Lucene search
K
PacketstormnewsRecent

6771 matches found

Packet Storm News
Packet Storm News
added 2026/06/25 12:0 a.m.9 views

TOR Virtual Network Tunneling Tool 0.4.9.10

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/25 12:0 a.m.8 views

LoadReload - Windows EDR Evasion Shellcode Loader

LoadReload is a Windows shellcode loader developed for academic malware research. It loads a shellcode payload from disk, applies multiple anti-analysis and endpoint detection evasion techniques—including API hashing, dynamic API resolution, anti-emulation timing checks, module stomping, memory...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/25 12:0 a.m.12 views

Lynis Auditing Tool 3.1.7

Lynis is an auditing tool for Unix specialists. It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/25 12:0 a.m.11 views

Fortress and Gatekeeper: Theorizing Transitive Trust in Third-Party Cybersecurity Risk Governance

Third-party vendors, such as analytics platforms, cloud services, identity providers, and software suppliers, are increasingly embedded in digital service delivery. While these arrangements enable scale and specialization, they also move customer data and security-relevant practices into...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/25 12:0 a.m.10 views

DroidBreaker: Practical and Functional Problem-Space Attacks on Machine-Learning Android Malware Detectors

Adversarial APKs are Android applications modified in the problem space to evade machine-learning malware detectors. In this work, we first show that, despite claims, existing problem-space attacks remain largely impractical. Most techniques leverage software transplantation to inject entire beni...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/25 12:0 a.m.3 views

IoT Product Cybersecurity Guidelines for the Federal Government Initial Public Draft

The National Institute of Standards and Technology NIST has announced it's request for public feedback on the initial draft of NIST SP 800-213r1 ipd / IoT Product Cybersecurity Guidelines for the Federal Government...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/25 12:0 a.m.16 views

MIRROR: Novelty-Constrained Memory-Guided MCTS Red-Teaming for Agentic RAG

Multimodal agentic retrieval-augmented generation RAG systems expand the attack surface beyond prompt injection to include text poisoning, image injection, direct-query attacks, and orchestrator-level tool manipulation. Existing red-teaming approaches are typically surface-specific and often...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/25 12:0 a.m.20 views

Protocol Prying: Systematic Vulnerability Research in the Apple AirDrop and Android Quick Share Proximity Transfer Protocols

Apple AirDrop and Google/Samsung Quick Share are proximity file-transfer protocols used by over five billion devices, yet their application-layer security properties remain largely unstudied because both stacks are proprietary and undocumented. Both protocols are reachable from wireless proximity...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.15 views

Nanoelectromechanical Systems (NEMS) for Hardware Security in Advanced Packaging

As hardware security threats escalate across semiconductor manufacturing and advanced packaging, there is a growing need for novel physical mechanisms to counter sophisticated attacks such as tampering, counterfeiting, and supply chain infiltration. This paper presents Nanoelectromechanical Syste...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

Information Flow Security on Persistent Memory

Persistent memory is a recently proposed memory paradigm that delivers many system-wide benefits, including improved runtime efficiency and the ability of programs to recover from power outages and system crashes. While recent research has investigated techniques for proving functional correctnes...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

WPProbe Plugin Enumeration Tool 0.12.3

A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

Space-Based Missile Defense

This paper reviews the technical issues underlying space-based boost-phase missile defense and examines the current technology available for space-based interceptors and the characteristics of the missiles such a system would face. It then analyzes a particular space-based missile defense system...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

Do (Not) Tell Me about My Insecurities: Assessing the Status Quo of Coordinated Vulnerability Disclosure in Germany Amid New EU Cybersecurity Regulations

In our increasingly interconnected world, good IT security practices are necessary to prevent vulnerabilities and data breaches. Providing security contacts, e.g., via Coordinated Vulnerability Disclosure CVD programs or security.txt files, is an important practice for businesses to facilitate...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

NTForge Vulnerability Research / Exploit Reproduction Template

NTForge is a Windows 10/11 C++17 vulnerability-research and exploit-reproduction template intended for authorized testing and coordinated reporting to the Microsoft Security Response Center MSRC. It provides a documented native API resolver, internal structure references, safe memory primitives,...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

YARA-X 1.19.0

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

CrypFormBench: Benchmarking Formal Analysis Capability of Large Language Models for Cryptographic Schemes

Manual formal analysis of cryptographic schemes is labor-intensive and requires substantial expertise. While model-checking tools e.g., Scyther and Tamarin and computational-security tools e.g., CryptoVerif and EasyCrypt improve the automation of security proofs, they still rely on experts to...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

Flounder 0.1.0

Flounder turns modern coding agents into an end-to-end security audit system. Give it an authorized target boundary - a repository, source tree, package, deployed clue, or prior run - and the agent can prepare the workspace, read the code and supporting material, map the attack surface, dig into...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

Helpful or Harmful? Evaluating LLM-Assisted Vulnerability Patching Via a Human Study

Software vulnerability remediation is a cognitively demanding task that requires specialized security expertise often lacking in general developers. In the meantime, Large Language Models LLMs assisted tools show potential in vulnerability detection, location, and repair tasks. Hypothesis: While...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.23 views

Beyond Takedown: Measuring Malicious Go Module Persistence in the Wild

We measure an automation-based supply chain campaign in the Go ecosystem. The attackers repackage legitimate Go modules under attacker-controlled owners, and embed them with obfuscated code for an import-triggered downloader. Our results come from two complementary analyses: a a manual search on...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

Malware Distribution Via Browser-in-the-Browser Kit

Unit42 From Palo Alto Networks has discovered a Browser-in-the-Browser BitB campaign specifically tailored for malware delivery...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

angr 9.2.222

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

CISA: Using SASE in a Modern TIC 3.0 Solution

CISA's guidance, The Journey to Zero Trust - Using Secure Access Service Edge in a Modern TIC 3.0 Solution, details how the Trusted Internet Connections TIC 3.0 initiative is helping agencies modernize the way their users connect to applications, data and services. While federal agencies are the...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

Joern 4.0.564

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.35 views

CyberChainBench: Can AI Agents Secure Smart Contracts against Real-World On-Chain Vulnerabilities?

We present CyberChainBench, a benchmark for evaluating LLM-based agents on smart contract security across three complementary tasks: vulnerability detection, exploit generation, and patch synthesis. Built from 541 real-world exploit incidents from DeFiHackLabs spanning 9 EVM chains, the benchmark...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.15 views

Reinforcement Learning for Software Vulnerability Analysis: A Systematic Review with Emphasis on C/C++ Source Code and Static Analysis

Vulnerability detection in C/C++ software remains a major security challenge due to code complexity, manual memory management, and the limitations of traditional static analysis. Reinforcement Learning RL has emerged as a promising approach, particularly for fuzzing, test generation, program...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/24 12:0 a.m.3 views

Dismantling FortiBleed: Inside a Russian Fortinet Compromise Operation

SOCRadar Threat Research Unit STRU has reported FortiBleed, a large-scale credential-harvesting operation targeting more than 430,000 FortiGate firewalls globally. The investigation also confirmed the breach of a NATO-aligned defense contractor. Based on the observed activity, the threat actor is...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/23 12:0 a.m.2 views

PowerFuzz: Power-Based Black-Box Firmware Fuzzing

Fuzzing is widely used for software and hardware verification, offering an effective alternative to random testing. While gray-box fuzzers benefit from full visibility into the system under test and can leverage execution feedback such as branch coverage, these approaches are not applicable when...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/23 12:0 a.m.2 views

Burnyard: Future of Malware Analysis

Malware analysis is a critical aspect of modern cybersecurity. The prevailing industry practice, sandboxing, involves executing suspicious binaries within isolated virtual machines in large-scale data centers. However, this approach can unintentionally expose samples to public platforms such as...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/23 12:0 a.m.2 views

Poisoned Playbooks: Demystifying Knowledge Poisoning Effects on AI Security Agents

AI security agents increasingly rely on Retrieval-Augmented Generation RAG to use external security knowledge for vulnerability analysis and exploit reasoning. This creates a new risk: poisoned write-ups can be operationalized into incorrect exploit behavior. Yet, prior work on RAG poisoning has...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/23 12:0 a.m.2 views

HelpBench: Assessing the Ability of LLMs to Provide Privacy, Safety, and Security Advice

This paper introduces HelpBench, a benchmark for assessing whether LLMs are capable of providing accurate help in response to questions about digital privacy, safety, and security. We curated 450 questions representing authentic user situations and developed rubrics for each question to evaluate...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/23 12:0 a.m.2 views

Inside Crypter-As-A-Service: An Ecosystem Analysis of the Exploit.In Underground Forum Research Talks

Crypter-as-a-Service CraaS has become a key enabling layer of the contemporary malware economy by providing on-demand evasion capabilities through underground service markets. In this paper, we present a longitudinal characterization of the CraaS ecosystem on exploit.in, a major Russian-language...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/23 12:0 a.m.2 views

A Hybrid CNN-LSTM Intrusion Detection Framework for Cybersecurity in Smart Renewable Energy Grids

The accelerated digitalization of renewable energy smart grids through IoT sensors, AMI, and SCADA systems has significantly expanded the attack surface for sophisticated cyberattacks, FDI attacks that stealthily distort state estimation and DoS/DDoS attacks that flood communication channels...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/23 12:0 a.m.2 views

Decoupling Reconnaissance and Exploitation: Measuring the Capability Boundaries of LLM-Based Web Penetration Testing

Large Language Models LLMs have shown promise for automated penetration testing, yet existing end-to-end black-box evaluations are highly susceptible to error cascading: failures in early reconnaissance can mask an agent's actual ability to exploit vulnerabilities. To more accurately characterize...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/23 12:0 a.m.2 views

Red-Teaming the Agentic Red-Team

The use of agentic systems to perform offensive security operations has moved from a theoretical possibility to a commoditized capability. However, while the community has focused on creating more and more capable agents, less attention has been allocated to assessing the security of those system...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/23 12:0 a.m.2 views

Representation Matters: An Empirical Study of Program Representations for LLM Vulnerability Reasoning

Large Language Models LLMs are increasingly used for automated vulnerability detection, but it remains unclear how program structure and semantics should be represented for LLM-based reasoning. Most prompting-based approaches provide raw source code, implicitly assuming that more source-level...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/23 12:0 a.m.4 views

Poster: Exploring the Limits of Audio-Based Detection of Turkish Phone Call Scams

Scam phone calls exploit vulnerable communities worldwide, yet research on detection has focused almost exclusively on English and other high-resource languages. In low-resource settings such as Turkish, detection is especially difficult, as annotated data is scarce and technological defenses...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.6 views

A Quantum Algorithm for One-Shot Signatures

We provide a pre-obfuscation circuit-level implementation of an efficient one shot signature scheme, which has known applications to delegated signatures, secured token transfer, and publicly verifiable randomness. The algorithm consists of two stages: a key generation stage where a classical...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.15 views

Understanding the Stealthy BGP Hijacking Risk in the ROV Era

The partial deployment of Route Origin Validation ROV poses an unexpected security threat known as stealthy BGP hijacking, i.e., a particularly elusive form of BGP hijacking where malicious routes divert traffic without reaching and thus alerting the victims. This risk remains largely unexplored,...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.4 views

Maestro 0.17.1

Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.3 views

Faraday 5.22.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.9 views

CITADEL: CSI-Based Jamming Detection and Open-Set Classification for IIoT Networks

Radio frequency jamming poses a critical threat to the availability of wireless Industrial Internet of Things IIoT networks. Existing detection and classification techniques are poorly suited to this setting: coarse signal-strength and cross-layer features lack information richness, while raw I/Q...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.3 views

CVE MCP Server 0.2.0

CVE MCP Server is a production-grade Model Context Protocol MCP server that turns Claude into a full-spectrum security analyst. Instead of juggling 15+ browser tabs across NVD, EPSS, CISA KEV, Shodan, VirusTotal, and GreyNoise, ask Claude one question and get correlated intelligence in seconds...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.13 views

A Hybrid Intrusion Detection System for Electric Vehicle Charging Infrastructure

The integration of Electric Vehicle Charging Stations EVCSs into the smart grid necessitates sophisticated digital infrastructure for their management and coordination, which expands the attack surface and makes both the power grid and EVCSs vulnerable to cyberattacks. This research addresses...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.4 views

Joern 4.0.562

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.2 views

RIFT-Bench: Dynamic Red-Teaming for Agentic AI Systems

Agentic AI systems powered by large language models LLMs are rapidly evolving into autonomous decision-making systems, exposing attack vectors beyond those of traditional LLM vulnerabilities. Existing security evaluations are often tied to specific implementations or domains, limiting unified...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.2 views

PixJail: Self-Evolving Paper-To-Pipeline Reproduction for Text-To-Image Jailbreak Evaluation

As Text-to-Image T2I jailbreak techniques evolve rapidly, existing benchmarks and reproduction workflows often struggle to keep pace. More importantly, T2I jailbreak evaluation is not a single prompt-level test, but a pipeline-level problem shaped by multiple stages, including prompt...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.18 views

Understanding the (In)Security of Vibe-Coded Applications

Recent advances in large language models LLMs have enabled vibe coding, an emerging software development paradigm in which users create applications primarily through natural-language interactions with AI agents. Due to its low barrier to entry, vibe coding is rapidly gaining adoption in practice...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.15 views

Detecting Malicious Agent Skills in the Wild Using Attention

LLM agents increasingly load skills, file-based packages of natural-language instructions written by third parties and distributed through marketplaces, that execute with the user's privileges. A single malicious skill can exfiltrate data, hijack the agent, or persist as a supply-chain foothold,...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.3 views

AI Toolchain Hijacked: IDE Plugin API Key Theft

Whitepaper called AI Toolchain Hijacked: IDE Plugin API Key Theft. The proliferation of AI-assisted development tools has substantially changed how developers configure and manage credentials in their working environment. Where a developer's IDE once contained little more than syntax highlighting...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/22 12:0 a.m.3 views

AutoPRAC: Automating Attack Discovery for PRAC-Based Rowhammer Defenses Using Model Checkers

Per-Row Activation Counting PRAC in DDR5 is a specification to mitigate Rowhammer attacks by tracking activations per row and triggering mitigative refreshes when needed. However, the security of PRAC designs is currently evaluated using human-crafted attack patterns and we lack formal verificati...

5.8AI score
Exploits0
Total number of security vulnerabilities6771