Lucene search
K
PacketstormnewsRecent

6825 matches found

Packet Storm News
Packet Storm News
added 2025/10/12 12:0 a.m.5 views

Post-Quantum Cryptography and Quantum-Safe Security: A Comprehensive Survey

Post-quantum cryptography PQC is moving from evaluation to deployment as NIST finalizes standards for ML-KEM, ML-DSA, and SLH-DSA. This survey maps the space from foundations to practice. We first develop a taxonomy across lattice-, code-, hash-, multivariate-, isogeny-, and MPC-in-the-Head...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/12 12:0 a.m.12 views

A Graph-Attentive LSTM Model for Malicious URL Detection

Malicious URLs pose significant security risks as they facilitate phishing attacks, distribute malware, and empower attackers to deface websites. Blacklist detection methods fail to identify new or obfuscated URLs because they depend on pre-existing patterns. This work presents a hybrid deep...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/12 12:0 a.m.4 views

GPS Spoofing Attack Detection in Autonomous Vehicles Using Adaptive DBSCAN

As autonomous vehicles become an essential component of modern transportation, they are increasingly vulnerable to threats such as GPS spoofing attacks. This study presents an adaptive detection approach utilizing a dynamically tuned Density Based Spatial Clustering of Applications with Noise...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/12 12:0 a.m.4 views

Man-In-The-Middle Proof-Of-Concept Via Krontiris' Ephemeral Diffie-Hellman over COSE (EDHOC) in C

This report presents some technical details on the authentication process of a lightweight key exchange protocol, paying attention on how Man-in-the-Middle MitM attacks could undermine its security, e.g., under the scope of lawful interception and its risk to facilitate mass surveillance. We focu...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/12 12:0 a.m.13 views

SASER: Stego Attacks on Open-Source LLMs

Open-source large language models LLMs have demonstrated considerable dominance over proprietary LLMs in resolving neural processing tasks, thanks to the collaborative and sharing nature. Although full access to source codes, model parameters, and training data lays the groundwork for transparenc...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/11 12:0 a.m.12 views

A Systematic Study on Generating Web Vulnerability Proof-Of-Concepts Using Large Language Models

Recent advances in Large Language Models LLMs have brought remarkable progress in code understanding and reasoning, creating new opportunities and raising new concerns for software security. Among many downstream tasks, generating Proof-of-Concept PoC exploits plays a central role in vulnerabilit...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/11 12:0 a.m.4 views

Bridging Semantics and Structure for Software Vulnerability Detection Using Hybrid Network Models

Software vulnerabilities remain a persistent risk, yet static and dynamic analyses often overlook structural dependencies that shape insecure behaviors. Viewing programs as heterogeneous graphs, we capture control- and data-flow relations as complex interaction networks. Our hybrid framework...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/11 12:0 a.m.6 views

Modern IOS Security Features -- a Deep Dive into SPTM, TXM, and Exclaves

The XNU kernel is the basis of Apple's operating systems. Although labeled as a hybrid kernel, it is found to generally operate in a monolithic manner by defining a single privileged trust zone in which all system functionality resides. This has security implications, as a kernel compromise has...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/11 12:0 a.m.6 views

ArtPerception: ASCII Art-Based Jailbreak on LLMs with Recognition Pre-Test

The integration of Large Language Models LLMs into computer applications has introduced transformative capabilities but also significant security challenges. Existing safety alignments, which primarily focus on semantic interpretation, leave LLMs vulnerable to attacks that use non-standard data...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/11 12:0 a.m.5 views

System Password Security: Attack and Defense Mechanisms

System passwords serve as critical credentials for user authentication and access control when logging into operating systems or applications. Upon entering a valid password, users pass verification to access system resources and execute corresponding operations. In recent years, frequent passwor...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/10 12:0 a.m.4 views

Future G Network'S New Reality: Opportunities and Security Challenges

Future G network's new reality is a widespread cyber-physical environment created by Integrated Sensing and Communication ISAC. It is a crucial technology that transforms wireless connections into ubiquitous sensors. ISAC unlocks transformative new capabilities, powering autonomous systems,...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/10 12:0 a.m.22 views

Exploiting Web Search Tools of AI Agents for Data Exfiltration

Large language models LLMs are now routinely used to autonomously execute complex tasks, from natural language processing to dynamic workflows like web searches. The usage of tool-calling and Retrieval Augmented Generation RAG allows LLMs to process and retrieve sensitive corporate data, amplifyi...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/10 12:0 a.m.4 views

Exploring User Risk Factors and Target Groups for Phishing Victimization in Pakistan

Phishing attacks pose a significant cybersecurity threat globally. This study investigates phishing susceptibility within the Pakistani population, examining the influence of demographic factors, technological aptitude and usage, previous phishing victimization, and email characteristics. Data wa...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.6 views

Systematic Assessment of Cache Timing Vulnerabilities on RISC-V Processors

While interest in the open RISC-V instruction set architecture is growing, tools to assess the security of concrete processor implementations are lacking. There are dedicated tools and benchmarks for common microarchitectural side-channel vulnerabilities for popular processor families such as Int...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.6 views

Wireshark Analyzer 4.6.0

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.7 views

ExPrESSO: Zero-Knowledge Backed Extensive Privacy Preserving Single Sign-On

User authentication is one of the most important aspects for secure communication between services and end-users over the Internet. Service providers leverage Single-Sign On SSO to make it easier for their users to authenticate themselves. However, standardized systems for SSO, such as OIDC, do n...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.6 views

ANCORA: Accurate Intrusion Recovery for Web Applications

Modern web application recovery presents a critical dilemma. Coarse-grained snapshot rollbacks cause unacceptable data loss for legitimate users. Surgically removing an attack's impact is hindered by a fundamental challenge in high-concurrency environments: it is difficult to attribute resulting...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.5 views

A Demonstration of Self-Adaptive Jamming Attack Detection in AI/ML Integrated O-RAN

The open radio access network O-RAN enables modular, intelligent, and programmable 5G network architectures through the adoption of software-defined networking, network function virtualization, and implementation of standardized open interfaces. However, one of the security concerns for O-RAN,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.6 views

Pattern Enhanced Multi-Turn Jailbreaking: Exploiting Structural Vulnerabilities in Large Language Models

Large language models LLMs remain vulnerable to multi-turn jailbreaking attacks that exploit conversational context to bypass safety constraints gradually. These attacks target different harm categories like malware generation, harassment, or fraud through distinct conversational approaches...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.5 views

Bloodroot: When Watermarking Turns Poisonous for Stealthy Backdoor

Backdoor data poisoning is a crucial technique for ownership protection and defending against malicious attacks. Embedding hidden triggers in training data can manipulate model outputs, enabling provenance verification, and deterring unauthorized use. However, current audio backdoor methods are...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.6 views

Are Voters Willing to Collectively Secure Elections? Unraveling a Practical Blockchain Voting System

Ensuring ballot secrecy is critical for fair and trustworthy electronic voting systems, yet achieving strong secrecy guarantees in decentralized, large-scale elections remains challenging. This paper proposes the concept of collectively secure voting, in which voters themselves can opt in as secr...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.6 views

New Machine Learning Approaches for Intrusion Detection in ADS-B

With the growing reliance on the vulnerable Automatic Dependent Surveillance-Broadcast ADS-B protocol in air traffic management ATM, ensuring security is critical. This study investigates emerging machine learning models and training strategies to improve AI-based intrusion detection systems IDS...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.4 views

A Meta-Complexity Characterization of Minimal Quantum Cryptography

We give a meta-complexity characterization of EFI pairs, which are considered the "minimal" primitive in quantum cryptography and are equivalent to quantum commitments. More precisely, we show that the existence of EFI pairs is equivalent to the following: there exists a non-uniformly samplable...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.7 views

An AUTOSAR-Aligned Architectural Study of Vulnerabilities in Automotive SoC Software

Cooperative, Connected and Automated Mobility CCAM are complex cyber-physical systems CPS that integrate computation, communication, and control in safety-critical environments. At their core, System-on-Chip SoC platforms consolidate processing units, communication interfaces, AI accelerators, an...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.8 views

Post-Quantum Security of Block Cipher Constructions

Block ciphers are versatile cryptographic ingredients that are used in a wide range of applications ranging from secure Internet communications to disk encryption. While post-quantum security of public-key cryptography has received significant attention, the case of symmetric-key cryptography and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.5 views

VisualDAN: Exposing Vulnerabilities in VLMs with Visual-Driven DAN Commands

Vision-Language Models VLMs have garnered significant attention for their remarkable ability to interpret and generate multimodal content. However, securing these models against jailbreak attacks continues to be a substantial challenge. Unlike text-only models, VLMs integrate additional modalitie...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/09 12:0 a.m.6 views

AI-Driven Post-Quantum Cryptography for Cyber-Resilient V2X Communication in Transportation Cyber-Physical Systems

Transportation Cyber-Physical Systems TCPS integrate physical elements, such as transportation infrastructure and vehicles, with cyber elements via advanced communication technologies, allowing them to interact seamlessly. This integration enhances the efficiency, safety, and sustainability of...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.5 views

Communication-Optimal Blind Quantum Protocols

A user, Alice, wants to get server Bob to implement a quantum computation for her. However, she wants to leave him blind to what she's doing. What are the minimal communication resources Alice must use in order to achieve information-theoretic security? In this paper, we consider a single step of...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.7 views

Security-Robustness Trade-Offs in Diffusion Steganography: A Comparative Analysis of Pixel-Space and VAE-Based Architectures

Current generative steganography research mainly pursues computationally expensive mappings to perfect Gaussian priors within single diffusion model architectures. This work introduces an efficient framework based on approximate Gaussian mapping governed by a scale factor calibrated through...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.7 views

A Multi-Layered Embedded Intrusion Detection Framework for Programmable Logic Controllers

Industrial control system ICS operations use trusted endpoints like human machine interfaces HMIs and workstations to relay commands to programmable logic controllers PLCs. Because most PLCs lack layered defenses, compromise of a trusted endpoint can drive unsafe actuator commands and risk...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.5 views

A2AS: Agentic AI Runtime Security and Self-Defense

The A2AS framework is introduced as a security layer for AI agents and LLM-powered applications, similar to how HTTPS secures HTTP. A2AS enforces certified behavior, activates model self-defense, and ensures context window integrity. It defines security boundaries, authenticates prompts, applies...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.6 views

Wapiti Web Application Vulnerability Scanner 3.2.6

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the binary release...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.3 views

Cyber Slavery Infrastructures: A Socio-Technical Study of Forced Criminality in Transnational Cybercrime

The rise of "cyber slavery," a technologically facilitated variant of forced criminality, signifies a concerning convergence of human trafficking and digital exploitation. In Southeast Asia, trafficked individuals are increasingly coerced into engaging in cybercrimes, including online fraud and...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.5 views

GNN-Enhanced Traffic Anomaly Detection for Next-Generation SDN-Enabled Consumer Electronics

Consumer electronics CE connected to the Internet of Things are susceptible to various attacks, including DDoS and web-based threats, which can compromise their functionality and facilitate remote hijacking. These vulnerabilities allow attackers to exploit CE for broader system attacks while...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.18 views

Distilling Lightweight Language Models for C/C++ Vulnerabilities

The increasing complexity of modern software systems exacerbates the prevalence of security vulnerabilities, posing risks of severe breaches and substantial economic loss. Consequently, robust code vulnerability detection is essential for software security. While Large Language Models LLMs have...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.4 views

Cybersecurity Competence for Organisations in Inner Scandinavia

A rapidly growing number of cybersecurity threats and incidents demands that Swedish organisations increase their efforts to improve their cybersecurity capacities. This paper presents results from interviews and a prior survey with key representatives from enterprises and public sector...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.7 views

EMPalm: Exfiltrating Palm Biometric Data Via Electromagnetic Side-Channels

Palm recognition has emerged as a dominant biometric authentication technology in critical infrastructure. These systems operate in either single-modal form, using palmprint or palmvein individually, or dual-modal form, fusing the two modalities. Despite this diversity, they share similar hardwar...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.5 views

RedTWIZ: Diverse LLM Red Teaming Via Adaptive Attack Planning

This paper presents the vision, scientific contributions, and technical details of RedTWIZ: an adaptive and diverse multi-turn red teaming framework, to audit the robustness of Large Language Models LLMs in AI-assisted software development. Our work is driven by three major research streams: 1...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.8 views

Wapiti Web Application Vulnerability Scanner 3.2.6 Source Code

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.7 views

I Can'T Patch My OT Systems! a Look at CISA'S KEVC Workarounds and Mitigations for OT

We examine the state of publicly available information about known exploitable vulnerabilities applicable to operational technology OT environments. Specifically, we analyze the Known Exploitable Vulnerabilities Catalog KEVC maintained by the US Department of Homeland Security Cybersecurity and...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/08 12:0 a.m.9 views

Are LLMs Reliable Rankers? Rank Manipulation Via Two-Stage Token Optimization

Large language models LLMs are increasingly used as rerankers in information retrieval, yet their ranking behavior can be steered by small, natural-sounding prompts. To expose this vulnerability, we present Rank Anything First RAF, a two-stage token optimization method that crafts concise textual...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.7 views

TOR Virtual Network Tunneling Tool 0.4.8.19

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.6 views

PhishSSL: Self-Supervised Contrastive Learning for Phishing Website Detection

Phishing websites remain a persistent cybersecurity threat by mimicking legitimate sites to steal sensitive user information. Existing machine learning-based detection methods often rely on supervised learning with labeled data, which not only incurs substantial annotation costs but also limits...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.6 views

An Empirical Study of Security-Policy Related Issues in Open Source Projects

GitHub recommends that projects adopt a SECURITY.md file that outlines vulnerability reporting procedures. However, the effectiveness and operational challenges of such files are not yet fully understood. This study aims to clarify the challenges that SECURITY.md files face in the vulnerability...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.5 views

A Survey on Agentic Security: Applications, Threats and Defenses

The rapid shift from passive LLMs to autonomous LLM-agents marks a new paradigm in cybersecurity. While these agents can act as powerful tools for both offensive and defensive operations, the very agentic context introduces a new class of inherent security risks. In this work we present the first...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.5 views

Towards Reliable and Practical LLM Security Evaluations Via Bayesian Modelling

Before adopting a new large language model LLM architecture, it is critical to understand vulnerabilities accurately. Existing evaluations can be difficult to trust, often drawing conclusions from LLMs that are not meaningfully comparable, relying on heuristic inputs or employing metrics that fai...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.6 views

Benchmarking Fake Voice Detection in the Fake Voice Generation Arms Race

As advances in synthetic voice generation accelerate, an increasing variety of fake voice generators have emerged, producing audio that is often indistinguishable from real human speech. This evolution poses new and serious threats across sectors where audio recordings serve as critical evidence...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.17 views

SpyChain: Multi-Vector Supply Chain Attacks on Small Satellite Systems

Small satellites are integral to scientific, commercial, and defense missions, but reliance on commercial off-the-shelf COTS hardware broadens their attack surface. Although supply chain threats are well studied in other cyber-physical domains, their feasibility and stealth in space systems remai...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.6 views

Leveraging Large Language Models for Cybersecurity Risk Assessment -- a Case from Forestry Cyber-Physical Systems

In safety-critical software systems, cybersecurity activities become essential, with risk assessment being one of the most critical. In many software teams, cybersecurity experts are either entirely absent or represented by only a small number of specialists. As a result, the workload for these...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/07 12:0 a.m.4 views

Code Agent Can Be an End-To-End System Hacker: Benchmarking Real-World Threats of Computer-Use Agent

Computer-use agent CUA frameworks, powered by large language models LLMs or multimodal LLMs MLLMs, are rapidly maturing as assistants that can perceive context, reason, and act directly within software environments. Among their most critical applications is operating system OS control. As CUAs in...

7AI score
Exploits0
Total number of security vulnerabilities6825