Lucene search
K
PacketstormnewsRecent

6825 matches found

Packet Storm News
Packet Storm News
•added 2025/12/03 12:0 a.m.•125 views

A Comprehensive Study on the Impact of Vulnerable Dependencies on Open-Source Software

Open-source libraries are widely used by software developers to speed up the development of products, however, they can introduce security vulnerabilities, leading to incidents like Log4Shell. With the expanding usage of open-source libraries, it becomes even more imperative to comprehend and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/03 12:0 a.m.•6 views

The Treasury Proof Ledger: A Cryptographic Framework for Accountable Bitcoin Treasuries

Public companies and institutional investors that hold Bitcoin face increasing pressure to show solvency, manage risk, and satisfy regulatory expectations without exposing internal wallet structures or trading strategies. This paper introduces the Treasury Proof Ledger TPL, a Bitcoin-anchored...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/03 12:0 a.m.•10 views

One Detector Fits All: Robust and Adaptive Detection of Malicious Packages from PyPI to Enterprises

The rise of supply chain attacks via malicious Python packages demands robust detection solutions. Current approaches, however, overlook two critical challenges: robustness against adversarial source code transformations and adaptability to the varying false positive rate FPR requirements of...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/03 12:0 a.m.•8 views

Primitive Vector Cipher(PVC): A Hybrid Encryption Scheme Based on the Vector Computational Diffie-Hellman (V-CDH) Problem

This work introduces the Primitive Vector Cipher PVC, a novel hybrid encryption scheme integrating matrix-based cryptography with advanced Diffie-Hellman key exchange. PVC's security is grounded on the established hardness of the Vector Computational Diffie- Hellman V-CDH problem. The two-layered...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/03 12:0 a.m.•8 views

Periodic Directory Security Audit 1.0

This code enables persistence via the /etc/periodic directory similarly to recent metasploit modules that perform the same function. This is a variant written in PHP...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/03 12:0 a.m.•56 views

Breaking Isolation: A New Perspective on Hypervisor Exploitation Via Cross-Domain Attacks

Hypervisors are under threat by critical memory safety vulnerabilities, with pointer corruption being one of the most prevalent and severe forms. Existing exploitation frameworks depend on identifying highly-constrained structures in the host machine and accurately determining their runtime...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/03 12:0 a.m.•5 views

Unfolding Challenges in Securing and Regulating Unmanned Air Vehicles

Unmanned Aerial Vehicles UAVs or drones are being introduced in a wide range of commercial applications. This has also made them prime targets of attackers who compromise their fundamental security properties, including confidentiality, integrity, and availability. As researchers discover novel...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/03 12:0 a.m.•5 views

Adversarial Limits of Quantum Certification: When Eve Defeats Detection

Security of quantum key distribution QKD relies on certifying that observed correlations arise from genuine quantum entanglement rather than eavesdropper manipulation. Theoretical security proofs assume idealized conditions, practical certification must contend with adaptive adversaries who...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/03 12:0 a.m.•5 views

A Descriptive Model for Modelling Attacker Decision-Making in Cyber-Deception

Cyber-deception is an increasingly important defensive strategy, shaping adversarial decision making through controlled misinformation, uncertainty, and misdirection. Although game-theoretic, Bayesian, Markov decision process, and reinforcement learning models offer insight into deceptive...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/02 12:0 a.m.•8 views

A Wolf in Sheep's Clothing: Bypassing Commercial LLM Guardrails Via Harmless Prompt Weaving and Adaptive Tree Search

Large language models LLMs remain vulnerable to jailbreak attacks that bypass safety guardrails to elicit harmful outputs. Existing approaches overwhelmingly operate within the prompt-optimization paradigm: whether through traditional algorithmic search or recent agent-based workflows, the...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/02 12:0 a.m.•3 views

Equilibrium SAT Based PQC: New Aegis against Quantum Computing

Public-key cryptography algorithms have evolved towards increasing computational complexity to hide desired messages, which is accelerating with the development of the Internet and quantum computing. This paper introduces a novel public-key cryptography algorithm that generates ciphertexts by...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/02 12:0 a.m.•6 views

Decryption Thorough Polynomial Ambiguity: Noise-Enhanced High-Memory Convolutional Codes for Post-Quantum Cryptography

We present a novel approach to post-quantum cryptography that employs directed-graph decryption of noise-enhanced high-memory convolutional codes. The proposed construction generates random-like generator matrices that effectively conceal algebraic structure and resist known structural attacks...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/02 12:0 a.m.•10 views

Cybersecurity AI: The World's Top AI Agent for Security Capture-The-Flag (CTF)

Are Capture-the-Flag competitions obsolete? In 2025, Cybersecurity AI CAI systematically conquered some of the world's most prestigious hacking competitions, achieving Rank 1 at multiple events and consistently outperforming thousands of human teams. Across five major circuits-HTB's AI vs Humans,...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/02 12:0 a.m.•8 views

S3C2 SICP Summit 2025-06: Vulnerability Response Summit

Recent years have shown increased cyber attacks targeting less secure elements in the software supply chain and causing significant damage to businesses and organizations. The US and EU governments and industry are equally interested in enhancing software security, including supply chain and...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/02 12:0 a.m.•9 views

Learning the Wrong Lessons: Syntactic-Domain Spurious Correlations in Language Models

Whitepaper from researchers at MIT, Northeastern University, and Meta. For an LLM to correctly respond to an instruction it must understand both the semantics and the domain i.e., subject area of a given task-instruction pair. However, syntax can also convey implicit information Recent work shows...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/02 12:0 a.m.•35 views

Is Vibe Coding Safe? Benchmarking Vulnerability of Agent-Generated Code in Real-World Tasks

Vibe coding is a new programming paradigm in which human engineers instruct large language model LLM agents to complete complex coding tasks with little supervision. Although it is increasingly adopted, are vibe coding outputs really safe to deploy in production? To answer this question, we propo...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•3 views

Beyond the Hype: A Large-Scale Empirical Analysis of On-Chain Transactions in NFT Scams

Non-fungible tokens NFTs serve as a representative form of digital asset ownership and have attracted numerous investors, creators, and tech enthusiasts in recent years. However, related fraud activities, especially phishing scams, have caused significant property losses. There are many graph...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•23 views

BackportBench: A Multilingual Benchmark for Automated Backporting of Patches

Many modern software projects evolve rapidly to incorporate new features and security patches. It is important for users to update their dependencies to safer versions, but many still use older, vulnerable package versions because upgrading can be difficult and may break their existing codebase...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•2 views

FortiWeb Authentication Bypass Artifact Generator

This script attempts to detect if FortiWeb is vulnerable to authentication bypass. FortiWeb versions below 8.0.2 are affected...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•17 views

COGNITION: From Evaluation to Defense against Multimodal LLM CAPTCHA Solvers

This paper studies how multimodal large language models MLLMs undermine the security guarantees of visual CAPTCHA. We identify the attack surface where an adversary can cheaply automate CAPTCHA solving using off-the-shelf models. We evaluate 7 leading commercial and open-source MLLMs across 18...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•24 views

Apache bRPC Server Crash

Apache bRPC versions prior to 1.15.0 has an uncontrolled recursion vulnerability that allows for a server crash...

7.5CVSS6.8AI score0.01479EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•6 views

AI-Driven Cybersecurity Testbed for Nuclear Infrastructure: Comprehensive Evaluation Using METL Operational Data

Advanced nuclear reactor systems face increasing cybersecurity threats as sophisticated attackers exploit cyber-physical interfaces to manipulate control systems while evading traditional IT security measures. This research presents a comprehensive evaluation of artificial intelligence approaches...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•5 views

Demystifying Feature Engineering in Malware Analysis of API Call Sequences

Machine learning ML has been widely used to analyze API call sequences in malware analysis, which typically requires the expertise of domain specialists to extract relevant features from raw data. The extracted features play a critical role in malware analysis. Traditional feature extraction is...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•5 views

Physical ID-Transfer Attacks against Multi-Object Tracking Via Adversarial Trajectory

Multi-Object Tracking MOT is a critical task in computer vision, with applications ranging from surveillance systems to autonomous driving. However, threats to MOT algorithms have yet been widely studied. In particular, incorrect association between the tracked objects and their assigned IDs can...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•4 views

LeechHijack: Covert Computational Resource Exploitation in Intelligent Agent Systems

Large Language Model LLM-based agents have demonstrated remarkable capabilities in reasoning, planning, and tool usage. The recently proposed Model Context Protocol MCP has emerged as a unifying framework for integrating external tools into agent systems, enabling a thriving open ecosystem of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•5 views

INFERMAL: Inferential Analysis of Maliciously Registered Domains

Cybercriminals have long depended on domain names for phishing, spam, malware distribution, and botnet operation. To facilitate the malicious activities, they continually register new domain names for exploitation. Previous work revealed an abnormally high concentration of malicious registrations...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•5 views

Systems Security Foundations for Agentic Computing

This paper articulates short- and long-term research problems in AI agent security and privacy, using the lens of computer systems security. This approach examines end-to-end security properties of entire systems, rather than AI models in isolation. While we recognize that hardening a single mode...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•7 views

Secure Over-The-Air Computation against Multiple Eavesdroppers Using Correlated Artificial Noise

In the era of the Internet of Things and massive connectivity, many engineering applications, such as sensor fusion and federated edge learning, rely on efficient data aggregation from geographically distributed users over wireless networks. Over-the-air computation shows promising potential for...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•5 views

Rethinking Cybersecurity Ontology Classification and Evaluation: Towards a Credibility-Centered Framework

This paper analyzes the proliferation of cybersecurity ontologies, arguing that this surge cannot be explained solely by technical shortcomings related to quality, but also by a credibility deficit - a lack of trust, endorsement, and adoption by users. This conclusion is based on our first...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•7 views

Behind the Curtain: How Shared Hosting Providers Respond to Vulnerability Notifications

Large-scale vulnerability notifications VNs can help hosting provider organizations HPOs identify and remediate security vulnerabilities that attackers can exploit in data breaches or phishing campaigns. Previous VN studies have primarily focused on factors under the control of reporters, such as...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•4 views

WhiteLie: A Robust System for Spoofing User Data in Android Platforms

Android employs a permission framework that empowers users to either accept or deny sharing their private data for example, location with an app. However, many apps tend to crash when they are denied permission, leaving users no choice but to allow access to their data in order to use the app. In...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•3 views

An Introductory Review of the Theory of Continuous-Variable Quantum Key Distribution: Fundamentals, Protocols, and Security

Continuous-variable quantum key distribution CV-QKD has emerged as a promising approach for secure quantum communication, offering advantages such as high key generation rates, compatibility with standard telecommunication infrastructure, and potential for integration on photonic chips. This revi...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•6 views

CVE Breadcrumbs: Tracking Vulnerabilities through Versioned Apache Libraries

The Apache Software Foundation ASF ecosystem underpins a vast portion of modern software infrastructure, powering widely used components such as Log4j, Tomcat, and Struts. However, the ubiquity of these libraries has made them prime targets for high-impact security vulnerabilities, as illustrated...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/12/01 12:0 a.m.•5 views

Securing Large Language Models (LLMs) from Prompt Injection Attacks

Large Language Models LLMs are increasingly being deployed in real-world applications, but their flexibility exposes them to prompt injection attacks. These attacks leverage the model's instruction-following ability to make it perform malicious tasks. Recent work has proposed JATMO, a task-specif...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/30 12:0 a.m.•33 views

Large Language Models Cannot Reliably Detect Vulnerabilities in JavaScript: The First Systematic Benchmark and Evaluation

Researchers have proposed numerous methods to detect vulnerabilities in JavaScript, especially those assisted by Large Language Models LLMs. However, the actual capability of LLMs in JavaScript vulnerability detection remains questionable, necessitating systematic evaluation and comprehensive...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/30 12:0 a.m.•6 views

CTF Archive: Capture, Curate, Learn Forever

Capture the Flag CTF competitions represent a powerful experiential learning approach within cybersecurity education, blending diverse concepts into interactive challenges. However, the short duration typically 24-48 hours and ephemeral infrastructure of these events often impede sustained...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/30 12:0 a.m.•6 views

Reverse Engineering and Control-Aware Security Analysis of the ArduPilot UAV Framework

Unmanned Aerial Vehicle UAV technologies are gaining high interest for many domains, which makes UAV security of utmost importance. ArduPilot is among the most widely used open-source autopilot UAV frameworks; yet, many studies demonstrate the vulnerabilities affecting such systems. Vulnerabiliti...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/30 12:0 a.m.•10 views

Banking System Stability: A Global Analysis of Cybercrime Laws

We examine the role of cybercrime legislation around the world in shaping the stability of the banking system. We compile a novel dataset covering the enactment of cybercrime legislation in 132 developed and developing countries to empirically test this research question. We find that the enactme...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/30 12:0 a.m.•5 views

Deterministic Random Bit Generators Based on Ascon for Embedded Systems

As the Deterministic Random Bit Generator DRBG serves as a fundamental component in random number generation and cryptographic applications, its performance and security are particularly critical in resource-constrained embedded systems, where memory capacity and computational efficiency are...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/30 12:0 a.m.•5 views

Logic Encryption: This Time for Real

Modern circuits face various threats like reverse engineering, theft of intellectual property IP, side-channel attacks, etc. Here, we present a novel approach for IP protection based on logic encryption LE. Unlike established schemes for logic locking, our work obfuscates the circuit's structure...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/30 12:0 a.m.•6 views

Hesperus Is Phosphorus: Mapping Threat Actor Naming Taxonomies at Scale

This paper studies the problem of Threat Actor TA naming convention inconsistency across leading Cyber Threat Intelligence CTI vendors. The current decentralized and proprietary nomenclature creates confusion and significant obstacles for researchers, including difficulties in integrating and...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/30 12:0 a.m.•6 views

MASCOT: Analyzing Malware Evolution through a Well-Curated Source Code Dataset

In recent years, the explosion of malware and extensive code reuse have formed complex evolutionary connections among malware specimens. The rapid pace of development makes it challenging for existing studies to characterize recent evolutionary trends. In addition, intuitive tools to untangle the...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/30 12:0 a.m.•10 views

Quantum Ramp Secret Sharing from Haar Scrambling

Quantum information scrambling has emerged as a powerful tool for studying the dynamics of chaotic quantum many-body systems, assessing benchmarking protocols, and even investigating exotic black hole models. During quantum information scrambling, localized quantum information disperses across th...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/29 12:0 a.m.•7 views

RECTor: Robust and Efficient Correlation Attack on Tor

Tor is a widely used anonymity network that conceals user identities by routing traffic through encrypted relays, yet it remains vulnerable to traffic correlation attacks that deanonymize users by matching patterns in ingress and egress traffic. However, existing correlation methods suffer from t...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/29 12:0 a.m.•4 views

Red Teaming Large Reasoning Models

Large Reasoning Models LRMs have emerged as a powerful advancement in multi-step reasoning tasks, offering enhanced transparency and logical consistency through explicit chains of thought CoT. However, these models introduce novel safety and reliability risks, such as CoT-hijacking and...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/28 12:0 a.m.•7 views

An Empirical Study on the Security Vulnerabilities of GPTs

Equipped with various tools and knowledge, GPTs, one kind of customized AI agents based on OpenAI's large language models, have illustrated great potential in many fields, such as writing, research, and programming. Today, the number of GPTs has reached three millions, with the range of specific...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/28 12:0 a.m.•4 views

Clustering Malware at Scale: A First Full-Benchmark Study

Recent years have shown that malware attacks still happen with high frequency. Malware experts seek to categorize and classify incoming samples to confirm their trustworthiness or prove their maliciousness. One of the ways in which groups of malware samples can be identified is through malware...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/28 12:0 a.m.•7 views

Identification of Malicious Posts on the Dark Web Using Supervised Machine Learning

Given the constant growth and increasing sophistication of cyberattacks, cybersecurity can no longer rely solely on traditional defense techniques and tools. Proactive detection of cyber threats has become essential to help security teams identify potential risks and implement effective mitigatio...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/28 12:0 a.m.•6 views

Evaluating LLMs for One-Shot Patching of Real and Artificial Vulnerabilities

Automated vulnerability patching is crucial for software security, and recent advancements in Large Language Models LLMs present promising capabilities for automating this task. However, existing research has primarily assessed LLMs using publicly disclosed vulnerabilities, leaving their...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/11/28 12:0 a.m.•8 views

GAPS: Guiding Dynamic Android Analysis with Static Path Synthesis

Dynamically resolving method reachability in Android applications remains a critical and largely unsolved problem. Despite notable advancements in GUI testing and static call graph construction, current tools are insufficient for reliably driving execution toward specific target methods, especial...

7.2AI score
Exploits0
Total number of security vulnerabilities6825