Lucene search
K
PacketstormnewsRecent

6825 matches found

Packet Storm News
Packet Storm News
added 2025/12/16 12:0 a.m.9 views

Penetration Testing of Agentic AI: A Comparative Security Analysis across Models and Frameworks

Agentic AI introduces security vulnerabilities that traditional LLM safeguards fail to address. Although recent work by Unit 42 at Palo Alto Networks demonstrated that ChatGPT-4o successfully executes attacks as an agent that it refuses in chat mode, there is no comparative analysis in multiple...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/16 12:0 a.m.5 views

CIS-BA: Continuous Interaction Space Based Backdoor Attack for Object Detection in the Real-World

Object detection models deployed in real-world applications such as autonomous driving face serious threats from backdoor attacks. Despite their practical effectiveness,existing methods are inherently limited in both capability and robustness due to their dependence on single-trigger-single-objec...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/16 12:0 a.m.5 views

Cybersecurity Skills in New Graduates: A Philippine Perspective

This study investigates the key skills and competencies needed by new cybersecurity graduates in the Philippines for entry-level positions. Using a descriptive cross-sectional research design, it combines analysis of job listings from Philippine online platforms with surveys of students, teachers...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.7 views

Quantum Disruption: An SOK of How Post-Quantum Attackers Reshape Blockchain Security and Performance

As quantum computing advances toward practical deployment, it threatens a wide range of classical cryptographic mechanisms, including digital signatures, key exchange protocols, public-key encryption, and certain hash-based constructions that underpin modern network infrastructures. These...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.6 views

Weak Enforcement and Low Compliance in PCI~DSS: A Comparative Security Study

Although credit and debit card data continue to be a prime target for attackers, organizational adherence to the Payment Card Industry Data Security Standard PCI DSS remains surprisingly low. Despite prior work showing that PCI DSS can reduce card fraud, only 32.4% of organizations were fully...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.9 views

From Obfuscated to Obvious: A Comprehensive JavaScript Deobfuscation Tool for Security Analysis

JavaScript's widespread adoption has made it an attractive target for malicious attackers who employ sophisticated obfuscation techniques to conceal harmful code. Current deobfuscation tools suffer from critical limitations that severely restrict their practical effectiveness. Existing tools...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.5 views

Behavior-Aware and Generalizable Defense against Black-Box Adversarial Attacks for ML-Based IDS

Machine learning based intrusion detection systems are increasingly targeted by black box adversarial attacks, where attackers craft evasive inputs using indirect feedback such as binary outputs or behavioral signals like response time and resource usage. While several defenses have been proposed...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.13 views

Security and Detectability Analysis of Unicode Text Watermarking Methods against Large Language Models

Securing digital text is becoming increasingly relevant due to the widespread use of large language models. Individuals' fear of losing control over data when it is being used to train such machine learning models or when distinguishing model-generated output from text written by humans. Digital...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.6 views

Zed Attack Proxy 2.17.0 Cross Platform Package

The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.8 views

Quantigence: A Multi-Agent AI Framework for Quantum Security Research

Cryptographically Relevant Quantum Computers CRQCs pose a structural threat to the global digital economy. Algorithms like Shor's factoring and Grover's search threaten to dismantle the public-key infrastructure PKI securing sovereign communications and financial transactions. While the timeline...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/15 12:0 a.m.8 views

Fortra GoAnywhere MFT 7.x Vulnerability Scanner

Fortra GoAnywhere MFT version7.x vulnerability scanner that looks for systems with a deserialization vulnerability using remote fingerprinting of the system. It does not perform exploitation...

10CVSS7.1AI score0.99614EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2025/12/14 12:0 a.m.7 views

Detecting Malicious Entra OAuth Apps with LLM-Based Permission Risk Scoring

This project presents a unified detection framework that constructs a complete corpus of Microsoft Graph permissions, generates consistent LLM-based risk scores, and integrates them into a real-time detection engine to identify malicious OAuth consent activity...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/14 12:0 a.m.6 views

Towards a Systematic Taxonomy of Attacks against Space Infrastructures

Space infrastructures represent an emerging domain that is critical to the global economy and society. However, this domain is vulnerable to attacks. To enhance the resilience of this domain, we must understand the attacks that can be waged against it. The status quo is that there is no systemati...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/14 12:0 a.m.4 views

Cisco Integrated AI Security and Safety Framework Report

Artificial intelligence AI systems are being readily and rapidly adopted, increasingly permeating critical domains: from consumer platforms and enterprise software to networked systems with embedded agents. While this has unlocked potential for human productivity gains, the attack surface has...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/14 12:0 a.m.6 views

One Leak Away: How Pretrained Model Exposure Amplifies Jailbreak Risks in Finetuned LLMs

Finetuning pretrained large language models LLMs has become the standard paradigm for developing downstream applications. However, its security implications remain unclear, particularly regarding whether finetuned LLMs inherit jailbreak vulnerabilities from their pretrained sources. We investigat...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/14 12:0 a.m.5 views

Detecting Prompt Injection Attacks against Application Using Classifiers

Prompt injection attacks can compromise the security and stability of critical systems, from infrastructure to large web applications. This work curates and augments a prompt injection dataset based on the HackAPrompt Playground Submissions corpus and trains several classifiers, including LSTM,...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/14 12:0 a.m.6 views

FiD-QAE: A Fidelity-Driven Quantum Autoencoder for Credit Card Fraud Detection

Credit card fraud detection is a critical task in financial security, as fraudulent transactions are rare, highly imbalanced, and often resemble legitimate ones. A wide range of classical machine learning methods, as well as more recent quantum machine learning approaches, have been investigated ...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/14 12:0 a.m.7 views

CeLLMate: Sandboxing Browser AI Agents

Browser-using agents BUAs are an emerging class of autonomous agents that interact with web browsers in human-like ways, including clicking, scrolling, filling forms, and navigating across pages. While these agents help automate repetitive online tasks, they are vulnerable to prompt injection...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/14 12:0 a.m.5 views

Hyperparameter Tuning-Based Optimized Performance Analysis of Machine Learning Algorithms for Network Intrusion Detection

Network Intrusion Detection Systems NIDS are essential for securing networks by identifying and mitigating unauthorized activities indicative of cyberattacks. As cyber threats grow increasingly sophisticated, NIDS must evolve to detect both emerging threats and deviations from normal behavior. Th...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/14 12:0 a.m.10 views

SHERLOCK: A Deep Learning Approach to Detect Software Vulnerabilities

The increasing reliance on software in various applications has made the problem of software vulnerability detection more critical. Software vulnerabilities can lead to security breaches, data theft, and other negative outcomes. Traditional software vulnerability detection techniques, such as...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/13 12:0 a.m.5 views

The Role of AI in Modern Penetration Testing

Penetration testing is a cornerstone of cybersecurity, traditionally driven by manual, time-intensive processes. As systems grow in complexity, there is a pressing need for more scalable and efficient testing methodologies. This systematic literature review examines how Artificial Intelligence AI...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/13 12:0 a.m.5 views

Taint-Based Code Slicing for LLMs-Based Malicious NPM Package Detection

The increasing sophistication of malware attacks in the npm ecosystem, characterized by obfuscation and complex logic, necessitates advanced detection methods. Recently, researchers have turned their attention from traditional detection approaches to Large Language Models LLMs due to their strong...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/13 12:0 a.m.6 views

Agentic AI for 6G: A New Paradigm for Autonomous RAN Security Compliance

Agentic AI systems are emerging as powerful tools for automating complex, multi-step tasks across various industries. One such industry is telecommunications, where the growing complexity of next-generation radio access networks RANs opens up numerous opportunities for applying these systems...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/13 12:0 a.m.7 views

Diverse LLMs Vs. Vulnerabilities: Who Detects and Fixes Them Better?

Large Language Models LLMs are increasingly being studied for Software Vulnerability Detection SVD and Repair SVR. Individual LLMs have demonstrated code understanding abilities, but they frequently struggle when identifying complex vulnerabilities and generating fixes. This study presents...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.5 views

Proving DNSSEC Correctness: A Formal Approach to Secure Domain Name Resolution

The Domain Name System Security Extensions DNSSEC are critical for preventing DNS spoofing, yet its specifications contain ambiguities and vulnerabilities that elude traditional "break-and-fix" approaches. A holistic, foundational security analysis of the protocol has thus remained an open proble...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.4 views

Visualisation for the CIS Benchmark Scanning Results

In this paper, we introduce GraphSecure, a web application that provides advanced analysis and visualisation of security scanning results. GraphSecure enables users to initiate scans for their AWS account, validate them against specific Center for Internet Security CIS Benchmarks and return...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.6 views

A Systematic Mapping Study on Risks and Vulnerabilities in Software Containers

Software containers are widely adopted for developing and deploying software applications. Despite their popularity, major security concerns arise during container development and deployment. Software Engineering SE research literature reveals a lack of reviewed, aggregated, and organized knowled...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.5 views

Persistent Backdoor Attacks under Continual Fine-Tuning of LLMs

Backdoor attacks embed malicious behaviors into Large Language Models LLMs, enabling adversaries to trigger harmful outputs or bypass safety controls. However, the persistence of the implanted backdoors under user-driven post-deployment continual fine-tuning has been rarely examined. Most prior...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.4 views

Quantum-Augmented AI/ML for O-RAN: Hierarchical Threat Detection with Synergistic Intelligence and Interpretability (Technical Report)

Open Radio Access Networks O-RAN enhance modularity and telemetry granularity but also widen the cybersecurity attack surface across disaggregated control, user and management planes. We propose a hierarchical defense framework with three coordinated layers-anomaly detection, intrusion...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.8 views

PHANTOM: Progressive High-Fidelity Adversarial Network for Threat Object Modeling

The scarcity of cyberattack data hinders the development of robust intrusion detection systems. This paper introduces PHANTOM, a novel adversarial variational framework for generating high-fidelity synthetic attack data. Its innovations include progressive training, a dual-path VAE-GAN...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.7 views

Faraday 5.18.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.5 views

EIP-7702 Phishing Attack

EIP-7702 introduces a delegation-based authorization mechanism that allows an externally owned account EOA to authenticate a single authorization tuple, after which all subsequent calls are routed to arbitrary delegate code. We show that this design enables a qualitatively new class of phishing...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/11 12:0 a.m.24 views

Automated Penetration Testing with LLM Agents and Classical Planning

While penetration testing plays a vital role in cybersecurity, achieving fully automated, hands-off-the-keyboard execution remains a significant research challenge. In this paper, we introduce the "Planner-Executor-Perceptor PEP" design paradigm and use it to systematically review existing work a...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/11 12:0 a.m.8 views

LLM-Assisted AHP for Explainable Cyber Range Evaluation

Cyber Ranges CRs have emerged as prominent platforms for cybersecurity training and education, especially for Critical Infrastructure CI sectors that face rising cyber threats. One way to address these threats is through hands-on exercises that bridge IT and OT domains to improve defensive...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/11 12:0 a.m.37 views

Virtual Camera Detection: Catching Video Injection Attacks in Remote Biometric Systems

Face anti-spoofing FAS is a vital component of remote biometric authentication systems based on facial recognition, increasingly used across web-based applications. Among emerging threats, video injection attacks -- facilitated by technologies such as deepfakes and virtual camera software -- pose...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/11 12:0 a.m.16 views

SOAPwn: Pwning .NET Framework Applications through HTTP Client Proxies and WSDL

This is a whitepaper which supplements the BlackHat Europe 2025 presentation called "SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies and WSDL". In this whitepaper, the author presents new exploitation sinks in .NET Framework, which may allow an attacker to achieve either...

8.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/11 12:0 a.m.6 views

Authority Backdoor: A Certifiable Backdoor Mechanism for Authoring DNNs

Deep Neural Networks DNNs, as valuable intellectual property, face unauthorized use. Existing protections, such as digital watermarking, are largely passive; they provide only post-hoc ownership verification and cannot actively prevent the illicit use of a stolen model. This work proposes a...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/11 12:0 a.m.7 views

Stealth and Evasion in Rogue AP Attacks: An Analysis of Modern Detection and Bypass Techniques

Wireless networks act as the backbone of modern digital connectivity, making them a primary target for cyber adversaries. Rogue Access Point attacks, specifically the Evil Twin variant, enable attackers to clone legitimate wireless network identifiers to deceive users into connecting. Once a...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/11 12:0 a.m.6 views

Cybersecurity Policy Adoption in South Africa: Does Public Trust Matter?

This study examines how public perception influences the implementation and adoption of cybersecurity frameworks in South Africa. Using the PRISMA methodology, a systematic literature review was conducted across reputable scholarly databases, yielding 34 relevant sources aligned with predefined...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.7 views

Pattern Based Quantum Key Distribution Using the Five Qubit Perfect Code for Eavesdropper Detection

I propose a new quantum key distribution protocol that uses the five qubit error correction code to detect the presence of eavesdropper reliably. The protocol turns any information theoretical attacks into a classical guess about the pattern. The logical qubit is encoded with a specific pattern...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.36 views

Comparing AI Agents to Cybersecurity Professionals in Real-World Penetration Testing

We present the first comprehensive evaluation of AI agents against human cybersecurity professionals in a live enterprise environment. We evaluate ten cybersecurity professionals alongside six existing AI agents and ARTEMIS, our new agent scaffold, on a large university network consisting of 8,00...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.7 views

Lightweight Security for Private Networks: Real-World Evaluation of WireGuard

This paper explores WireGuard as a lightweight alternative to IPsec for securing the user plane as well as the control plane in an industrial Open RAN deployment at the Adtran Terafactory in Meiningen. We focus on a realistic scenario where external vendors access their hardware in our 5G factory...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.9 views

Defining Cost Function of Steganography with Large Language Models

In this paper, we make the first attempt towards defining cost function of steganography with large language models LLMs, which is totally different from previous works that rely heavily on expert knowledge or require large-scale datasets for cost learning. To achieve this goal, a two-stage...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.4 views

LLM-PEA: Leveraging Large Language Models against Phishing Email Attacks

Email phishing is one of the most prevalent and globally consequential vectors of cyber intrusion. As systems increasingly deploy Large Language Models LLMs applications, these systems face evolving phishing email threats that exploit their fundamental architectures. Current LLMs require...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.6 views

ByteShield: Adversarially Robust End-To-End Malware Detection through Byte Masking

Research has proven that end-to-end malware detectors are vulnerable to adversarial attacks. In response, the research community has proposed defenses based on randomized and derandomized smoothing. However, these techniques remain susceptible to attacks that insert large adversarial payloads. To...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.16 views

Chasing Shadows: Pitfalls in LLM Security Research

Large language models LLMs are increasingly prevalent in security research. Their unique characteristics, however, introduce challenges that undermine established paradigms of reproducibility, rigor, and evaluation. Prior work has identified common pitfalls in traditional machine learning researc...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.7 views

True Random Number Generators on IQM Spark

Random number generation is fundamental for many modern applications including cryptography, simulations and machine learning. Traditional pseudo-random numbers may offer statistical unpredictability, but are ultimately deterministic. On the other hand, True Random Number Generation TRNG offers...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/10 12:0 a.m.21 views

Malicious GenAI Chrome Extensions: Unpacking Data Exfiltration and Malicious Behaviours

The rapid proliferation of AI and GenAI tools has extended to the Chrome Web Store. Cybercriminals are exploiting this trend, deploying malicious Chrome extensions posing as AI tools or impersonating popular GenAI models to target users. These extensions often appear legitimate while secretly...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/09 12:0 a.m.7 views

An Efficient Secret Communication Scheme for the Bosonic Wiretap Channel

We propose a new secret communication scheme over the bosonic wiretap channel. It uses readily available hardware such as lasers and direct photodetectors. The scheme is based on randomness extractors, pulse-position modulation, and Reed-Solomon codes and is therefore computationally efficient. I...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/09 12:0 a.m.8 views

Integrating Public Input and Technical Expertise for Effective Cybersecurity Policy Formulation

The evolving of digital transformation and increased use of technology comes with increased cyber vulnerabilities, which compromise national security. Cyber-threats become more sophisticated as the technology advances. This emphasises the need for strong risk mitigation strategies. To define stro...

6.9AI score
Exploits0
Total number of security vulnerabilities6825