansion of low-altitude economy Internet of Things LAE-IoT networks has created unprecedented security challenges due to dynamic three-dimensional mobility patterns, distributed autonomous operations, and severe resource constraints. Traditional intrusion detection systems designed fo...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/25 12:0 a.m.11 views

Multi-Agent End-To-End Vulnerability Management for Mitigating Recurring Vulnerabilities

Software vulnerability management has become increasingly critical as modern systems scale in size and complexity. However, existing automated approaches remain insufficient. Traditional static analysis methods struggle to precisely capture contextual dependencies, especially when vulnerabilities...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/24 12:0 a.m.5 views

On the Impossibility of Simulation Security for Quantum Functional Encryption

Functional encryption is a powerful cryptographic primitive that enables fine-grained access to encrypted data and underlies numerous applications. Although the ideal security notion for FE simulation security has been shown to be impossible in the classical setting, those impossibility results...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/24 12:0 a.m.5 views

Safeguard: Security Controls at the Software Defined Network Layer

Improvements in software defined networking allow for policy to be informed and modified by data-driven applications that can adjust policy to accommodate fluctuating requirements at line speed. However, there is some concern that over-correction can occur and cause unintended consequences...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/24 12:0 a.m.10 views

PatchIsland: Orchestration of LLM Agents for Continuous Vulnerability Repair

Continuous fuzzing platforms such as OSS-Fuzz uncover large numbers of vulnerabilities, yet the subsequent repair process remains largely manual. Unfortunately, existing Automated Vulnerability Repair AVR techniques -- including recent LLM-based systems -- are not directly applicable to continuou...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/24 12:0 a.m.8 views

CTF for Education

In this paper, we take a close look at how CTF can be used in cybersecurity education. We divide the CTF competitions into four different categories, which are attack-based CTFs, defense-based CTFs, jeopardy CTFs and gamified and wargames CTFs. We start our analysis by summarizing the main...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/24 12:0 a.m.5 views

FOCA: Multimodal Malware Classification Via Hyperbolic Cross-Attention

In this work, we introduce FOCA, a novel multimodal framework for malware classification that jointly leverages audio and visual modalities. Unlike conventional Euclidean-based fusion methods, FOCA is the first to exploit the intrinsic hierarchical relationships between audio and visual...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/24 12:0 a.m.8 views

A PUF-Based Security Framework for Fault and Intrusion Detection

Industrial Control Systems ICS rely on sensor feedback to keep safety-critical processes within operational limits. This research presents a hardware-root-of-trust that embeds a Physically Unclonable Function PUF at the measurement layer to authenticate sensor readings. The architecture combines...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/23 12:0 a.m.6 views

Toward Risk Thresholds for AI-Enabled Cyber Threats: Enhancing Decision-Making under Uncertainty with Bayesian Networks

Artificial intelligence AI is increasingly being used to augment and automate cyber operations, altering the scale, speed, and accessibility of malicious activity. These shifts raise urgent questions about when AI systems introduce unacceptable or intolerable cyber risk, and how risk thresholds...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/23 12:0 a.m.11 views

JS Secret Hunter 2

JS Secret Hunter is an advanced Python tool designed for security researchers to automate the detection of hardcoded secrets in client-side JavaScript. Unlike simple scanners, V2 includes a dynamic crawler that parses the HTML of the target website to extract all loaded JavaScript files...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/23 12:0 a.m.29 views

TrojanGYM: A Detector-In-The-Loop LLM for Adaptive RTL Hardware Trojan Insertion

Hardware Trojans HTs remain a critical threat because learning-based detectors often overfit to narrow trigger/payload patterns and small, stylized benchmarks. We introduce TrojanGYM, an agentic, LLM-driven framework that automatically curates HT insertions to expose detector blind spots while...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/23 12:0 a.m.7 views

Eclipse Attacks on Ethereum'S Peer-To-Peer Network

Eclipse attacks isolate blockchain nodes by monopolizing their peer-to-peer connections. The attacks were extensively studied in Bitcoin SP'15, SP'20, CCS'21, SP'23 and Monero NDSS'25, but their practicality against Ethereum nodes remains underexplored, particularly in the post-Merge settings. We...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/23 12:0 a.m.8 views

Secure Intellicise Wireless Network: Agentic AI for Coverless Semantic Steganography Communication

Semantic Communication SemCom, leveraging its significant advantages in transmission efficiency and reliability, has emerged as a core technology for constructing future intellicise intelligent and concise wireless networks. However, intelligent attacks represented by semantic eavesdropping pose...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/23 12:0 a.m.41 views

From Transactions to Exploits: Automated PoC Synthesis for Real-World DeFi Attacks

Blockchain systems are increasingly targeted by on-chain attacks that exploit contract vulnerabilities to extract value rapidly and stealthily, making systematic analysis and reproduction highly challenging. In practice, reproducing such attacks requires manually crafting proofs-of-concept PoCs, ...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/22 12:0 a.m.6 views

Introducing the Generative Application Firewall (GAF)

This paper introduces the Generative Application Firewall GAF, a new architectural layer for securing LLM applications. Existing defenses -- prompt filters, guardrails, and data-masking -- remain fragmented; GAF unifies them into a single enforcement point, much like a WAF coordinates defenses fo...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/22 12:0 a.m.5 views

CAFE-GB: Scalable and Stable Feature Selection for Malware Detection Via Chunk-Wise Aggregated Gradient Boosting

High-dimensional malware datasets often exhibit feature redundancy, instability, and scalability limitations, which hinder the effectiveness and interpretability of machine learning-based malware detection systems. Although feature selection is commonly employed to mitigate these issues, many...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/22 12:0 a.m.8 views

CISA: Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers V2

CISA, in collaboration with the U.S. National Security Agency, U.S. Department of Defense Cyber Crime Center, U.S. Federal Bureau of Investigation, and international partners, have released the guide Bulletproof Defense: Mitigating Risks from Bulletproof Hosting Providers to help internet service...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/22 12:0 a.m.5 views

Improving Methodologies for Agentic Evaluations across Domains: Leakage of Sensitive Information, Fraud and Cybersecurity Threats

The rapid rise of autonomous AI systems and advancements in agent capabilities are introducing new risks due to reduced oversight of real-world interactions. Yet agent testing remains nascent and is still a developing science. As AI agents begin to be deployed globally, it is important that they...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/22 12:0 a.m.6 views

CISA: Principles for the Secure Integration of Artificial Intelligence in Operational Technology V2

Artificial intelligence AI has the potential to increase efficiency and productivity, enhance decision-making, cut costs and improve customer experience, but introducing AI in operational technology OT environments can introduce risks that require careful management to support the safety, securit...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/22 12:0 a.m.8 views

CONTEX-T: Contextual Privacy Exploitation Via Transformer Spectral Analysis for IoT Device Fingerprinting

The rapid expansion of internet of things IoT devices have created a pervasive ecosystem where encrypted wireless communications serve as the primary privacy and security protection mechanism. While encryption effectively protects message content, packet metadata and statistics inadvertently expo...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/22 12:0 a.m.6 views

Logwatch 7.14

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/22 12:0 a.m.4 views

Balancing Security and Privacy: The Pivotal Role of AI in Modern Healthcare Systems

As digital threats continue to grow, organizations must find ways to enhance security while protecting user privacy. This paper explores how artificial intelligence AI plays a crucial role in achieving this balance. AI technologies can improve security by detecting threats, monitoring systems, an...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/22 12:0 a.m.5 views

CISA: Suspicious Unmanned Aircraft System Activity Guidance V2

Suspicious Unmanned Aircraft System Activity Guidance for Critical Infrastructure Owners and Operators is intended for critical infrastructure stakeholders who are concerned with unmanned aircraft system UAS activity near or around their facilities. This is version 2 of CISA's document...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/22 12:0 a.m.5 views

CISA: Safe Handling Considerations for Downed Unmanned Aircraft Systems V2

Safe Handling Considerations for Downed Unmanned Aircraft Systems provides information on how to prepare for and respond to downed unmanned aircraft systems UAS that may pose a safety or security concern. This is version 2 of CISA's document...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/22 12:0 a.m.5 views

FirmReBugger: A Benchmark Framework for Monolithic Firmware Fuzzers

Monolithic Firmware is widespread. Unsurprisingly, fuzz testing firmware is an active research field with new advances addressing the unique challenges in the domain. However, understanding and evaluating improvements by deriving metrics such as code coverage and unique crashes are problematic,...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/21 12:0 a.m.6 views

Malicious PixelCode Delivery Technique

Malicious PixelCode is a security research project that demonstrates a covert technique for encoding executable files into pixel data and storing them inside images or videos. A lightweight loader retrieves the media file, reconstructs the original binary, and executes it in memory. This project...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/21 12:0 a.m.5 views

Side-Channel Attacks on Open VSwitch

Virtualization is widely adopted in cloud systems to manage resource sharing among users. A virtualized environment usually deploys a virtual switch within the host system to enable virtual machines to communicate with each other and with the physical network. The Open vSwitch OVS is one of the...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/21 12:0 a.m.7 views

Lightweight LLMs for Network Attack Detection in IoT Networks

The rapid growth of Internet of Things IoT devices has increased the scale and diversity of cyberattacks, exposing limitations in traditional intrusion detection systems. Classical machine learning ML models such as Random Forest and Support Vector Machine perform well on known attacks but requir...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/21 12:0 a.m.6 views

On Implementing Hybrid Post-Quantum End-To-End Encryption

The emergence of quantum computing poses a fundamental threat to current public key cryptographic systems. This threat is necessitating a transition to quantum resistant cryptographic alternatives in all the applications. In this work, we present the implementation of a practical hybrid end-to-en...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/21 12:0 a.m.6 views

SAGA: Detecting Security Vulnerabilities Using Static Aspect Analysis

Python is one of the most popular programming languages; as such, projects written in Python involve an increasing number of diverse security vulnerabilities. However, existing state-of-the-art analysis tools for Python only support a few vulnerability types. Hence, there is a need to detect a...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/21 12:0 a.m.5 views

DCeption: Real-World Wireless Man-In-The-Middle Attacks against CCS EV Charging

The adoption of Electric Vehicles EVs is happening at a rapid pace. To ensure fast and safe charging, complex communication is required between the vehicle and the charging station. In the globally used Combined Charging System CCS, this communication is carried over the HomePlug Green PHY HPGP...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/21 12:0 a.m.6 views

Burp Global Match and Replace Extension 1.0.0

This archive provides a system-wide match and replace table that applies to all Burp tools including Burp AI. This goes beyond Proxy Match and Replace, which only affects Proxy...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.5 views

AI Agents Vs. Human Investigators: Balancing Automation, Security, and Expertise in Cyber Forensic Analysis

In an era where cyber threats are rapidly evolving, the reliability of cyber forensic analysis has become increasingly critical for effective digital investigations and cybersecurity responses. AI agents are being adopted across digital forensic practices due to their ability to automate processe...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.9 views

Unpacking Security Scanners for GitHub Actions Workflows

GitHub Actions is a widely used platform that allows developers to automate the build and deployment of their projects through configurable workflows. As the platform's popularity continues to grow, it has become a target of choice for recent software supply chain attacks. These attacks exploit...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.4 views

HardSecBench: Benchmarking the Security Awareness of LLMs for Hardware Code Generation

Large language models LLMs are being increasingly integrated into practical hardware and firmware development pipelines for code generation. Existing studies have primarily focused on evaluating the functional correctness of LLM-generated code, yet paid limited attention to its security issues...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.7 views

AttackMate: Realistic Emulation and Automation of Cyber Attack Scenarios across the Kill Chain

Adversary emulation tools facilitate scripting and automated execution of cyber attack chains, thereby reducing costs and manual expert effort required for security testing, cyber exercises, and intrusion detection research. However, due to the fact that existing tools typically rely on agents...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.1 views

Stegano 2.1.0

Stegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit LSB technique. It is possible to use a more advanced LSB method based on integers sets. The sets Sieve of...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.6 views

An Empirical Study on Remote Code Execution in Machine Learning Model Hosting Ecosystems

Model-sharing platforms, such as Hugging Face, ModelScope, and OpenCSG, have become central to modern machine learning development, enabling developers to share, load, and fine-tune pre-trained models with minimal effort. However, the flexibility of these ecosystems introduces a critical security...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.6 views

A Survey of Security Challenges and Solutions for Advanced Air Mobility and EVTOL Aircraft

This survey reviews the existing and envisioned security vulnerabilities and defense mechanisms relevant to Advanced Air Mobility AAM systems, with a focus on electric vertical takeoff and landing eVTOL aircraft. Drawing from vulnerabilities in the avionics in commercial aviation and the automate...

5.6AI score
Exploits0
Total number of security vulnerabilities6819