Lucene search
K
PacketstormnewsRecent

6825 matches found

Packet Storm News
Packet Storm News
•added 2025/09/06 12:0 a.m.•4 views

Multimodal Prompt Injection Attacks: Risks and Defenses for Modern LLMs

Large Language Models LLMs have seen rapid adoption in recent years, with industries increasingly relying on them to maintain a competitive advantage. These models excel at interpreting user instructions and generating human-like responses, leading to their integration across diverse domains,...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/06 12:0 a.m.•5 views

FuzzBox: Blending Fuzzing into Emulation for Binary-Only Embedded Targets

Coverage-guided fuzzing has been widely applied to address zero-day vulnerabilities in general-purpose software and operating systems. This approach relies on instrumenting the target code at compile time. However, applying it to industrial systems remains challenging, due to proprietary and...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/06 12:0 a.m.•68 views

EchoLeak: the First Real-World Zero-Click Prompt Injection Exploit in a Production LLM System

Large language model LLM assistants are increasingly integrated into enterprise workflows, raising new security concerns as they bridge internal and external data sources. This paper presents an in-depth case study of EchoLeak CVE-2025-32711, a zero-click prompt injection vulnerability in Microso...

9.3CVSS7.7AI score0.05776EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/09/06 12:0 a.m.•5 views

Wrangling Entropy: Next-Generation Multi-Factor Key Derivation, Credential Hashing, and Credential Generation Functions

The Multi-Factor Key Derivation Function MFKDF offered a novel solution to the classic problem of usable client-side key management by incorporating multiple popular authentication factors into a key derivation process, but was later shown to be vulnerable to cryptanalysis that degraded its...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/06 12:0 a.m.•20 views

Decoding Latent Attack Surfaces in LLMs: Prompt Injection Via HTML in Web Summarization

Large Language Models LLMs are increasingly integrated into web-based systems for content summarization, yet their susceptibility to prompt injection attacks remains a pressing concern. In this study, we explore how non-visible HTML elements such as , aria-label, and alt attributes can be exploit...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•5 views

Jamming Smarter, Not Harder: Exploiting O-RAN Y1 RAN Analytics for Efficient Interference

The Y1 interface in O-RAN enables the sharing of RAN Analytics Information RAI between the near-RT RIC and authorized Y1 consumers, which may be internal applications within the operator's trusted domain or external systems accessing data through a secure exposure function. While this visibility...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•4 views

Mind the Gap: Evaluating Model- and Agentic-Level Vulnerabilities in LLMs with Action Graphs

As large language models transition to agentic systems, current safety evaluation frameworks face critical gaps in assessing deployment-specific risks. We introduce AgentSeer, an observability-based evaluation framework that decomposes agentic executions into granular action and component graphs,...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•8 views

Cryptographic Application of Elliptic Curve with High Rank

Elliptic curve cryptography is better than traditional cryptography based on RSA and discrete logarithm of finite field in terms of efficiency and security. In this paper, we show how to exploit elliptic curve with high rank, which has not been used in cryptography before, to construct...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•4 views

FuzzRDUCC: Fuzzing with Reconstructed Def-Use Chain Coverage

Binary-only fuzzing often struggles with achieving thorough code coverage and uncovering hidden vulnerabilities due to limited insight into a program's internal dataflows. Traditional grey-box fuzzers guide test case generation primarily using control flow edge coverage, which can overlook bugs n...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•5 views

A Transformer-BiGRU-Based Framework with Data Augmentation and Confident Learning for Network Intrusion Detection

In today's fast-paced digital communication, the surge in network traffic data and frequency demands robust and precise network intrusion solutions. Conventional machine learning methods struggle to grapple with complex patterns within the vast network intrusion datasets, which suffer from data...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•6 views

Where Have All the Firewalls Gone? Security Consequences of Residential IPv6 Transition

IPv4 NAT has limited the spread of IoT botnets considerably by default-denying bots' incoming connection requests to in-home devices unless the owner has explicitly allowed them. As the Internet transitions to majority IPv6, however, residential connections no longer require the use of NAT. This...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•6 views

Wapiti Web Application Vulnerability Scanner 3.2.5

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the binary release...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•4 views

A Kolmogorov-Arnold Network for Interpretable Cyberattack Detection in AGC Systems

Automatic Generation Control AGC is essential for power grid stability but remains vulnerable to stealthy cyberattacks, such as False Data Injection Attacks FDIAs, which can disturb the system's stability while evading traditional detection methods. Unlike previous works that relied on blackbox...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•4 views

Behind the Mask: Benchmarking Camouflaged Jailbreaks in Large Language Models

Large Language Models LLMs are increasingly vulnerable to a sophisticated form of adversarial prompting known as camouflaged jailbreaking. This method embeds malicious intent within seemingly benign language to evade existing safety mechanisms. Unlike overt attacks, these subtle prompts exploit...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•5 views

Bi-Level Game-Theoretic Planning of Cyber Deception for Cognitive Arbitrage

Cognitive vulnerabilities shape human decision-making and arise primarily from two sources: 1 cognitive capabilities, which include disparities in knowledge, education, expertise, or access to information, and 2 cognitive biases, such as rational inattention, confirmation bias, and base rate...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•6 views

What Is Cybersecurity in Space?

Satellites, drones, and 5G space links now support critical services such as air traffic, finance, and weather. Yet most were not built to resist modern cyber threats. Ground stations can be breached, GPS jammed, and supply chains compromised, while no shared list of vulnerabilities or safe testi...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•4 views

Wapiti Web Application Vulnerability Scanner 3.2.5 Source Code

Wapiti is a web application vulnerability scanner. It will scan the web pages of a deployed web application and will fuzz the URL parameters and forms to find common web vulnerabilities. This is the source code release...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/05 12:0 a.m.•7 views

From Protest to Power Plant: Interpreting the Role of Escalatory Hacktivism in Cyber Conflict

Since 2022, hacktivist groups have escalated their tactics, expanding from distributed denial-of-service attacks and document leaks to include targeting operational technology OT. By 2024, attacks on the OT of critical national infrastructure CNI had been linked to partisan hacktivist efforts in...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•11 views

ICSLure: a Very High Interaction Honeynet for PLC-Based Industrial Control Systems

The security of Industrial Control Systems ICSs is critical to ensuring the safety of industrial processes and personnel. The rapid adoption of Industrial Internet of Things IIoT technologies has expanded system functionality but also increased the attack surface, exposing ICSs to a growing range...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•5 views

NeuroBreak: Unveil Internal Jailbreak Mechanisms in Large Language Models

In deployment and application, large language models LLMs typically undergo safety alignment to prevent illegal and unethical outputs. However, the continuous advancement of jailbreak attack techniques, designed to bypass safety mechanisms with adversarial prompts, has placed increasing pressure ...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•4 views

ECCFROG522PP: an Enhanced 522-Bit Weierstrass Elliptic Curve

Whilst many key exchange and digital signature systems still rely on NIST P-256 secp256r1 and secp256k1, offering around 128-bit security, there is an increasing demand for transparent and reproducible curves at the 256-bit security level. Standard higher-security options include NIST P-521,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•9 views

Breaking to Build: a Threat Model of Prompt-Based Attacks for Securing LLMs

The proliferation of Large Language Models LLMs has introduced critical security challenges, where adversarial actors can manipulate input prompts to cause significant harm and circumvent safety alignments. These prompt-based attacks exploit vulnerabilities in a model's design, training, and...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•7 views

False Sense of Security: Why Probing-Based Malicious Input Detection Fails to Generalize

Large Language Models LLMs can comply with harmful instructions, raising serious safety concerns despite their impressive capabilities. Recent work has leveraged probing-based approaches to study the separability of malicious and benign inputs in LLMs' internal representations, and researchers ha...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•6 views

Efficient QKD in Non-Ideal Scenarios with User-Defined Output Length Requirements

Quantum Key Distribution QKD enables two parties to securely share encryption keys by leveraging the principles of quantum mechanics, offering protection against eavesdropping. In practical implementations, QKD systems often rely on a layered architecture where a key manager stores secret key...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•4 views

Constructing a Photonic Implementation of Quantum Key Distribution

Quantum Key Distribution QKD stands as a revolutionary approach to secure communication, using the principles of quantum mechanics to establish unbreakable channels. Unlike traditional cryptography, which relies on the computational difficulty of mathematical problems, QKD utilizes the inherent...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•7 views

Systematic Timing Leakage Analysis of NIST PQDSS Candidates: Tooling and Lessons Learned

The PQDSS standardization process requires cryptographic primitives to be free from vulnerabilities, including timing and cache side-channels. Resistance to timing leakage is therefore an essential property, and achieving this typically relies on software implementations that follow constant-time...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•10 views

An Empirical Study of Vulnerabilities in Python Packages and Their Detection

In the rapidly evolving software development landscape, Python stands out for its simplicity, versatility, and extensive ecosystem. Python packages, as units of organization, reusability, and distribution, have become a pressing concern, highlighted by the considerable number of vulnerability...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•4 views

A Framework for Detection and Classification of Attacks on Surveillance Cameras under IoT Networks

The increasing use of Internet of Things IoT devices has led to a rise in security related concerns regarding IoT Networks. The surveillance cameras in IoT networks are vulnerable to security threats such as brute force and zero-day attacks which can lead to unauthorized access by hackers and...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•7 views

Between a Rock and a Hard Place: Exploiting Ethical Reasoning to Jailbreak LLMs

Large language models LLMs have undergone safety alignment efforts to mitigate harmful outputs. However, as LLMs become more sophisticated in reasoning, their intelligence may introduce new security risks. While traditional jailbreak attacks relied on singlestep attacks, multi-turn jailbreak...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•29 views

KubeGuard: LLM-Assisted Kubernetes Hardening Via Configuration Files and Runtime Logs Analysis

The widespread adoption of Kubernetes K8s for orchestrating cloud-native applications has introduced significant security challenges, such as misconfigured resources and overly permissive configurations. Failing to address these issues can result in unauthorized access, privilege escalation, and...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•7 views

VulRTex: a Reasoning-Guided Approach to Identify Vulnerabilities from Rich-Text Issue Report

Software vulnerabilities exist in open-source software OSS, and the developers who discover these vulnerabilities may submit issue reports IRs to describe their details. Security practitioners need to spend a lot of time manually identifying vulnerability-related IRs from the community, and the...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•3 views

ShieldMMU: Detecting and Defending against Controlled-Channel Attacks in Shielding Memory System

Intel SGX and hypervisors isolate non-privileged programs from other software, ensuring confidentiality and integrity. However, side-channel attacks continue to threaten Intel SGX's security, enabling malicious OS to manipulate PTE present bits, induce page faults, and steal memory access traces...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•4 views

Quantum AI Algorithm Development for Enhanced Cybersecurity: a Hybrid Approach to Malware Detection

This study explores the application of quantum machine learning QML algorithms to enhance cybersecurity threat detection, particularly in the classification of malware and intrusion detection within high-dimensional datasets. Classical machine learning approaches encounter limitations when dealin...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•5 views

SREC: Encrypted Semantic Super-Resolution Enhanced Communication

Semantic communication SemCom, as a typical paradigm of deep integration between artificial intelligence AI and communication technology, significantly improves communication efficiency and resource utilization efficiency. However, the security issues of SemCom are becoming increasingly prominent...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•5 views

Adversarial Bug Reports As a Security Risk in Language Model-Based Automated Program Repair

Large Language Model LLM - based Automated Program Repair APR systems are increasingly integrated into modern software development workflows, offering automated patches in response to natural language bug reports. However, this reliance on untrusted user input introduces a novel and underexplored...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/04 12:0 a.m.•7 views

Revisiting Third-Party Library Detection: a Ground Truth Dataset and Its Implications across Security Tasks

Accurate detection of third-party libraries TPLs is fundamental to Android security, supporting vulnerability tracking, malware detection, and supply chain auditing. Despite many proposed tools, their real-world effectiveness remains unclear.We present the first large-scale empirical study of ten...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/03 12:0 a.m.•4 views

Evaluating Diverse Feature Extraction Techniques of Multifaceted IoT Malware Analysis: a Survey

As IoT devices continue to proliferate, their reliability is increasingly constrained by security concerns. In response, researchers have developed diverse malware analysis techniques to detect and classify IoT malware. These techniques typically rely on extracting features at different levels fr...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/03 12:0 a.m.•7 views

Hydra Network Logon Cracker 9.6

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/03 12:0 a.m.•7 views

VulnRepairEval: an Exploit-Based Evaluation Framework for Assessing Large Language Model Vulnerability Repair Capabilities

The adoption of Large Language Models LLMs for automated software vulnerability patching has shown promising outcomes on carefully curated evaluation sets. Nevertheless, existing datasets predominantly rely on superficial validation methods rather than exploit-based verification, leading to...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/03 12:0 a.m.•5 views

Evaluating Security Properties in the Execution of Quantum Circuits

Quantum computing is a disruptive technology that is expected to offer significant advantages in many critical fields e.g. drug discovery and cryptography. The security of information processed by such machines is therefore paramount. Currently, modest Noisy Intermediate-Scale Quantum NISQ device...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/03 12:0 a.m.•6 views

Jump over ASLR - Branch Predictors

This project demonstrates applied research in C that illustrates concepts related to branch predictors, speculative execution, and cache-based side channels in the context of Address Space Layout Randomization ASLR...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/03 12:0 a.m.•4 views

CISA: a Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity

CISA and the National Security Agency NSA in collaboration with 19 international cybersecurity organizations, have released joint guidance outlining a shared global vision of Software Bill of Materials SBOM. This milestone reflects a growing international consensus on the importance of software...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/03 12:0 a.m.•4 views

BIDO: a Unified Approach to Address Obfuscation and Concept Drift Challenges in Image-Based Malware Detection

To identify malicious Android applications, various malware detection techniques have been proposed. Among them, image-based approaches are considered potential alternatives due to their efficiency and scalability. Recent studies have reported that these approaches suffer significant performance...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/03 12:0 a.m.•6 views

A Quantum Genetic Algorithm-Enhanced Self-Supervised Intrusion Detection System for Wireless Sensor Networks in the Internet of Things

The rapid expansion of the Internet of Things IoT and Wireless Sensor Networks WSNs has significantly increased the attack surface of such systems, making them vulnerable to a wide range of cyber threats. Traditional Intrusion Detection Systems IDS often fail to meet the stringent requirements of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/03 12:0 a.m.•5 views

Raspberry Pi Pico As a Radio Transmitter

In this paper we discuss several surprisingly simple methods for transforming the Raspberry Pi Pico RP2 microcontroller into a radio transmitter, by using only cheap off the shelf electronic components, and open source software. While initially this transformation may look as a harmless curiosity...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/02 12:0 a.m.•5 views

Performance Analysis of Common Browser Extensions for Cryptojacking Detection

This paper considers five extensions for Chromium-based browsers in order to determine how effective can browser-based defenses against cryptojacking available to regular users be. We've examined most popular extensions - MinerBlock, AdGuard AdBlocker, Easy Redirect && Prevent Cryptojacking,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/02 12:0 a.m.•6 views

GPS Spoofing Attacks on Automated Frequency Coordination System in Wi-Fi 6E and Beyond

The 6 GHz spectrum, recently opened for unlicensed use under Wi-Fi 6E and Wi-Fi 7, overlaps with frequencies used by mission-critical incumbent systems such as public safety communications and utility infrastructure. To prevent interference, the FCC mandates the use of Automated Frequency...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/02 12:0 a.m.•3 views

From Attack Descriptions to Vulnerabilities: a Sentence Transformer-Based Approach

In the domain of security, vulnerabilities frequently remain undetected even after their exploitation. In this work, vulnerabilities refer to publicly disclosed flaws documented in Common Vulnerabilities and Exposures CVE reports. Establishing a connection between attacks and vulnerabilities is...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/02 12:0 a.m.•6 views

Passwords and FIDO2 Are Meant to Be Secret: a Practical Secure Authentication Channel for Web Browsers

Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work by Stock and Johns, showing how password autofill can be...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/09/02 12:0 a.m.•5 views

LogGuardQ: a Cognitive-Enhanced Reinforcement Learning Framework for Cybersecurity Anomaly Detection in Security Logs

Reinforcement learning RL has transformed sequential decision-making, but traditional algorithms like Deep Q-Networks DQNs and Proximal Policy Optimization PPO often struggle with efficient exploration, stability, and adaptability in dynamic environments. This study presents LogGuardQ Adaptive Lo...

6.8AI score
Exploits0
Total number of security vulnerabilities6825