Lucene search
K
PacketstormnewsRecent

6825 matches found

Packet Storm News
Packet Storm News
added 2025/10/29 12:0 a.m.4 views

Is Protective DNS Blocking the Wild West?

We perform a passive measurement study investigating how a Protective DNS service might perform in a Research & Education Network serving hundreds of member institutions. Utilizing freely-available DNS blocklists consisting of domain names deemed to be threats, we test hundreds of millions of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/29 12:0 a.m.4 views

APThreatHunter: An Automated Planning-Based Threat Hunting Framework

Cyber attacks threaten economic interests, critical infrastructure, and public health and safety. To counter this, entities adopt cyber threat hunting, a proactive approach that involves formulating hypotheses and searching for attack patterns within organisational networks. Automating cyber thre...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/29 12:0 a.m.10 views

Security Vulnerabilities in AI-Generated Code: A Large-Scale Analysis of Public GitHub Repositories

This paper presents a comprehensive empirical analysis of security vulnerabilities in AI-generated code across public GitHub repositories. We collected and analyzed 7,703 files explicitly attributed to four major AI tools: ChatGPT 91.52%, GitHub Copilot 7.50%, Amazon CodeWhisperer 0.52%, and...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/29 12:0 a.m.14 views

AgentCyTE: Leveraging Agentic AI to Generate Cybersecurity Training and Experimentation Scenarios

Designing realistic and adaptive networked threat scenarios remains a core challenge in cybersecurity research and training, still requiring substantial manual effort. While large language models LLMs show promise for automated synthesis, unconstrained generation often yields configurations that...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/29 12:0 a.m.8 views

SIRAJ: Diverse and Efficient Red-Teaming for LLM Agents Via Distilled Structured Reasoning

The ability of LLM agents to plan and invoke tools exposes them to new safety risks, making a comprehensive red-teaming system crucial for discovering vulnerabilities and ensuring their safe deployment. We present SIRAJ: a generic red-teaming framework for arbitrary black-box LLM agents. We emplo...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/29 12:0 a.m.7 views

From ECU to VSOC: UDS Security Monitoring Strategies

Increasing complexity and connectivity of modern vehicles have heightened their vulnerability to cyberattacks. This paper addresses security challenges associated with the Unified Diagnostic Services UDS protocol, a critical communication framework for vehicle diagnostics in the automotive...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/28 12:0 a.m.6 views

Quantum-Resistant Networks Using Post-Quantum Cryptography

Quantum networks rely on both quantum and classical channels for coordinated operation. Current architectures employ entanglement distribution and key exchange over quantum channels but often assume that classical communication is sufficiently secure. In practice, classical channels protected by...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/28 12:0 a.m.4 views

Secure Retrieval-Augmented Generation against Poisoning Attacks

Large language models LLMs have transformed natural language processing NLP, enabling applications from content generation to decision support. Retrieval-Augmented Generation RAG improves LLMs by incorporating external knowledge but also introduces security risks, particularly from data poisoning...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/28 12:0 a.m.8 views

Covert Surveillance in Smart Devices: A SCOUR Framework Analysis of Youth Privacy Implications

This paper investigates how smart devices covertly capture private conversations and discusses in more in-depth the implications of this for youth privacy. Using a structured review guided by the PRISMA methodology, the analysis focuses on privacy concerns, data capture methods, data storage and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/28 12:0 a.m.10 views

Attention Augmented GNN RNN-Attention Models for Advanced Cybersecurity Intrusion Detection

In this paper, we propose a novel hybrid deep learning architecture that synergistically combines Graph Neural Networks GNNs, Recurrent Neural Networks RNNs, and multi-head attention mechanisms to significantly enhance cybersecurity intrusion detection capabilities. By leveraging the comprehensiv...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/28 12:0 a.m.5 views

Hammering the Diagnosis: Rowhammer-Induced Stealthy Trojan Attacks on ViT-Based Medical Imaging

Vision Transformers ViTs have emerged as powerful architectures in medical image analysis, excelling in tasks such as disease detection, segmentation, and classification. However, their reliance on large, attention-driven models makes them vulnerable to hardware-level attacks. In this paper, we...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/27 12:0 a.m.10 views

A Neuro-Symbolic Multi-Agent Approach to Legal-Cybersecurity Knowledge Integration

The growing intersection of cybersecurity and law creates a complex information space where traditional legal research tools struggle to deal with nuanced connections between cases, statutes, and technical vulnerabilities. This knowledge divide hinders collaboration between legal experts and...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/27 12:0 a.m.6 views

Wapiti Web Application Vulnerability Scanner 3.2.8 Source Code

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/27 12:0 a.m.6 views

QueryIPI: Query-Agnostic Indirect Prompt Injection on Coding Agents

Modern coding agents integrated into IDEs combine powerful tools and system-level actions, exposing a high-stakes attack surface. Existing Indirect Prompt Injection IPI studies focus mainly on query-specific behaviors, leading to unstable attacks with lower success rates. We identify a more sever...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/27 12:0 a.m.12 views

Agentic AI Security: Threats, Defenses, Evaluation, and Open Challenges

Agentic AI systems powered by large language models LLMs and endowed with planning, tool use, memory, and autonomy, are emerging as powerful, flexible platforms for automation. Their ability to autonomously execute tasks across web, software, and physical environments creates new and amplified...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/27 12:0 a.m.8 views

Wapiti Web Application Vulnerability Scanner 3.2.8

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the binary release...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/27 12:0 a.m.7 views

Evaluation of Vision-LLMs in Surveillance Video

The widespread use of cameras in our society has created an overwhelming amount of video data, far exceeding the capacity for human monitoring. This presents a critical challenge for public safety and security, as the timely detection of anomalous or criminal events is crucial for effective...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/27 12:0 a.m.6 views

Victim As a Service: Designing a System for Engaging with Interactive Scammers

Pig butchering, and similar interactive online scams, lower their victims' defenses by building trust over extended periods of conversation - sometimes weeks or months. They have become increasingly public losses at least $75B by one recent study. However, because of their long-term conversationa...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/27 12:0 a.m.5 views

MCPGuard : Automatically Detecting Vulnerabilities in MCP Servers

The Model Context Protocol MCP has emerged as a standardized interface enabling seamless integration between Large Language Models LLMs and external data sources and tools. While MCP significantly reduces development complexity and enhances agent capabilities, its openness and extensibility...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/27 12:0 a.m.4 views

Secure Control of Connected and Autonomous Electrified Vehicles under Adversarial Cyber-Attacks

Connected and Autonomous Electrified Vehicles CAEV is the solution to the future smart mobility having benefits of efficient traffic flow and cleaner environmental impact. Although CAEV has advantages they are still susceptible to adversarial cyber attacks due to their autonomous electric operati...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/27 12:0 a.m.7 views

Network Intrusion Detection: Evolution from Conventional Approaches to LLM Collaboration and Emerging Risks

This survey systematizes the evolution of network intrusion detection systems NIDS, from conventional methods such as signature-based and neural network NN-based approaches to recent integrations with large language models LLMs. It clearly and concisely summarizes the current status, strengths, a...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/26 12:0 a.m.6 views

Is Your Prompt Poisoning Code? Defect Induction Rates and Security Mitigation Strategies

Large language models LLMs have become indispensable for automated code generation, yet the quality and security of their outputs remain a critical concern. Existing studies predominantly concentrate on adversarial attacks or inherent flaws within the models. However, a more prevalent yet...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/26 12:0 a.m.11 views

Breaking Agent Backbones: Evaluating the Security of Backbone LLMs in AI Agents

AI agents powered by large language models LLMs are being deployed at scale, yet we lack a systematic understanding of how the choice of backbone LLM affects agent security. The non-deterministic sequential nature of AI agents complicates security modeling, while the integration of traditional...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/26 12:0 a.m.7 views

Advancing Honeywords for Real-World Authentication Security

Introduced by Juels and Rivest in 2013, Honeywords, which are decoy passwords stored alongside a real password, appear to be a proactive method to help detect password credentials misuse. However, despite over a decade of research, this technique has not been adopted by major authentication...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/26 12:0 a.m.6 views

RejSCore: Rejection Sampling Core for Multivariate-Based Public Key Cryptography

Post-quantum multivariate public key cryptography MPKC schemes resist quantum threats but require heavy operations, such as rejection sampling, which challenge resource-limited devices. Prior hardware designs have addressed various aspects of MPKC signature generation. However, rejection sampling...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/25 12:0 a.m.10 views

SecureLearn - an Attack-Agnostic Defense for Multiclass Machine Learning against Data Poisoning Attacks

Data poisoning attacks are a potential threat to machine learning ML models, aiming to manipulate training datasets to disrupt their performance. Existing defenses are mostly designed to mitigate specific poisoning attacks or are aligned with particular ML algorithms. Furthermore, most defenses a...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.5 views

SAND: A Self-Supervised and Adaptive NAS-Driven Framework for Hardware Trojan Detection

The globalized semiconductor supply chain has made Hardware Trojans HT a significant security threat to embedded systems, necessitating the design of efficient and adaptable detection mechanisms. Despite promising machine learning-based HT detection techniques in the literature, they suffer from ...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.12 views

Security Analysis of LTE Connectivity in Connected Cars: A Case Study of Tesla

Modern connected vehicles rely on persistent LTE connectivity to enable remote diagnostics, over-the-air OTA updates, and critical safety services. While mobile network vulnerabilities are well documented in the smartphone ecosystem, their impact in safety-critical automotive settings remains...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.5 views

Lightweight and Breach-Resilient Authenticated Encryption Framework for Internet of Things

The Internet of Things IoT relies heavily on resource-limited devices to communicate critical e.g., military data information under low-energy adversarial environments and low-latency wireless channels. Authenticated Encryption AE guarantees confidentiality, authenticity, and integrity, making it...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.12 views

Wazuh 4.14.0

Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.8 views

Enhanced MLLM Black-Box Jailbreaking Attacks and Defenses

Multimodal large language models MLLMs comprise of both visual and textual modalities to process vision language tasks. However, MLLMs are vulnerable to security-related issues, such as jailbreak attacks that alter the model's input to induce unauthorized or harmful responses. The incorporation o...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.12 views

The Qey: Implementation and Performance Study of Post Quantum Cryptography in FIDO2

Authentication systems have evolved a lot since the 1960s when Fernando Corbato first proposed the password-based authentication. In 2013, the FIDO Alliance proposed using secure hardware for authentication, thus marking a milestone in the passwordless authentication era 1. Passwordless...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.12 views

Actionable Cybersecurity Notifications for Smart Homes: A User Study on the Role of Length and Complexity

The proliferation of smart home devices has increased convenience but also introduced cybersecurity risks for everyday users, as many devices lack robust security features. Intrusion Detection Systems are a prominent approach to detecting cybersecurity threats. However, their alerts often use...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.6 views

Securing AI Agent Execution

Large Language Models LLMs have evolved into AI agents that interact with external tools and environments to perform complex tasks. The Model Context Protocol MCP has become the de facto standard for connecting agents with such resources, but security has lagged behind: thousands of MCP servers...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.14 views

The Trojan Example: Jailbreaking LLMs through Template Filling and Unsafety Reasoning

Large Language Models LLMs have advanced rapidly and now encode extensive world knowledge. Despite safety fine-tuning, however, they remain susceptible to adversarial prompts that elicit harmful content. Existing jailbreak techniques fall into two categories: white-box methods e.g., gradient-base...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/24 12:0 a.m.33 views

Jailbreak Mimicry: Automated Discovery of Narrative-Based Jailbreaks for Large Language Models

Large language models LLMs remain vulnerable to sophisticated prompt engineering attacks that exploit contextual framing to bypass safety mechanisms, posing significant risks in cybersecurity applications. We introduce Jailbreak Mimicry, a systematic methodology for training compact attacker mode...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/23 12:0 a.m.6 views

On the Cybersecurity of LoRaWAN-Based System: A Smart-Lighting Case Study

Cyber-physical systems and the Internet of Things IoT are key technologies in the Industry 4.0 vision. They incorporate sensors and actuators to interact with the physical environment. However, when creating and interconnecting components to form a heterogeneous smart systems architecture, these...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/23 12:0 a.m.6 views

Impacket 0.13.0

Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and, for some protocols e.g. SMB1-3 and MSRPC, the protocol implementation itself. Packets can be constructed from scratch, as well as parse...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/23 12:0 a.m.6 views

Risk Psychology and Cyber-Attack Tactics

We examine whether measured cognitive processes predict cyber-attack behavior. We analyzed data that included psychometric scale responses and labeled attack behaviors from cybersecurity professionals who conducted red-team operations against a simulated enterprise network. We employed multilevel...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/23 12:0 a.m.38 views

REx86: A Local Large Language Model for Assisting in X86 Assembly Reverse Engineering

Reverse engineering RE of x86 binaries is indispensable for malware and firmware analysis, but remains slow due to stripped metadata and adversarial obfuscation. Large Language Models LLMs offer potential for improving RE efficiency through automated comprehension and commenting, but cloud-hosted...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/23 12:0 a.m.11 views

Enhancing Security in Deep Reinforcement Learning: A Comprehensive Survey on Adversarial Attacks and Defenses

With the wide application of deep reinforcement learning DRL techniques in complex fields such as autonomous driving, intelligent manufacturing, and smart healthcare, how to improve its security and robustness in dynamic and changeable environments has become a core issue in current research...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/23 12:0 a.m.8 views

Lynis Auditing Tool 3.1.6

Lynis is an auditing tool for Unix specialists. It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/23 12:0 a.m.12 views

Beyond Text: Multimodal Jailbreaking of Vision-Language and Audio Models through Perceptually Simple Transformations

Multimodal large language models MLLMs have achieved remarkable progress, yet remain critically vulnerable to adversarial attacks that exploit weaknesses in cross-modal processing. We present a systematic study of multimodal jailbreaks targeting both vision-language and audio-language models,...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/23 12:0 a.m.6 views

An Experimental Study of Trojan Vulnerabilities in UAV Autonomous Landing

This study investigates the vulnerabilities of autonomous navigation and landing systems in Urban Air Mobility UAM vehicles. Specifically, it focuses on Trojan attacks that target deep learning models, such as Convolutional Neural Networks CNNs. Trojan attacks work by embedding covert triggers...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.8 views

Bytecode-Centric Detection of Known-To-Be-Vulnerable Dependencies in Java Projects

On average, 71% of the code in typical Java projects comes from open-source software OSS dependencies, making OSS dependencies the dominant component of modern software code bases. This high degree of OSS reliance comes with a considerable security risk of adding known security vulnerabilities to...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.6 views

LAPRAD: LLM-Assisted PRotocol Attack Discovery

With the goal of improving the security of Internet protocols, we seek faster, semi-automatic methods to discover new vulnerabilities in protocols such as DNS, BGP, and others. To this end, we introduce the LLM-Assisted Protocol Attack Discovery LAPRAD methodology, enabling security researchers...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.7 views

FreeBSD Security Advisory - FreeBSD-SA-25:09.netinet

FreeBSD Security Advisory - Connected sockets are not intended to belong to load-balancing groups. However, the kernel failed to check the connection state of sockets when adding them to load-balancing groups. Furthermore, when looking up the destination socket for an incoming packet, the kernel...

5.4CVSS6.7AI score0.00197EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.5 views

Can You Trust What You See? Alpha Channel No-Box Attacks on Video Object Detection

As object detection models are increasingly deployed in cyber-physical systems such as autonomous vehicles AVs and surveillance platforms, ensuring their security against adversarial threats is essential. While prior work has explored adversarial attacks in the image domain, those attacks in the...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.4 views

Everyone Needs AIR: An Agnostic Incident Reporting Framework for Cybersecurity in Operational Technology

Operational technology OT networks are increasingly coupled with information technology IT, expanding the attack surface and complicating incident response. Although OT standards emphasise incident reporting and evidence preservation, they do not specify what data to capture during an incident,...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.6 views

Ask What Your Country Can Do for You: Towards a Public Red Teaming Model

AI systems have the potential to produce both benefits and harms, but without rigorous and ongoing adversarial evaluation, AI actors will struggle to assess the breadth and magnitude of the AI risk surface. Researchers from the field of systems design have developed several effective sociotechnic...

6.9AI score
Exploits0
Total number of security vulnerabilities6825