Lucene search
K
PacketstormnewsRecent

6825 matches found

Packet Storm News
Packet Storm News
added 2025/09/11 12:0 a.m.5 views

PARROT: Portable Android Reproducible Traffic Observation Tool

The rapid evolution of mobile security protocols and limited availability of current datasets constrains research in app traffic analysis. This paper presents PARROT, a reproducible and portable traffic capture system for systematic app traffic collection using Android Virtual Devices. The system...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/11 12:0 a.m.5 views

Shell or Nothing: Real-World Benchmarks and Memory-Activated Agents for Automated Penetration Testing

Penetration testing is critical for identifying and mitigating security vulnerabilities, yet traditional approaches remain expensive, time-consuming, and dependent on expert human labor. Recent work has explored AI-driven pentesting agents, but their evaluation relies on oversimplified...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/11 12:0 a.m.6 views

Enhancing Cyber Threat Hunting -- a Visual Approach with the Forensic Visualization Toolkit

In today's dynamic cyber threat landscape, organizations must take proactive steps to bolster their cybersecurity defenses. Cyber threat hunting is a proactive and iterative process aimed at identifying and mitigating advanced threats that may go undetected by traditional security measures. Rathe...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/11 12:0 a.m.8 views

Fraud Detection and Risk Assessment of Online Payment Transactions on E-Commerce Platforms Based on LLM and GCN Frameworks

With the rapid growth of e-commerce, online payment fraud has become increasingly complex, posing serious threats to financial security and consumer trust. Traditional detection methods often struggle to capture the intricate relational structures inherent in transactional data. This study presen...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/11 12:0 a.m.7 views

IoTFuzzSentry: a Protocol Guided Mutation Based Fuzzer for Automatic Vulnerability Testing in Commercial IoT Devices

Protocol fuzzing is a scalable and cost-effective technique for identifying security vulnerabilities in deployed Internet of Things devices. During their operational phase, IoT devices often run lightweight servers to handle user interactions, such as video streaming or image capture in smart...

9.8CVSS7AI score0.00643EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/09/11 12:0 a.m.7 views

Bridging the Gap in Phishing Detection: a Comprehensive Phishing Dataset Collector

To combat phishing attacks -- aimed at luring web users to divulge their sensitive information -- various phishing detection approaches have been proposed. As attackers focus on devising new tactics to bypass existing detection solutions, researchers have adapted by integrating machine learning a...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/11 12:0 a.m.4 views

Multi-Channel Secure Communication Framework for Wireless IoT (MCSC-WoT): Enhancing Security in Internet of Things

In modern smart systems, the convergence of the Internet of Things IoT and Wireless of Things WoT have been revolutionized by offering a broad level of wireless connectivity and communication among various devices. Hitherto, this greater interconnectivity poses important security problems,...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/11 12:0 a.m.5 views

A Cyber-Twin Based Honeypot for Gathering Threat Intelligence

Critical Infrastructure CI is prone to cyberattacks. Several techniques have been developed to protect CI against such attacks. In this work, we describe a honeypot based on a cyber twin for a water treatment plant. The honeypot is intended to serve as a realistic replica of a water treatment pla...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/10 12:0 a.m.5 views

Adversarial Attacks against Automated Fact-Checking: a Survey

In an era where misinformation spreads freely, fact-checking FC plays a crucial role in verifying claims and promoting reliable information. While automated fact-checking AFC has advanced significantly, existing systems remain vulnerable to adversarial attacks that manipulate or generate claims,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/10 12:0 a.m.7 views

Efficient Decoding Methods for Language Models on Encrypted Data

Large language models LLMs power modern AI applications, but processing sensitive data on untrusted servers raises privacy concerns. Homomorphic encryption HE enables computation on encrypted data for secure inference. However, neural text generation requires decoding methods like argmax and...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/10 12:0 a.m.4 views

Phish-Blitz: Advancing Phishing Detection with Comprehensive Webpage Resource Collection and Visual Integrity Preservation

Phishing attacks are increasingly prevalent, with adversaries creating deceptive webpages to steal sensitive information. Despite advancements in machine learning and deep learning for phishing detection, attackers constantly develop new tactics to bypass detection models. As a result, phishing...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/10 12:0 a.m.6 views

Overcoming DNSSEC Islands of Security: a TLS and IP-Based Certificate Solution

The Domain Name System DNS serves as the backbone of the Internet, primarily translating domain names to IP addresses. Over time, various enhancements have been introduced to strengthen the integrity of DNS. Among these, DNSSEC stands out as a leading cryptographic solution. It protects against...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/10 12:0 a.m.5 views

Phishing Webpage Detection: Unveiling the Threat Landscape and Investigating Detection Techniques

In the realm of cybersecurity, phishing stands as a prevalent cyber attack, where attackers employ various tactics to deceive users into gathering their sensitive information, potentially leading to identity theft or financial gain. Researchers have been actively working on advancing phishing...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/10 12:0 a.m.17 views

Cross-Service Token: Finding Attacks in 5G Core Networks

5G marks a major departure from previous cellular architectures, by transitioning from a monolithic design of the core network to a Service-Based Architecture SBA where services are modularized as Network Functions NFs which communicate with each other via standard-defined HTTP-based APIs called...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/10 12:0 a.m.6 views

Send to Which Account? Evaluation of an LLM-Based Scambaiting System

Scammers are increasingly harnessing generative AIGenAI technologies to produce convincing phishing content at scale, amplifying financial fraud and undermining public trust. While conventional defenses, such as detection algorithms, user training, and reactive takedown efforts remain important,...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/10 12:0 a.m.8 views

Fluid-Antenna-Aided AAV Secure Communications in Eavesdropper Uncertain Location

For autonomous aerial vehicle AAV secure communications, traditional designs based on fixed position antenna FPA lack sufficient spatial degrees of freedom DoF, which leaves the line-of-sight-dominated AAV links vulnerable to eavesdropping. To overcome this problem, this paper proposes a framewor...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/10 12:0 a.m.5 views

Flow-Based Detection and Identification of Zero-Day IoT Cameras

The majority of consumer IoT devices lack mechanisms for administrators to monitor and control them, hindering tailored security policies. A key challenge is identifying whether a new device, especially a streaming IoT camera, has joined the network. We present zCamInspector, a system for...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.12 views

I2P 2.10.0

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.5 views

Spectral Masking and Interpolation Attack (SMIA): a Black-Box Adversarial Attack against Voice Authentication and Anti-Spoofing Systems

Voice Authentication Systems VAS use unique vocal characteristics for verification. They are increasingly integrated into high-security sectors such as banking and healthcare. Despite their improvements using deep learning, they face severe vulnerabilities from sophisticated threats like deepfake...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.5 views

SAGE: Sample-Aware Guarding Engine for Robust Intrusion Detection against Adversarial Attacks

The rapid proliferation of the Internet of Things IoT continues to expose critical security vulnerabilities, necessitating the development of efficient and robust intrusion detection systems IDS. Machine learning-based intrusion detection systems ML-IDS have significantly improved threat detectio...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.5 views

Breaking Android with AI: a Deep Dive into LLM-Powered Exploitation

The rapid evolution of Artificial Intelligence AI and Large Language Models LLMs has opened up new opportunities in the area of cybersecurity, especially in the exploitation automation landscape and penetration testing. This study explores Android penetration testing automation using LLM-based...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.5 views

PatchSeeker: Mapping NVD Records to Their Vulnerability-Fixing Commits with LLM Generated Commits and Embeddings

Software vulnerabilities pose serious risks to modern software ecosystems. While the National Vulnerability Database NVD is the authoritative source for cataloging these vulnerabilities, it often lacks explicit links to the corresponding Vulnerability-Fixing Commits VFCs. VFCs encode precise code...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.5 views

Backdoor Attacks and Defenses in Computer Vision Domain: a Survey

Backdoor trojan attacks embed hidden, controllable behaviors into machine-learning models so that models behave normally on benign inputs but produce attacker-chosen outputs when a trigger is present. This survey reviews the rapidly growing literature on backdoor attacks and defenses in the...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.168 views

AgentSentinel: an End-To-End and Real-Time Security Defense Framework for Computer-Use Agents

Large Language Models LLMs have been increasingly integrated into computer-use agents, which can autonomously operate tools on a user's computer to accomplish complex tasks. However, due to the inherently unstable and unpredictable nature of LLM outputs, they may issue unintended tool commands or...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.8 views

Establishing a Baseline of Software Supply Chain Security Task Adoption by Software Organizations

Software supply chain attacks have increased exponentially since 2020. The primary attack vectors for supply chain attacks are through: 1 software components; 2 the build infrastructure; and 3 humans a.k.a software practitioners. Software supply chain risk management frameworks provide a list of...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.7 views

Guided Reasoning in LLM-Driven Penetration Testing Using Structured Attack Trees

Recent advances in Large Language Models LLMs have driven interest in automating cybersecurity penetration testing workflows, offering the promise of faster and more consistent vulnerability assessment for enterprise systems. Existing LLM agents for penetration testing primarily rely on self-guid...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.4 views

Empirical Security Analysis of Software-Based Fault Isolation through Controlled Fault Injection

We use browsers daily to access all sorts of information. Because browsers routinely process scripts, media, and executable code from unknown sources, they form a critical security boundary between users and adversaries. A common attack vector is JavaScript, which exposes a large attack surface d...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.4 views

A Non-Monotonic Relationship: an Empirical Analysis of Hybrid Quantum Classifiers for Unseen Ransomware Detection

Detecting unseen ransomware is a critical cybersecurity challenge where classical machine learning often fails. While Quantum Machine Learning QML presents a potential alternative, its application is hindered by the dimensionality gap between classical data and quantum hardware. This paper...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.5 views

Leveraging Digital Twin-As-A-Service Towards Continuous and Automated Cybersecurity Certification

Traditional risk assessments rely on manual audits and system scans, often causing operational disruptions and leaving security gaps. To address these challenges, this work presents Security Digital Twin-as-a-Service SDT-aaS, a novel approach that leverages Digital Twin DT technology for automate...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.8 views

Aspect-Oriented Programming in Secure Software Development: a Case Study of Security Aspects in Web Applications

Security remains a critical challenge in modern web applications, where threats such as unauthorized access, data breaches, and injection attacks continue to undermine trust and reliability. Traditional Object-Oriented Programming OOP often intertwines security logic with business functionality,...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/09 12:0 a.m.9 views

A Decade-Long Landscape of Advanced Persistent Threats: Longitudinal Analysis and Global Trends

An advanced persistent threat APT refers to a covert, long-term cyberattack, typically conducted by state-sponsored actors, targeting critical sectors and often remaining undetected for long periods. In response, collective intelligence from around the globe collaborates to identify and trace...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/08 12:0 a.m.4 views

An Ethically Grounded LLM-Based Approach to Insider Threat Synthesis and Detection

Insider threats are a growing organizational problem due to the complexity of identifying their technical and behavioral elements. A large research body is dedicated to the study of insider threats from technological, psychological, and educational perspectives. However, research in this domain h...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/08 12:0 a.m.5 views

Network-Level Censorship Attacks in the InterPlanetary File System

The InterPlanetary File System IPFS has been successfully established as the de facto standard for decentralized data storage in the emerging Web3. Despite its decentralized nature, IPFS nodes, as well as IPFS content providers, have converged to centralization in large public clouds...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/08 12:0 a.m.4 views

Neuro-Symbolic AI for Cybersecurity: State of the Art, Challenges, and Opportunities

Traditional Artificial Intelligence AI approaches in cybersecurity exhibit fundamental limitations: inadequate conceptual grounding leading to non-robustness against novel attacks; limited instructibility impeding analyst-guided adaptation; and misalignment with cybersecurity objectives...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/08 12:0 a.m.7 views

Contrastive Self-Supervised Network Intrusion Detection Using Augmented Negative Pairs

Network intrusion detection remains a critical challenge in cybersecurity. While supervised machine learning models achieve state-of-the-art performance, their reliance on large labelled datasets makes them impractical for many real-world applications. Anomaly detection methods, which train...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/08 12:0 a.m.8 views

Signal-Based Malware Classification Using 1D CNNs

Malware classification is a contemporary and ongoing challenge in cyber-security: modern obfuscation techniques are able to evade traditional static analysis, while dynamic analysis is too resource intensive to be deployed at a large scale. One prominent line of research addresses these limitatio...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/08 12:0 a.m.13 views

The Signalgate Case Is Waiving a Red Flag to All Organizational and Behavioral Cybersecurity Leaders, Practitioners, and Researchers: Are We Receiving the Signal Amidst the Noise?

The Signalgate incident of March 2025, wherein senior US national security officials inadvertently disclosed sensitive military operational details via the encrypted messaging platform Signal, highlights critical vulnerabilities in organizational security arising from human error, governance gaps...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/08 12:0 a.m.8 views

A Simple Data Exfiltration Game

Data exfiltration is a growing problem for business who face costs related to the loss of confidential data as well as potential extortion. This work presents a simple game theoretic model of network data exfiltration. In the model, the attacker chooses the exfiltration route and speed, and the...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/08 12:0 a.m.5 views

Mask-GCG: Are All Tokens in Adversarial Suffixes Necessary for Jailbreak Attacks?

Jailbreak attacks on Large Language Models LLMs have demonstrated various successful methods whereby attackers manipulate models into generating harmful responses that they are designed to avoid. Among these, Greedy Coordinate Gradient GCG has emerged as a general and effective approach that...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/08 12:0 a.m.7 views

LLMs in Cybersecurity: Friend or Foe in the Human Decision Loop?

Large Language Models LLMs are transforming human decision-making by acting as cognitive collaborators. Yet, this promise comes with a paradox: while LLMs can improve accuracy, they may also erode independent reasoning, promote over-reliance and homogenize decisions. In this paper, we investigate...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/08 12:0 a.m.5 views

All You Need Is a Fuzzing Brain: an LLM-Powered System for Automated Vulnerability Detection and Patching

Our team, All You Need Is A Fuzzing Brain, was one of seven finalists in DARPA's Artificial Intelligence Cyber Challenge AIxCC, placing fourth in the final round. During the competition, we developed a Cyber Reasoning System CRS that autonomously discovered 28 security vulnerabilities - including...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/08 12:0 a.m.14 views

Breaking SafetyCore: Exploring the Risks of On-Device AI Deployment

Due to hardware and software improvements, an increasing number of AI models are deployed on-device. This shift enhances privacy and reduces latency, but also introduces security risks distinct from traditional software. In this article, we examine these risks through the real-world case study of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/07 12:0 a.m.5 views

ALPHA: LLM-Enabled Active Learning for Human-Free Network Anomaly Detection

Network log data analysis plays a critical role in detecting security threats and operational anomalies. Traditional log analysis methods for anomaly detection and root cause analysis rely heavily on expert knowledge or fully supervised learning models, both of which require extensive labeled dat...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/07 12:0 a.m.5 views

VehiclePassport: a GAIA-X-Aligned, Blockchain-Anchored Privacy-Preserving, Zero-Knowledge Digital Passport for Smart Vehicles

Modern vehicles accumulate fragmented lifecycle records across OEMs, owners, and service centers that are difficult to verify and prone to fraud. We propose VehiclePassport, a GAIA-X-aligned digital passport anchored on blockchain with zero-knowledge proofs ZKPs for privacy-preserving verificatio...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/07 12:0 a.m.6 views

Asymmetry Vulnerability and Physical Attacks on Online Map Construction for Autonomous Driving

High-definition maps provide precise environmental information essential for prediction and planning in autonomous driving systems. Due to the high cost of labeling and maintenance, recent research has turned to online HD map construction using onboard sensor data, offering wider coverage and mor...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/07 12:0 a.m.5 views

Schrodinger'S Toolbox: Exploring the Quantum Rowhammer Attack

Residual cross-talk in superconducting qubit devices creates a security vulnerability for emerging quantum cloud services. We demonstrate a Clifford-only Quantum Rowhammer attack-using just X and CNOT gates-that injects faults on IBM's 127-qubit Eagle processors without requiring pulse-level...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/07 12:0 a.m.6 views

Measuring the Vulnerability Disclosure Policies of AI Vendors

As AI is increasingly integrated into products and critical systems, researchers are paying greater attention to identifying related vulnerabilities. Effective remediation depends on whether vendors are willing to accept and respond to AI vulnerability reports. In this paper, we examine the...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/06 12:0 a.m.5 views

Robust DDoS-Attack Classification with 3D CNNs against Adversarial Methods

Distributed Denial-of-Service DDoS attacks remain a serious threat to online infrastructure, often bypassing detection by altering traffic in subtle ways. We present a method using hive-plot sequences of network data and a 3D convolutional neural network 3D CNN to classify DDoS traffic with high...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/06 12:0 a.m.7 views

Exploit Tool Invocation Prompt for Tool Behavior Hijacking in LLM-Based Agentic System

LLM-based agentic systems leverage large language models to handle user queries, make decisions, and execute external tools for complex tasks across domains like chatbots, customer service, and software engineering. A critical component of these systems is the Tool Invocation Prompt TIP, which...

8.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/06 12:0 a.m.3 views

Reasoning Introduces New Poisoning Attacks yet Makes Them More Complicated

Early research into data poisoning attacks against Large Language Models LLMs demonstrated the ease with which backdoors could be injected. More recent LLMs add step-by-step reasoning, expanding the attack surface to include the intermediate chain-of-thought CoT and its inherent trait of...

6.9AI score
Exploits0
Total number of security vulnerabilities6825