Lucene search
K
PacketstormnewsRecent

6850 matches found

Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.10 views

An Empirical Study of Vulnerabilities in Python Packages and Their Detection

In the rapidly evolving software development landscape, Python stands out for its simplicity, versatility, and extensive ecosystem. Python packages, as units of organization, reusability, and distribution, have become a pressing concern, highlighted by the considerable number of vulnerability...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.4 views

A Framework for Detection and Classification of Attacks on Surveillance Cameras under IoT Networks

The increasing use of Internet of Things IoT devices has led to a rise in security related concerns regarding IoT Networks. The surveillance cameras in IoT networks are vulnerable to security threats such as brute force and zero-day attacks which can lead to unauthorized access by hackers and...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.7 views

Between a Rock and a Hard Place: Exploiting Ethical Reasoning to Jailbreak LLMs

Large language models LLMs have undergone safety alignment efforts to mitigate harmful outputs. However, as LLMs become more sophisticated in reasoning, their intelligence may introduce new security risks. While traditional jailbreak attacks relied on singlestep attacks, multi-turn jailbreak...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.7 views

VulRTex: a Reasoning-Guided Approach to Identify Vulnerabilities from Rich-Text Issue Report

Software vulnerabilities exist in open-source software OSS, and the developers who discover these vulnerabilities may submit issue reports IRs to describe their details. Security practitioners need to spend a lot of time manually identifying vulnerability-related IRs from the community, and the...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.3 views

ShieldMMU: Detecting and Defending against Controlled-Channel Attacks in Shielding Memory System

Intel SGX and hypervisors isolate non-privileged programs from other software, ensuring confidentiality and integrity. However, side-channel attacks continue to threaten Intel SGX's security, enabling malicious OS to manipulate PTE present bits, induce page faults, and steal memory access traces...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.4 views

Quantum AI Algorithm Development for Enhanced Cybersecurity: a Hybrid Approach to Malware Detection

This study explores the application of quantum machine learning QML algorithms to enhance cybersecurity threat detection, particularly in the classification of malware and intrusion detection within high-dimensional datasets. Classical machine learning approaches encounter limitations when dealin...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.5 views

SREC: Encrypted Semantic Super-Resolution Enhanced Communication

Semantic communication SemCom, as a typical paradigm of deep integration between artificial intelligence AI and communication technology, significantly improves communication efficiency and resource utilization efficiency. However, the security issues of SemCom are becoming increasingly prominent...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.5 views

Adversarial Bug Reports As a Security Risk in Language Model-Based Automated Program Repair

Large Language Model LLM - based Automated Program Repair APR systems are increasingly integrated into modern software development workflows, offering automated patches in response to natural language bug reports. However, this reliance on untrusted user input introduces a novel and underexplored...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.7 views

Revisiting Third-Party Library Detection: a Ground Truth Dataset and Its Implications across Security Tasks

Accurate detection of third-party libraries TPLs is fundamental to Android security, supporting vulnerability tracking, malware detection, and supply chain auditing. Despite many proposed tools, their real-world effectiveness remains unclear.We present the first large-scale empirical study of ten...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.5 views

ECCFROG522PP: an Enhanced 522-Bit Weierstrass Elliptic Curve

Whilst many key exchange and digital signature systems still rely on NIST P-256 secp256r1 and secp256k1, offering around 128-bit security, there is an increasing demand for transparent and reproducible curves at the 256-bit security level. Standard higher-security options include NIST P-521,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/04 12:0 a.m.30 views

KubeGuard: LLM-Assisted Kubernetes Hardening Via Configuration Files and Runtime Logs Analysis

The widespread adoption of Kubernetes K8s for orchestrating cloud-native applications has introduced significant security challenges, such as misconfigured resources and overly permissive configurations. Failing to address these issues can result in unauthorized access, privilege escalation, and...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/03 12:0 a.m.4 views

Evaluating Diverse Feature Extraction Techniques of Multifaceted IoT Malware Analysis: a Survey

As IoT devices continue to proliferate, their reliability is increasingly constrained by security concerns. In response, researchers have developed diverse malware analysis techniques to detect and classify IoT malware. These techniques typically rely on extracting features at different levels fr...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/03 12:0 a.m.7 views

Hydra Network Logon Cracker 9.6

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/03 12:0 a.m.7 views

VulnRepairEval: an Exploit-Based Evaluation Framework for Assessing Large Language Model Vulnerability Repair Capabilities

The adoption of Large Language Models LLMs for automated software vulnerability patching has shown promising outcomes on carefully curated evaluation sets. Nevertheless, existing datasets predominantly rely on superficial validation methods rather than exploit-based verification, leading to...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/03 12:0 a.m.5 views

Evaluating Security Properties in the Execution of Quantum Circuits

Quantum computing is a disruptive technology that is expected to offer significant advantages in many critical fields e.g. drug discovery and cryptography. The security of information processed by such machines is therefore paramount. Currently, modest Noisy Intermediate-Scale Quantum NISQ device...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/03 12:0 a.m.6 views

Jump over ASLR - Branch Predictors

This project demonstrates applied research in C that illustrates concepts related to branch predictors, speculative execution, and cache-based side channels in the context of Address Space Layout Randomization ASLR...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/03 12:0 a.m.4 views

CISA: a Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity

CISA and the National Security Agency NSA in collaboration with 19 international cybersecurity organizations, have released joint guidance outlining a shared global vision of Software Bill of Materials SBOM. This milestone reflects a growing international consensus on the importance of software...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/03 12:0 a.m.4 views

BIDO: a Unified Approach to Address Obfuscation and Concept Drift Challenges in Image-Based Malware Detection

To identify malicious Android applications, various malware detection techniques have been proposed. Among them, image-based approaches are considered potential alternatives due to their efficiency and scalability. Recent studies have reported that these approaches suffer significant performance...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/03 12:0 a.m.6 views

A Quantum Genetic Algorithm-Enhanced Self-Supervised Intrusion Detection System for Wireless Sensor Networks in the Internet of Things

The rapid expansion of the Internet of Things IoT and Wireless Sensor Networks WSNs has significantly increased the attack surface of such systems, making them vulnerable to a wide range of cyber threats. Traditional Intrusion Detection Systems IDS often fail to meet the stringent requirements of...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/03 12:0 a.m.5 views

Raspberry Pi Pico As a Radio Transmitter

In this paper we discuss several surprisingly simple methods for transforming the Raspberry Pi Pico RP2 microcontroller into a radio transmitter, by using only cheap off the shelf electronic components, and open source software. While initially this transformation may look as a harmless curiosity...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/02 12:0 a.m.5 views

Performance Analysis of Common Browser Extensions for Cryptojacking Detection

This paper considers five extensions for Chromium-based browsers in order to determine how effective can browser-based defenses against cryptojacking available to regular users be. We've examined most popular extensions - MinerBlock, AdGuard AdBlocker, Easy Redirect && Prevent Cryptojacking,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/02 12:0 a.m.6 views

GPS Spoofing Attacks on Automated Frequency Coordination System in Wi-Fi 6E and Beyond

The 6 GHz spectrum, recently opened for unlicensed use under Wi-Fi 6E and Wi-Fi 7, overlaps with frequencies used by mission-critical incumbent systems such as public safety communications and utility infrastructure. To prevent interference, the FCC mandates the use of Automated Frequency...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/02 12:0 a.m.6 views

Passwords and FIDO2 Are Meant to Be Secret: a Practical Secure Authentication Channel for Web Browsers

Password managers provide significant security benefits to users. However, malicious client-side scripts and browser extensions can steal passwords after the manager has autofilled them into the web page. In this paper, we extend prior work by Stock and Johns, showing how password autofill can be...

6.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/02 12:0 a.m.5 views

LogGuardQ: a Cognitive-Enhanced Reinforcement Learning Framework for Cybersecurity Anomaly Detection in Security Logs

Reinforcement learning RL has transformed sequential decision-making, but traditional algorithms like Deep Q-Networks DQNs and Proximal Policy Optimization PPO often struggle with efficient exploration, stability, and adaptability in dynamic environments. This study presents LogGuardQ Adaptive Lo...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/02 12:0 a.m.5 views

Poisoned at Scale: a Scalable Audit Uncovers Hidden Scam Endpoints in Production LLMs

Large Language Models LLMs have become critical to modern software development, but their reliance on internet datasets for training introduces a significant security risk: the absorption and reproduction of malicious content. To evaluate this threat, this paper introduces a scalable, automated...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/02 12:0 a.m.10 views

Forecasting Future DDoS Attacks Using Long Short Term Memory (LSTM) Model

This paper forecasts future Distributed Denial of Service DDoS attacks using deep learning models. Although several studies address forecasting DDoS attacks, they remain relatively limited compared to detection-focused research. By studying the current trends and forecasting based on newer and...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/02 12:0 a.m.4 views

From Attack Descriptions to Vulnerabilities: a Sentence Transformer-Based Approach

In the domain of security, vulnerabilities frequently remain undetected even after their exploitation. In this work, vulnerabilities refer to publicly disclosed flaws documented in Common Vulnerabilities and Exposures CVE reports. Establishing a connection between attacks and vulnerabilities is...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/01 12:0 a.m.6 views

Web Fraud Attacks against LLM-Driven Multi-Agent Systems

With the proliferation of applications built upon LLM-driven multi-agent systems MAS, the security of Web links has become a critical concern in ensuring system reliability. Once an agent is induced to visit a malicious website, attackers can use it as a springboard to conduct diverse subsequent...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/01 12:0 a.m.6 views

AVX-Based Timing Side Channel — ASLR Detection

This work demonstrates a technique for detecting ASLR using AVX memory load instructions combined with RDTSCP timing and SIGSEGV detection. It illustrates how side-channel timing measurements can be applied to analyze memory layout randomization...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/01 12:0 a.m.6 views

Privacy-Preserving Authentication for Military 5G Networks

As 5G networks gain traction in defense applications, ensuring the privacy and integrity of the Authentication and Key Agreement AKA protocol is critical. While 5G AKA improves upon previous generations by concealing subscriber identities, it remains vulnerable to replay-based synchronization and...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/01 12:0 a.m.6 views

E-PhishGen: Unlocking Novel Research in Phishing Email Detection

Every day, our inboxes are flooded with unsolicited emails, ranging between annoying spam to more subtle phishing scams. Unfortunately, despite abundant prior efforts proposing solutions achieving near-perfect accuracy, the reality is that countering malicious emails still remains an unsolved...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/01 12:0 a.m.5 views

An Intrusion Detection System in Internet of Things Using Grasshopper Optimization Algorithm and Machine Learning Algorithms

The Internet of Things IoT has emerged as a foundational paradigm supporting a range of applications, including healthcare, education, agriculture, smart homes, and, more recently, enterprise systems. However, significant advancements in IoT networks have been impeded by security vulnerabilities...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/01 12:0 a.m.5 views

Are Enterprises Ready for Quantum-Safe Cybersecurity?

Quantum computing threatens to undermine classical cryptography by breaking widely deployed encryption and signature schemes. This paper examines enterprise readiness for quantum-safe cybersecurity through three perspectives: i the technologist view, assessing the maturity of post-quantum...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/01 12:0 a.m.4 views

Quantum Machine Learning for UAV Swarm Intrusion Detection

Intrusion detection in unmanned-aerial-vehicle UAV swarms is complicated by high mobility, non-stationary traffic, and severe class imbalance. Leveraging a 120 k-flow simulation corpus that covers five attack types, we benchmark three quantum-machine-learning QML approaches - quantum kernels,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/01 12:0 a.m.5 views

From CVE Entries to Verifiable Exploits: an Automated Multi-Agent Framework for Reproducing CVEs

High-quality datasets of real-world vulnerabilities and their corresponding verifiable exploits are crucial resources in software security research. Yet such resources remain scarce, as their creation demands intensive manual effort and deep security expertise. In this paper, we present CVE-GENIE...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/09/01 12:0 a.m.8 views

Anomaly Detection in Network Flows Using Unsupervised Online Machine Learning

Nowadays, the volume of network traffic continues to grow, along with the frequency and sophistication of attacks. This scenario highlights the need for solutions capable of continuously adapting, since network behavior is dynamic and changes over time. This work presents an anomaly detection mod...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/31 12:0 a.m.5 views

Integrated Simulation Framework for Adversarial Attacks on Autonomous Vehicles

Autonomous vehicles AVs rely on complex perception and communication systems, making them vulnerable to adversarial attacks that can compromise safety. While simulation offers a scalable and safe environment for robustness testing, existing frameworks typically lack comprehensive supportfor...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/31 12:0 a.m.13 views

VULSOVER: Vulnerability Detection Via LLM-Driven Constraint Solving

Traditional vulnerability detection methods rely heavily on predefined rule matching, which often fails to capture vulnerabilities accurately. With the rise of large language models LLMs, leveraging their ability to understand code semantics has emerged as a promising direction for achieving more...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/30 12:0 a.m.7 views

Virtual Reality, Real Problems: a Longitudinal Security Analysis of VR Firmware

Virtual Reality VR technology is rapidly growing in recent years. VR devices such as Meta Quest 3 utilize numerous sensors to collect users' data to provide an immersive experience. Due to the extensive data collection and the immersive nature, the security of VR devices is paramount. Leading VR...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/29 12:0 a.m.14 views

Wireshark Analyzer 4.4.9

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/29 12:0 a.m.4 views

Hybrid Cryptographic Monitoring System for Side-Channel Attack Detection on PYNQ SoCs

AES-128 encryption is theoretically secure but vulnerable in practical deployments due to timing and fault injection attacks on embedded systems. This work presents a lightweight dual-detection framework combining statistical thresholding and machine learning ML for real-time anomaly detection. B...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/29 12:0 a.m.7 views

Agentic Discovery and Validation of Android App Vulnerabilities

Existing Android vulnerability detection tools overwhelm teams with thousands of low-signal warnings yet uncover few true positives. Analysts spend days triaging these results, creating a bottleneck in the security pipeline. Meanwhile, genuinely exploitable vulnerabilities often slip through,...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/29 12:0 a.m.5 views

An Empirical Study of Vulnerable Package Dependencies in LLM Repositories

Large language models LLMs have developed rapidly in recent years, revolutionizing various fields. Despite their widespread success, LLMs heavily rely on external code dependencies from package management systems, creating a complex and interconnected LLM dependency supply chain. Vulnerabilities ...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/29 12:0 a.m.5 views

Human-Written Vs. AI-Generated Code: a Large-Scale Study of Defects, Vulnerabilities, and Complexity

As AI code assistants become increasingly integrated into software development workflows, understanding how their code compares to human-written programs is critical for ensuring reliability, maintainability, and security. In this paper, we present a large-scale comparison of code authored by hum...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/29 12:0 a.m.4 views

Detecting Stealthy Data Poisoning Attacks in AI Code Generators

Deep learning DL models for natural language-to-code generation have become integral to modern software development pipelines. However, their heavy reliance on large amounts of data, often collected from unsanitized online sources, exposes them to data poisoning attacks, where adversaries inject...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/29 12:0 a.m.4 views

Cybersecurity AI: Hacking the AI Hackers Via Prompt Injection

We demonstrate how AI-powered cybersecurity tools can be turned against themselves through prompt injection attacks. Prompt injection is reminiscent of cross-site scripting XSS: malicious text is hidden within seemingly trusted content, and when the system processes it, that text is transformed...

6.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/29 12:0 a.m.6 views

Evope 1.1.3.20 Hardcoded Cryptographic Key

The component Evope Core in Evope version 1.1.3.20 uses a hardcoded cryptographic key, which means that encryption/decryption keys are permanently embedded in the source code, rather than being securely managed. This creates a critical security flaw because anyone who gains access to or...

7.1AI score0.00133EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/29 12:0 a.m.6 views

Risks and Compliance with the EU'S Core Cyber Security Legislation

The European Union EU has long favored a risk-based approach to regulation. Such an approach is also used in recent cyber security legislation enacted in the EU. Risks are also inherently related to compliance with the new legislation. Objective: The paper investigates how risks are framed in the...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/28 12:0 a.m.4 views

CyberSleuth: Autonomous Blue-Team LLM Agent for Web Attack Forensics

Large Language Model LLM agents are powerful tools for automating complex tasks. In cybersecurity, researchers have primarily explored their use in red-team operations such as vulnerability discovery and penetration tests. Defensive uses for incident response and forensics have received...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/28 12:0 a.m.5 views

AegisShield: Democratizing Cyber Threat Modeling with Generative AI

The increasing sophistication of technology systems makes traditional threat modeling hard to scale, especially for small organizations with limited resources. This paper develops and evaluates AegisShield, a generative AI enhanced threat modeling tool that implements STRIDE and MITRE ATT&CK to...

6.5AI score
Exploits0
Total number of security vulnerabilities6850