Lucene search
K
PacketstormnewsRecent

6825 matches found

Packet Storm News
Packet Storm News
added 2025/10/02 12:0 a.m.13 views

RedCodeAgent: Automatic Red-Teaming Agent against Diverse Code Agents

Code agents have gained widespread adoption due to their strong code generation capabilities and integration with code interpreters, enabling dynamic execution, debugging, and interactive programming capabilities. While these advancements have streamlined complex workflows, they have also...

7.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/02 12:0 a.m.8 views

SoK: Measuring What Matters for Closed-Loop Security Agents

Cybersecurity is a relentless arms race, with AI driven offensive systems evolving faster than traditional defenses can adapt. Research and tooling remain fragmented across isolated defensive functions, creating blind spots that adversaries exploit. Autonomous agents capable of integrating, explo...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.3 views

USBCoercer: A TinyUSB Based WPAD Coercion Device

USBCoercer turns an ESP32 development board with native USB-OTG into an Ethernet-over-USB gadget capable of coercing proxy configuration via WPAD. It builds on the TinyUSB Network Control Model NCM example and adds a minimalist DHCP server that injects DHCP option 252 WPAD/PAC and, additionally,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.8 views

Securing IoT Devices in Smart Cities: A Review of Proposed Solutions

Privacy and security in Smart Cities remain at constant risk due to the vulnerabilities introduced by Internet of Things IoT devices. The limited computational resources of these devices make them especially susceptible to attacks, while their widespread adoption increases the potential impact of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.32 views

WAInjectBench: Benchmarking Prompt Injection Detections for Web Agents

Multiple prompt injection attacks have been proposed against web agents. At the same time, various methods have been developed to detect general prompt injection attacks, but none have been systematically evaluated for web agents. In this work, we bridge this gap by presenting the first...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.4 views

Backdoor Attacks against Speech Language Models

Large Language Models LLMs and their multimodal extensions are becoming increasingly popular. One common approach to enable multimodality is to cascade domain-specific encoders with an LLM, making the resulting model inherit vulnerabilities from all of its components. In this work, we present the...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.5 views

Optimal Untelegraphable Encryption and Implications for Uncloneable Encryption

We investigate the notion of untelegraphable encryption UTE, a quantum encryption primitive that is a special case of uncloneable encryption UE, where the adversary's capabilities are restricted to producing purely classical information rather than arbitrary quantum states. We present an...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.7 views

POLAR: Automating Cyber Threat Prioritization through LLM-Powered Assessment

Large Language Models LLMs are intensively used to assist security analysts in counteracting the rapid exploitation of cyber threats, wherein LLMs offer cyber threat intelligence CTI to support vulnerability assessment and incident response. While recent work has shown that LLMs can support a wid...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.10 views

Breaking the Code: Security Assessment of AI Code Agents through Systematic Jailbreaking Attacks

Code-capable large language model LLM agents are increasingly embedded into software engineering workflows where they can read, write, and execute code, raising the stakes of safety-bypass "jailbreak" attacks beyond text-only settings. Prior evaluations emphasize refusal or harmful-text detection...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.6 views

Computational Monogamy of Entanglement and Non-Interactive Quantum Key Distribution

Quantum key distribution QKD enables Alice and Bob to exchange a secret key over a public, untrusted quantum channel. Compared to classical key exchange, QKD achieves everlasting security: after the protocol execution the key is secure against adversaries that can do unbounded computations. On th...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.5 views

American Fuzzy Lop plus plus 4.34c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/10/01 12:0 a.m.5 views

HVAC-EAR: Eavesdropping Human Speech Using HVAC Systems

Pressure sensors are widely integrated into modern Heating, Ventilation and Air Conditioning HVAC systems. As they are sensitive to acoustic pressure, they can be a source of eavesdropping. This paper introduces HVAC-EAR, which reconstructs intelligible speech from low-resolution, noisy pressure...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.6 views

CHAI: Command Hijacking against Embodied AI

Embodied Artificial Intelligence AI promises to handle edge cases in robotic vehicle systems where data is scarce by using common-sense reasoning grounded in perception and action to generalize beyond training distributions and adapt to novel real-world situations. These capabilities, however, al...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.4 views

Selmer-Inspired Elliptic Curve Generation

Elliptic curve cryptography ECC is foundational to modern secure communication, yet existing standard curves have faced scrutiny for opaque parameter-generation practices. This work introduces a Selmer-inspired framework for constructing elliptic curves that is both transparent and auditable...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.5 views

From Trace to Line: LLM Agent for Real-World OSS Vulnerability Localization

Large language models show promise for vulnerability discovery, yet prevailing methods inspect code in isolation, struggle with long contexts, and focus on coarse function- or file-level detections - offering limited actionable guidance to engineers who need precise line-level localization and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.6 views

LLM-Generated Samples for Android Malware Detection

Android malware continues to evolve through obfuscation and polymorphism, posing challenges for both signature-based defenses and machine learning models trained on limited and imbalanced datasets. Synthetic data has been proposed as a remedy for scarcity, yet the role of large language models LL...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.11 views

Better Privilege Separation for Agents by Restricting Data Types

Large language models LLMs have become increasingly popular due to their ability to interact with unstructured content. As such, LLMs are now a key driver behind the automation of language processing systems, such as AI agents. Unfortunately, these advantages have come with a vulnerability to...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.13 views

Red Teaming Program Repair Agents: When Correct Patches Can Hide Vulnerabilities

LLM-based agents are increasingly deployed for software maintenance tasks such as automated program repair APR. APR agents automatically fetch GitHub issues and use backend LLMs to generate patches that fix the reported bugs. However, existing work primarily focuses on the functional correctness ...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.6 views

SoK: Systematic Analysis of Adversarial Threats against Deep Learning Approaches for Autonomous Anomaly Detection Systems in SDN-IoT Networks

Integrating SDN and the IoT enhances network control and flexibility. DL-based AAD systems improve security by enabling real-time threat detection in SDN-IoT networks. However, these systems remain vulnerable to adversarial attacks that manipulate input data or exploit model weaknesses,...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.5 views

MAVUL: Multi-Agent Vulnerability Detection Via Contextual Reasoning and Interactive Refinement

The widespread adoption of open-source software OSS necessitates the mitigation of vulnerability risks. Most vulnerability detection VD methods are limited by inadequate contextual understanding, restrictive single-round interactions, and coarse-grained evaluations, resulting in undesired model...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.5 views

SecureBERT 2.0: Advanced Language Model for Cybersecurity Intelligence

Effective analysis of cybersecurity and threat intelligence data demands language models that can interpret specialized terminology, complex document structures, and the interdependence of natural language and source code. Encoder-only transformer architectures provide efficient and robust...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.5 views

Dynamic Causal Attack Graph Based Cyber-Security Risk Assessment Framework for CTCS System

Protecting the security of the train control system is a critical issue to ensure the safe and reliable operation of high-speed trains. Scientific modeling and analysis for the security risk is a promising way to guarantee system security. However, the representation and assessment of the...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.30 views

Cloud Investigation Automation Framework (CIAF): An AI-Driven Approach to Cloud Forensics

Large Language Models LLMs have gained prominence in domains including cloud security and forensics. Yet cloud forensic investigations still rely on manual analysis, making them time-consuming and error-prone. LLMs can mimic human reasoning, offering a pathway to automating cloud log analysis. To...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.5 views

Security and Privacy Analysis of Tile's Location Tracking Protocol

We conduct the first comprehensive security analysis of Tile, the second most popular crowd-sourced location-tracking service behind Apple's AirTags. We identify several exploitable vulnerabilities and design flaws, disproving many of the platform's claimed security and privacy guarantees: Tile's...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.3 views

Probeless Vs Probe-Based Variable-Strength Eavesdropping in Quantum Key Distribution

Quantum key distribution QKD is a provably secure way of generating a secret key, which can later be used for encoding and decoding information. In this paper we analyze the effects of an eavesdropper's variable-strength measurements on QKD. Two types of measurements have been considered: i a...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.6 views

FreeBSD Security Advisory - FreeBSD-SA-25:08.openssl

FreeBSD Security Advisory - FreeBSD includes software from the OpenSSL Project. OpenSSL suffers from some new vulnerabilities. An application trying to decrypt cryptographic message syntax CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. A timing...

7.5CVSS7.1AI score0.02234EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.5 views

OpenSSL Toolkit 3.5.4

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.5 LTS release...

7.5CVSS6.9AI score0.02234EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.6 views

OpenSSL Toolkit 3.4.3

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.4 release...

7.5CVSS6.9AI score0.02234EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.5 views

OpenSSL Toolkit 3.3.5

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.3 release...

7.5CVSS6.9AI score0.02234EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.5 views

OpenSSL Toolkit 3.0.18

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.0 LTS release...

7.5CVSS6.9AI score0.02016EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.4 views

OpenSSL Security Advisory 20250930

OpenSSL Security Advisory 20250930 - An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the "noproxy" environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address...

7.5CVSS6.9AI score0.02234EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/30 12:0 a.m.4 views

OpenSSL Toolkit 3.2.6

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.2 release...

7.5CVSS6.9AI score0.02234EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.5 views

A Hybrid CAPTCHA Combining Generative AI with Keystroke Dynamics for Enhanced Bot Detection

Completely Automated Public Turing tests to tell Computers and Humans Apart CAPTCHAs are a foundational component of web security, yet traditional implementations suffer from a trade-off between usability and resilience against AI-powered bots. This paper introduces a novel hybrid CAPTCHA system...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.3 views

Mapping Quantum Threats: An Engineering Inventory of Cryptographic Dependencies

The emergence of large-scale quantum computers, powered by algorithms like Shor's and Grover's, poses an existential threat to modern public-key cryptography. This vulnerability stems from the ability of these machines to efficiently solve the hard mathematical problems - such as integer...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.2 views

On the Limitations of Pseudorandom Unitaries

Pseudorandom unitaries PRUs, one of the key quantum pseudorandom notions, are efficiently computable unitaries that are computationally indistinguishable from Haar random unitaries. While there is evidence to believe that PRUs are weaker than one-way functions, so far its relationship with other...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.5 views

FuncPoison: Poisoning Function Library to Hijack Multi-Agent Autonomous Driving Systems

Autonomous driving systems increasingly rely on multi-agent architectures powered by large language models LLMs, where specialized agents collaborate to perceive, reason, and plan. A key component of these systems is the shared function library, a collection of software tools that agents use to...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.7 views

Environmental Rate Manipulation Attacks on Power Grid Security

The growing complexity of global supply chains has made hardware Trojans a significant threat in sensor-based power electronics. Traditional Trojan designs depend on digital triggers or fixed threshold conditions that can be detected during standard testing. In contrast, we introduce Environmenta...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.6 views

Federated Spatiotemporal Graph Learning for Passive Attack Detection in Smart Grids

Smart grids are exposed to passive eavesdropping, where attackers listen silently to communication links. Although no data is actively altered, such reconnaissance can reveal grid topology, consumption patterns, and operational behavior, creating a gateway to more severe targeted attacks. Detecti...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.4 views

SVG Security Analysis Toolkit

SVG Security Analysis Toolkit contains specialized Python tools for analyzing potentially malicious SVG files and detecting security mechanisms...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.4 views

Two-Dimensional XOR-Based Secret Sharing for Layered Multipath Communication

This paper introduces the first two-dimensional XOR-based secret sharing scheme for layered multipath communication networks. We present a construction that guarantees successful message recovery and perfect privacy when an adversary observes and disrupts any single path at each transmission laye...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.6 views

Finding Phones Fast: Low-Latency and Scalable Monitoring of Cellular Communications in Sensitive Areas

The widespread availability of cellular devices introduces new threat vectors that allow users or attackers to bypass security policies and physical barriers and bring unauthorized devices into sensitive areas. These threats can arise from user non-compliance or deliberate actions aimed at data...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.7 views

Characterizing Event-Themed Malicious Web Campaigns: A Case Study on War-Themed Websites

Cybercrimes such as online scams and fraud have become prevalent. Cybercriminals often abuse various global or regional events as themes of their fraudulent activities to breach user trust and attain a higher attack success rate. These attacks attempt to manipulate and deceive innocent people int...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.6 views

STAC: When Innocent Tools Form Dangerous Chains to Jailbreak LLM Agents

As LLMs advance into autonomous agents with tool-use capabilities, they introduce security challenges that extend beyond traditional content-based LLM safety concerns. This paper introduces Sequential Tool Attack Chaining STAC, a novel multi-turn attack framework that exploits agent tool use. STA...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/29 12:0 a.m.5 views

SecInfer: Preventing Prompt Injection Via Inference-Time Scaling

Prompt injection attacks pose a pervasive threat to the security of Large Language Models LLMs. State-of-the-art prevention-based defenses typically rely on fine-tuning an LLM to enhance its security, but they achieve limited effectiveness against strong attacks. In this work, we propose...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/28 12:0 a.m.6 views

Automated Vulnerability Validation and Verification: A Large Language Model Approach

Software vulnerabilities remain a critical security challenge, providing entry points for attackers into enterprise networks. Despite advances in security practices, the lack of high-quality datasets capturing diverse exploit behavior limits effective vulnerability assessment and mitigation. This...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/28 12:0 a.m.4 views

HFuzzer: Testing Large Language Models for Package Hallucinations Via Phrase-Based Fuzzing

Large Language Models LLMs are widely used for code generation, but they face critical security risks when applied to practical production due to package hallucinations, in which LLMs recommend non-existent packages. These hallucinations can be exploited in software supply chain attacks, where...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/28 12:0 a.m.7 views

Binary Diff Summarization Using Large Language Models

Security of software supply chains is necessary to ensure that software updates do not contain maliciously injected code or introduce vulnerabilities that may compromise the integrity of critical infrastructure. Verifying the integrity of software updates involves binary differential analysis...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/28 12:0 a.m.4 views

SafeSearch: Automated Red-Teaming for the Safety of LLM-Based Search Agents

Search agents connect LLMs to the Internet, enabling access to broader and more up-to-date information. However, unreliable search results may also pose safety threats to end users, establishing a new threat surface. In this work, we conduct two in-the-wild experiments to demonstrate both the...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/28 12:0 a.m.6 views

SandCell: Sandboxing Rust beyond Unsafe Code

Rust is a modern systems programming language that ensures memory safety by enforcing ownership and borrowing rules at compile time. While the unsafe keyword allows programmers to bypass these restrictions, it introduces significant risks. Various approaches for isolating unsafe code to protect...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/28 12:0 a.m.4 views

GNUnet P2P Framework 0.25.1

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
Total number of security vulnerabilities6825