Lucene search
K
PacketstormnewsRecent

6825 matches found

Packet Storm News
Packet Storm News
•added 2025/09/28 12:0 a.m.•5 views

Quant Fever, Reasoning Blackholes, Schrodinger'S Compliance, and More: Probing GPT-OSS-20B

OpenAI's GPT-OSS family provides open-weight language models with explicit chain-of-thought CoT reasoning and a Harmony prompt format. We summarize an extensive security evaluation of GPT-OSS-20B that probes the model's behavior under different adversarial conditions. Using the Jailbreak Oracle J...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/28 12:0 a.m.•3 views

Takedown: How It's Done in Modern Coding Agent Exploits

Coding agents, which are LLM-driven agents specialized in software development, have become increasingly prevalent in modern programming environments. Unlike traditional AI coding assistants, which offer simple code completion and suggestions, modern coding agents tackle more complex tasks with...

7.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/27 12:0 a.m.•4 views

Uncovering Vulnerabilities of LLM-Assisted Cyber Threat Intelligence

Large Language Models LLMs are intensively used to assist security analysts in counteracting the rapid exploitation of cyber threats, wherein LLMs offer cyber threat intelligence CTI to support vulnerability assessment and incident response. While recent work has shown that LLMs can support a wid...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/27 12:0 a.m.•6 views

Benchmarking LLM-Assisted Blue Teaming Via Standardized Threat Hunting

As cyber threats continue to grow in scale and sophistication, blue team defenders increasingly require advanced tools to proactively detect and mitigate risks. Large Language Models LLMs offer promising capabilities for enhancing threat analysis. However, their effectiveness in real-world blue...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/27 12:0 a.m.•5 views

ICS-SimLab: A Containerized Approach for Simulating Industrial Control Systems for Cyber Security Research

Industrial Control Systems ICSs are complex interconnected systems used to manage process control within industrial environments, such as chemical processing plants and water treatment facilities. As the modern industrial environment moves towards Internet-facing services, ICSs face an increased...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/27 12:0 a.m.•9 views

Noisy Networks, Nosy Neighbors: Inferring Privacy Invasive Information from Encrypted Wireless Traffic

This thesis explores the extent to which passive observation of wireless traffic in a smart home environment can be used to infer privacy-invasive information about its inhabitants. Using a setup that mimics the capabilities of a nosy neighbor in an adjacent flat, we analyze raw 802.11 packets an...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/27 12:0 a.m.•6 views

AutoML in Cybersecurity: An Empirical Study

Automated machine learning AutoML has emerged as a promising paradigm for automating machine learning ML pipeline design, broadening AI adoption. Yet its reliability in complex domains such as cybersecurity remains underexplored. This paper systematically evaluates eight open-source AutoML...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/26 12:0 a.m.•4 views

TRUSTCHECKPOINTS: Time Betrays Malware for Unconditional Software Root of Trust

Modern IoT and embedded platforms must start execution from a known trusted state to thwart malware, ensure secure firmware updates, and protect critical infrastructure. Current approaches to establish a root of trust depend on secret keys and/or specialized secure hardware, which drives up costs...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/26 12:0 a.m.•14 views

NanoTag: Systems Support for Efficient Byte-Granular Overflow Detection on ARM MTE

Memory safety bugs, such as buffer overflows and use-after-frees, are the leading causes of software safety issues in production. Software-based approaches, e.g., Address Sanitizer ASAN, can detect such bugs with high precision, but with prohibitively high overhead. ARM's Memory Tagging Extension...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/26 12:0 a.m.•5 views

Decoding Deception: Understanding Automatic Speech Recognition Vulnerabilities in Evasion and Poisoning Attacks

Recent studies have demonstrated the vulnerability of Automatic Speech Recognition systems to adversarial examples, which can deceive these systems into misinterpreting input speech commands. While previous research has primarily focused on white-box attacks with constrained optimizations, and...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/26 12:0 a.m.•7 views

Collusion-Driven Impersonation Attack on Channel-Resistant RF Fingerprinting

Radio frequency fingerprint RFF is a promising device identification technology, with recent research shifting from robustness to security due to growing concerns over vulnerabilities. To date, while the security of RFF against basic spoofing such as MAC address tampering has been validated, its...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/26 12:0 a.m.•16 views

Red Teaming Quantum-Resistant Cryptographic Standards: A Penetration Testing Framework Integrating AI and Quantum Security

This study presents a structured approach to evaluating vulnerabilities within quantum cryptographic protocols, focusing on the BB84 quantum key distribution method and National Institute of Standards and Technology NIST approved quantum-resistant algorithms. By integrating AI-driven red teaming,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/26 12:0 a.m.•5 views

Smart Medical IoT Security Vulnerabilities: Real-Time MITM Attack Analysis, Lightweight Encryption Implementation, and Practitioner Perceptions in Underdeveloped Nigerian Healthcare Systems

The growing use of Internet of Things IoT technologies in Nigerian healthcare offers potential improvements in remote monitoring and data-driven care, but unsecured wireless communication in medical IoT mIoT devices exposes patient data to cyber threats. This study investigates such vulnerabiliti...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/26 12:0 a.m.•6 views

Bridging Technical Capability and User Accessibility: Off-Grid Civilian Emergency Communication

During large-scale crises disrupting cellular and Internet infrastructure, civilians lack reliable methods for communication, aid coordination, and access to trustworthy information. This paper presents a unified emergency communication system integrating a low-power, long-range network with a...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/26 12:0 a.m.•9 views

AntiFLipper: A Secure and Efficient Defense against Label-Flipping Attacks in Federated Learning

Federated learning FL enables privacy-preserving model training by keeping data decentralized. However, it remains vulnerable to label-flipping attacks, where malicious clients manipulate labels to poison the global model. Despite their simplicity, these attacks can severely degrade model...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/26 12:0 a.m.•7 views

A Global Analysis of Cyber Threats to the Energy Sector: "Currents of Conflict" from a Geopolitical Perspective

The escalating frequency and sophistication of cyber threats increased the need for their comprehensive understanding. This paper explores the intersection of geopolitical dynamics, cyber threat intelligence analysis, and advanced detection technologies, with a focus on the energy domain. We...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/26 12:0 a.m.•10 views

Cisco CVE-2025-20352 SNMP Exposure Checker

This tool provides a fast and safe black-box exposure check for Cisco IOS/IOS XE devices related to CVE-2025-20352 SNMP vulnerability...

7.7CVSS6.8AI score0.37613EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/09/26 12:0 a.m.•55 views

SecureAgentBench: Benchmarking Secure Code Generation under Realistic Vulnerability Scenarios

Large language model LLM powered code agents are rapidly transforming software engineering by automating tasks such as testing, debugging, and repairing, yet the security risks of their generated code have become a critical concern. Existing benchmarks have offered valuable insights but remain...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/25 12:0 a.m.•13 views

nullcon Goa 2026 Call for Papers

The Call For Papers for nullcon Goa 2026 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place February 28th through March 1st, 2026...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/25 12:0 a.m.•6 views

Automatic Red Teaming LLM-Based Agents with Model Context Protocol Tools

The remarkable capability of large language models LLMs has led to the wide application of LLM-based agents in various domains. To standardize interactions between LLM-based agents and their environments, model context protocol MCP tools have become the de facto standard and are now widely...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/25 12:0 a.m.•11 views

ExpIDS: a Drift-Adaptable Network Intrusion Detection System with Improved Explainability

Despite all the advantages associated with Network Intrusion Detection Systems NIDSs that utilize machine learning ML models, there is a significant reluctance among cyber security experts to implement these models in real-world production settings. This is primarily because of their opaque natur...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/25 12:0 a.m.•5 views

The Impact of Audio Watermarking on Audio Anti-Spoofing Countermeasures

This paper presents the first study on the impact of audio watermarking on spoofing countermeasures. While anti-spoofing systems are essential for securing speech-based applications, the influence of widely used audio watermarking, originally designed for copyright protection, remains largely...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/25 12:0 a.m.•6 views

SoK: Potentials and Challenges of Large Language Models for Reverse Engineering

Reverse Engineering RE is central to software security, enabling tasks such as vulnerability discovery and malware analysis, but it remains labor-intensive and requires substantial expertise. Earlier advances in deep learning start to automate parts of RE, particularly for malware detection and...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/25 12:0 a.m.•5 views

Intelligent Graybox Fuzzing Via ATPG-Guided Seed Generation and Submodule Analysis

Hardware Fuzzing emerged as one of the crucial techniques for finding security flaws in modern hardware designs by testing a wide range of input scenarios. One of the main challenges is creating high-quality input seeds that maximize coverage and speed up verification. Coverage-Guided Fuzzing CGF...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/25 12:0 a.m.•19 views

Dual-Path Phishing Detection: Integrating Transformer-Based NLP with Structural URL Analysis

Phishing emails pose a persistent and increasingly sophisticated threat, undermining email security through deceptive tactics designed to exploit both semantic and structural vulnerabilities. Traditional detection methods, often based on isolated analysis of email content or embedded URLs, fail t...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/25 12:0 a.m.•44 views

RLCracker: Exposing the Vulnerability of LLM Watermarks with Adaptive RL Attacks

Large Language Models LLMs watermarking has shown promise in detecting AI-generated content and mitigating misuse, with prior work claiming robustness against paraphrasing and text editing. In this paper, we argue that existing evaluations are not sufficiently adversarial, obscuring critical...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/25 12:0 a.m.•5 views

PhishLumos: an Adaptive Multi-Agent System for Proactive Phishing Campaign Mitigation

Phishing attacks are a significant societal threat, disproportionately harming vulnerable populations and eroding trust in essential digital services. Current defenses are often reactive, failing against modern evasive tactics like cloaking that conceal malicious content. To address this, we...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/25 12:0 a.m.•6 views

EvoMail: Self-Evolving Cognitive Agents for Adaptive Spam and Phishing Email Defense

Modern email spam and phishing attacks have evolved far beyond keyword blacklists or simple heuristics. Adversaries now craft multi-modal campaigns that combine natural-language text with obfuscated URLs, forged headers, and malicious attachments, adapting their strategies within days to bypass...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/25 12:0 a.m.•7 views

Vision Transformers: the Threat of Realistic Adversarial Patches

The increasing reliance on machine learning systems has made their security a critical concern. Evasion attacks enable adversaries to manipulate the decision-making processes of AI systems, potentially causing security breaches or misclassification of targets. Vision Transformers ViTs have gained...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/25 12:0 a.m.•3 views

SetupHijack Privilege Escalation Tool

SetupHijack is a security research tool that exploits race conditions and insecure file handling in Windows installer and update processes. It targets scenarios where privileged installers or updaters drop files in %TEMP% or other world-writable locations, allowing an attacker to replace these...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/24 12:0 a.m.•7 views

STAF: Leveraging LLMs for Automated Attack Tree-Based Security Test Generation

In modern automotive development, security testing is critical for safeguarding systems against increasingly advanced threats. Attack trees are widely used to systematically represent potential attack vectors, but generating comprehensive test cases from these trees remains a labor-intensive,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/24 12:0 a.m.•6 views

RAG Security and Privacy: Formalizing the Threat Model and Attack Surface

Retrieval-Augmented Generation RAG is an emerging approach in natural language processing that combines large language models LLMs with external document retrieval to produce more accurate and grounded responses. While RAG has shown strong potential in reducing hallucinations and improving factua...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/24 12:0 a.m.•10 views

CyberSOCEval: Benchmarking LLMs Capabilities for Malware Analysis and Threat Intelligence Reasoning

Today's cyber defenders are overwhelmed by a deluge of security alerts, threat intelligence signals, and shifting business context, creating an urgent need for AI systems to enhance operational security work. While Large Language Models LLMs have the potential to automate and scale Security...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/24 12:0 a.m.•5 views

Investigating Security Implications of Automatically Generated Code on the Software Supply Chain

In recent years, various software supply chain SSC attacks have posed significant risks to the global community. Severe consequences may arise if developers integrate insecure code snippets that are vulnerable to SSC attacks into their products. Particularly, code generation techniques, such as...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/24 12:0 a.m.•8 views

Bi-GRPO: Bidirectional Optimization for Jailbreak Backdoor Injection on LLMs

With the rapid advancement of large language models LLMs, their robustness against adversarial manipulations, particularly jailbreak backdoor attacks, has become critically important. Existing approaches to embedding jailbreak triggers--such as supervised fine-tuning SFT, model editing, and...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/24 12:0 a.m.•4 views

Every Character Counts: from Vulnerability to Defense in Phishing Detection

Phishing attacks targeting both organizations and individuals are becoming an increasingly significant threat as technology advances. Current automatic detection methods often lack explainability and robustness in detecting new phishing attacks. In this work, we investigate the effectiveness of...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/24 12:0 a.m.•4 views

Cryptographic Backdoor for Neural Networks: Boon and Bane

In this paper we show that cryptographic backdoors in a neural network NN can be highly effective in two directions, namely mounting the attacks as well as in presenting the defenses as well. On the attack side, a carefully planted cryptographic backdoor enables powerful and invisible attack on t...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/24 12:0 a.m.•17 views

Adversarial Defense in Cybersecurity: a Systematic Review of GANs for Threat Detection and Mitigation

Machine learning-based cybersecurity systems are highly vulnerable to adversarial attacks, while Generative Adversarial Networks GANs act as both powerful attack enablers and promising defenses. This survey systematically reviews GAN-based adversarial defenses in cybersecurity 2021--August 31,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/24 12:0 a.m.•7 views

Can Federated Learning Safeguard Private Data in LLM Training? Vulnerabilities, Attacks, and Defense Evaluation

Fine-tuning large language models LLMs with local data is a widely adopted approach for organizations seeking to adapt LLMs to their specific domains. Given the shared characteristics in data across different organizations, the idea of collaboratively fine-tuning an LLM using data from multiple...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/23 12:0 a.m.•5 views

Defending against Stegomalware in Deep Neural Networks with Permutation Symmetry

Deep neural networks are being utilized in a growing number of applications, both in production systems and for personal use. Network checkpoints are as a consequence often shared and distributed on various platforms to ease the development process. This work considers the threat of neural networ...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/23 12:0 a.m.•7 views

Centralized Vs. Decentralized Security for Space AI Systems? A New Look

This paper investigates the trade-off between centralized and decentralized security management in constellations of satellites to balance security and performance. We highlight three key AI architectures for automated security management: a centralized, b distributed and c federated. The...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/23 12:0 a.m.•5 views

Security Evaluation of Android Apps in Budget African Mobile Devices

Android's open-source nature facilitates widespread smartphone accessibility, particularly in price-sensitive markets. System and vendor applications that come pre-installed on budget Android devices frequently operate with elevated privileges, yet they receive limited independent examination. To...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/23 12:0 a.m.•10 views

Towards Adapting Federated and Quantum Machine Learning for Network Intrusion Detection: a Survey

This survey explores the integration of Federated Learning FL with Network Intrusion Detection Systems NIDS, with particular emphasis on deep learning and quantum machine learning approaches. FL enables collaborative model training across distributed devices while preserving data privacy-a critic...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/23 12:0 a.m.•8 views

Semantic-Aware Fuzzing: an Empirical Framework for LLM-Guided, Reasoning-Driven Input Mutation

Security vulnerabilities in Internet-of-Things devices, mobile platforms, and autonomous systems remain critical. Traditional mutation-based fuzzers -- while effectively explore code paths -- primarily perform byte- or bit-level edits without semantic reasoning. Coverage-guided tools such as AFL+...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/23 12:0 a.m.•6 views

Exploiting Page Faults for Covert Communication

We present a novel mechanism to construct a covert channel based on page faults. A page fault is an event that occurs when a process or a thread tries to access a page of memory that is not currently mapped to its address space. The kernel typically responds to this event by performing a context...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/23 12:0 a.m.•8 views

SoK: a Systematic Review of Malware Ontologies and Taxonomies and Implications for the Quantum Era

The threat of quantum malware is real and a growing security concern that will have catastrophic scientific and technological impacts, if not addressed early. If weaponised or exploited especially by the wrong hands, malware will undermine highly sophisticated critical systems supported by...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/23 12:0 a.m.•5 views

Obelix: Mitigating Side-Channels through Dynamic Obfuscation

Trusted execution environments TEEs offer hardware-assisted means to protect code and data. However, as shown in numerous results over the years, attackers can use side-channels to leak data access patterns and even single-step the code. While the vendors are slowly introducing hardware-based...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/23 12:0 a.m.•7 views

FlowCrypt: Flow-Based Lightweight Encryption with Near-Lossless Recovery for Cloud Photo Privacy

The widespread adoption of smartphone photography has led users to increasingly rely on cloud storage for personal photo archiving and sharing, raising critical privacy concerns. Existing deep learning-based image encryption schemes, typically built upon CNNs or GANs, often depend on traditional...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/23 12:0 a.m.•23 views

LLM-Based Vulnerability Discovery through the Lens of Code Metrics

Large language models LLMs excel in many tasks of software engineering, yet progress in leveraging them for vulnerability discovery has stalled in recent years. To understand this phenomenon, we investigate LLMs through the lens of classic code metrics. Surprisingly, we find that a classifier...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/22 12:0 a.m.•6 views

SilentStriker: toward Stealthy Bit-Flip Attacks on Large Language Models

The rapid adoption of large language models LLMs in critical domains has spurred extensive research into their security issues. While input manipulation attacks e.g., prompt injection have been well studied, Bit-Flip Attacks BFAs -- which exploit hardware vulnerabilities to corrupt model paramete...

7AI score
Exploits0
Total number of security vulnerabilities6825