Lucene search
K
PacketstormnewsRecent

6819 matches found

Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.30 views

VulnResolver: A Hybrid Agent Framework for LLM-Based Automated Vulnerability Issue Resolution

As software systems grow in complexity, security vulnerabilities have become increasingly prevalent, posing serious risks and economic costs. Although automated detection tools such as fuzzers have advanced considerably, effective resolution still often depends on human expertise. Existing...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.7 views

LLM Security and Safety: Insights from Homotopy-Inspired Prompt Obfuscation

In this study, we propose a homotopy-inspired prompt obfuscation framework to enhance understanding of security and safety vulnerabilities in Large Language Models LLMs. By systematically applying carefully engineered prompts, we demonstrate how latent model behaviors can be influenced in...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.7 views

SecureSplit: Mitigating Backdoor Attacks in Split Learning

Split Learning SL offers a framework for collaborative model training that respects data privacy by allowing participants to share the same dataset while maintaining distinct feature sets. However, SL is susceptible to backdoor attacks, in which malicious clients subtly alter their embeddings to...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.7 views

Towards Cybersecurity Superintelligence: From AI-Guided Humans to Human-Guided AI

Cybersecurity superintelligence -- artificial intelligence exceeding the best human capability in both speed and strategic reasoning -- represents the next frontier in security. This paper documents the emergence of such capability through three major contributions that have pioneered the field o...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.6 views

Uncovering and Understanding FPR Manipulation Attack in Industrial IoT Networks

In the network security domain, due to practical issues -- including imbalanced data and heterogeneous legitimate network traffic -- adversarial attacks in machine learning-based NIDSs have been viewed as attack packets misclassified as benign. Due to this prevailing belief, the possibility of...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.6 views

Rethinking On-Device LLM Reasoning: Why Analogical Mapping Outperforms Abstract Thinking for IoT DDoS Detection

The rapid expansion of IoT deployments has intensified cybersecurity threats, notably Distributed Denial of Service DDoS attacks, characterized by increasingly sophisticated patterns. Leveraging Generative AI through On-Device Large Language Models ODLLMs provides a viable solution for real-time...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.6 views

Constructing Multi-Label Hierarchical Classification Models for MITRE ATT&CK Text Tagging

MITRE ATT&CK is a cybersecurity knowledge base that organizes threat actor and cyber-attack information into a set of tactics describing the reasons and goals threat actors have for carrying out attacks, with each tactic having a set of techniques that describe the potential methods used in these...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.24 views

Holmes: An Evidence-Grounded LLM Agent for Auditable DDoS Investigation in Cloud Networks

Cloud environments face frequent DDoS threats due to centralized resources and broad attack surfaces. Modern cloud-native DDoS attacks further evolve rapidly and often blend multi-vector strategies, creating an operational dilemma: defenders need wire-speed monitoring while also requiring...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.5 views

A Prompt-Based Framework for Loop Vulnerability Detection Using Local LLMs

Loop vulnerabilities are one major risky construct in software development. They can easily lead to infinite loops or executions, exhaust resources, or introduce logical errors that degrade performance and compromise security. The problem are often undetected by traditional static analyzers becau...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.17 views

Enhanced Cyber Threat Intelligence by Network Forensic Analysis for Ransomware As a Service(RaaS) Malwares

In the current era of interconnected cyberspace, there is an adverse effect of ransomware on individuals, startups, and large companies. Cybercriminals hold digital assets till the demand for payment is made. The success of ransomware upsurged with the introduction of Ransomware as a ServiceRaaS...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.15 views

PINA: Prompt Injection Attack against Navigation Agents

Navigation agents powered by large language models LLMs convert natural language instructions into executable plans and actions. Compared to text-based applications, their security is far more critical: a successful prompt injection attack does not just alter outputs but can directly misguide...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.11 views

Apache bRPC Command Injection

The Apache bRPC heap profiler suffers from a command injection vulnerability. Versions below 1.15.0 are affected...

9.8CVSS5.5AI score0.26163EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.7 views

Unicornscan 0.4.43

Unicornscan is an information gathering and correlation engine built for and by members of the security research and testing communities. It was designed to provide an engine that is Scalable, Accurate, Flexible, and Efficient. It is released for the community to use under the terms of the GPL...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.6 views

Static Detection of Core Structures in Tigress Virtualization-Based Obfuscation Using an LLVM Pass

Malware often uses obfuscation to hinder security analysis. Among these techniques, virtualization-based obfuscation is particularly strong because it protects programs by translating original instructions into attacker-defined virtual machine VM bytecode, producing long and complex code that is...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.5 views

ChartAttack: Testing the Vulnerability of LLMs to Malicious Prompting in Chart Generation

Multimodal large language models MLLMs are increasingly used to automate chart generation from data tables, enabling efficient data analysis and reporting but also introducing new misuse risks. In this work, we introduce ChartAttack, a novel framework for evaluating how MLLMs can be misused to...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.7 views

Post-Quantum Secure Aggregation Via Code-Based Homomorphic Encryption

Secure aggregation enables aggregation of inputs from multiple parties without revealing individual contributions to the server or other clients. Existing post-quantum approaches based on homomorphic encryption offer practical efficiency but predominantly rely on lattice-based hardness assumption...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.7 views

Quantum Encryption Resilience Score (QERS) for MQTT, HTTP, and HTTPS under Post-Quantum Cryptography in Computer, IoT, and IIoT Systems

Post-quantum cryptography PQC introduces significant computational and communication overhead, which poses challenges for resource-constrained computer systems, Internet of Things IoT, and Industrial IoT IIoT devices. This paper presents an experimental evaluation of the Quantum Encryption...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.5 views

Techniques of Modern Attacks

The techniques used in modern attacks have become an important factor for investigation. As we advance further into the digital age, cyber attackers are employing increasingly sophisticated and highly threatening methods. These attacks target not only organizations and governments but also extend...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.18 views

StackWarp: Breaking AMD SEV-SNP Integrity via Deterministic Stack-Pointer Manipulation through the CPU's Stack Engine

In this paper, the authors present StackWarp, a software-based architectural attack exploiting the stack engine on AMD Zen CPUs to modify the stack pointer within an SEV-SNP guest, fully breaking integrity...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.7 views

Sockpuppetting: Jailbreaking LLMs without Optimization through Output Prefix Injection

As open-weight large language models LLMs increase in capabilities, safeguarding them against malicious prompts and understanding possible attack vectors becomes ever more important. While automated jailbreaking methods like GCG Zou et al., 2023 remain effective, they often require substantial...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/19 12:0 a.m.7 views

PrivFly: A Privacy-Preserving Self-Supervised Framework for Rare Attack Detection in IoFT

The Internet of Flying Things IoFT plays a vital role in modern applications such as aerial surveillance and smart mobility. However, it remains highly vulnerable to cyberattacks that threaten the confidentiality, integrity, and availability of sensitive data. Developing effective intrusion...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/18 12:0 a.m.5 views

Abusing the Internet of Medical Things: Evaluating Threat Models and Forensic Readiness for Multi-Vector Attacks on Connected Healthcare Devices

Individuals experiencing interpersonal violence IPV, who depend on medical devices, represent a uniquely vulnerable population as healthcare technologies become increasingly connected. Despite rapid growth in MedTech innovation and "health-at-home" ecosystems, the intersection of MedTech...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/18 12:0 a.m.8 views

TrojanPraise: Jailbreak LLMs Via Benign Fine-Tuning

The demand of customized large language models LLMs has led to commercial LLMs offering black-box fine-tuning APIs, yet this convenience introduces a critical security loophole: attackers could jailbreak the LLMs by fine-tuning them with malicious data. Though this security issue has recently bee...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/18 12:0 a.m.11 views

An Optimized Decision Tree-Based Framework for Explainable IoT Anomaly Detection

The increase in the number of Internet of Things IoT devices has tremendously increased the attack surface of cyber threats thus making a strong intrusion detection system IDS with a clear explanation of the process essential towards resource-constrained environments. Nevertheless, current IoT ID...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/17 12:0 a.m.7 views

Many Hands Make Light Work: An LLM-Based Multi-Agent System for Detecting Malicious PyPI Packages

Malicious code in open-source repositories such as PyPI poses a growing threat to software supply chains. Traditional rule-based tools often overlook the semantic patterns in source code that are crucial for identifying adversarial components. Large language models LLMs show promise for software...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/17 12:0 a.m.6 views

Enhancing Fuzz Testing Efficiency through Automated Fuzz Target Generation

Fuzzing continues to be the most effective method for identifying security vulnerabilities in software. In the context of fuzz testing, the fuzzer supplies varied inputs to fuzz targets, which are designed to comprehensively exercise critical sections of the client code. Various studies have...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/17 12:0 a.m.6 views

Hybrid IDS Using Signature-Based and Anomaly-Based Detection

Intrusion detection systems IDS are essential for protecting computer systems and networks against a wide range of cyber threats that continue to evolve over time. IDS are commonly categorized into two main types, each with its own strengths and limitations, such as difficulty in detecting...

5.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/16 12:0 a.m.5 views

Predicting Tail-Risk Escalation in IDS Alert Time Series

Network defenders face a steady stream of attacks, observed as raw Intrusion Detection System IDS alerts. The sheer volume of alerts demands prioritization, typically based on high-level risk classifications. This work expands the scope of risk measurement by examining alerts not only through the...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/16 12:0 a.m.6 views

A Defender-Attacker-Defender Model for Optimizing the Resilience of Hospital Networks to Cyberattacks

Considering the increasing frequency of cyberattacks affecting multiple hospitals simultaneously, improving resilience at a network level is essential. Various countermeasures exist to improve resilience against cyberattacks, such as deploying controls that strengthen IT infrastructures to limit...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/16 12:0 a.m.6 views

Shaping a Quantum-Resistant Future: Strategies for Post-Quantum PKI

As the quantum computing era approaches, securing classical cryptographic protocols becomes imperative. Public key cryptography is widely used for signature and key exchange but it is the type of cryptography more threatened by quantum computing. Its application typically requires support via a...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/16 12:0 a.m.6 views

SimFuzz: Similarity-Guided Block-Level Mutation for RISC-V Processor Fuzzing

The Instruction Set Architecture ISA defines processor operations and serves as the interface between hardware and software. As an open ISA, RISC-V lowers the barriers to processor design and encourages widespread adoption, but also exposes processors to security risks such as functional bugs...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/16 12:0 a.m.7 views

LoRA As Oracle

Backdoored and privacy-leaking deep neural networks pose a serious threat to the deployment of machine learning systems in security-critical settings. Existing defenses for backdoor detection and membership inference typically require access to clean reference models, extensive retraining, or...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/15 12:0 a.m.21 views

Agent Skills in the Wild: An Empirical Study of Security Vulnerabilities at Scale

The rise of AI agent frameworks has introduced agent skills, modular packages containing instructions and executable code that dynamically extend agent capabilities. While this architecture enables powerful customization, skills execute with implicit trust and minimal vetting, creating a...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/15 12:0 a.m.6 views

Gamifying Cyber Governance: A Virtual Escape Room to Transform Cybersecurity Policy Education

Serious games are gaining popularity as effective teaching and learning tools, providing engaging, interactive, and practical experiences for students. Gamified learning experiences, such as virtual escape rooms, have emerged as powerful tools in bridging theory and practice, fostering deeper...

5.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/15 12:0 a.m.6 views

Advanced Encryption Technique for Multimedia Data Using Sudoku-Based Algorithms for Enhanced Security

Encryption and Decryption is the process of sending a message in a ciphered way that appears meaningless and could be deciphered using a key for security purposes to avoid data breaches. This paper expands on the previous work on Sudoku-based encryption methods, applying it to other forms of medi...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/15 12:0 a.m.6 views

Notepad++ Plugin Persistence

This Metasploit module create persistence by adding a malicious plugin to Notepad++, as it blindly loads and executes DLL from its plugin directory on startup, meaning that the payload will be executed every time Notepad++ is launched...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/15 12:0 a.m.5 views

Wireshark Analyzer 4.6.3

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

5.5CVSS7AI score0.00132EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/01/15 12:0 a.m.6 views

AJAR: Adaptive Jailbreak Architecture for Red-Teaming

As Large Language Models LLMs evolve from static chatbots into autonomous agents capable of tool execution, the landscape of AI safety is shifting from content moderation to action security. However, existing red-teaming frameworks remain bifurcated: they either focus on rigid, script-based text...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/15 12:0 a.m.38 views

Multi-Agent Taint Specification Extraction for Vulnerability Detection

Static Application Security Testing SAST tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results compared to traditional pattern-based approaches. However, performing static taint analysis for JavaScript poses two major challenges. First,...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.9 views

A Novel Contrastive Loss for Zero-Day Network Intrusion Detection

Machine learning has achieved state-of-the-art results in network intrusion detection; however, its performance significantly degrades when confronted by a new attack class -- a zero-day attack. In simple terms, classical machine learning-based approaches are adept at identifying attack classes o...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.6 views

A Risk-Stratified Benchmark Dataset for Bad Randomness (SWC-120) Vulnerabilities in Ethereum Smart Contracts

Many Ethereum smart contracts rely on block attributes such as block.timestamp or blockhash to generate random numbers for applications like lotteries and games. However, these values are predictable and miner-manipulable, creating the Bad Randomness vulnerability SWC-120 that has led to real-wor...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.5 views

Malware Classification Using Diluted Convolutional Neural Network with Fast Gradient Sign Method

Android malware has become an increasingly critical threat to organizations, society and individuals, posing significant risks to privacy, data security and infrastructure. As malware continues to evolve in terms of complexity and sophistication, the mitigation and detection of these malicious...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.6 views

WMI Event Subscription Logon Timer Persistence

This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will trigger the payload after the system has a certain uptime. Payloads will trigger every minute until the set end time. Additionally a custom command can be specifi...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.10 views

WMI Event Subscription Event Log Persistence

This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will query the event log for an EVENTIDTRIGGER default: failed logon request id 4625 that also contains a specified USERNAMETRIGGER note: failed logon auditing must be...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.13 views

Private Links, Public Leaks: Consequences of Frictionless User Experience on the Security and Privacy Posture of SMS-Delivered URLs

Digital service providers often prioritize a frictionless user experience by adopting technologies that simplify access to their services. One widely used mechanism is the Short Message Service SMS to deliver links URLs that enable single-click access to online services with little to no...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.11 views

EuskalHack Security Congress IX Call for Papers

EuskalHack Security Congress ninth edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.5 views

The Promptware Kill Chain: How Prompt Injections Gradually Evolved into a Multi-Step Malware

Whitepaper called The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into A Multi-Step Malware...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.5 views

Diffusion-Driven Deceptive Patches: Adversarial Manipulation and Forensic Detection in Facial Identity Verification

This work presents an end-to-end pipeline for generating, refining, and evaluating adversarial patches to compromise facial biometric systems, with applications in forensic analysis and security testing. We utilize FGSM to generate adversarial noise targeting an identity classifier and employ a...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.9 views

WMI Event Subscription Interval Persistence

This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload after the specified CALLBACKINTERVAL. If the persistence is not installed, it will keep triggering payloads to spawn. Additionally a custom comman...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/01/14 12:0 a.m.8 views

AmbShield: Enhancing Physical Layer Security with Ambient Backscatter Devices against Eavesdroppers

Passive eavesdropping compromises confidentiality in wireless networks, especially in resource-constrained environments where heavyweight cryptography is impractical. Physical layer security PLS exploits channel randomness and spatial selectivity to confine information to an intended receiver wit...

6.6AI score
Exploits0
Total number of security vulnerabilities6819