Lucene search
K
PacketstormnewsRecent

6850 matches found

Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•9 views

WordPress RingCentral Communications 1.6.8 Authentication Bypass

WordPress RingCentral Communications plugin versions 1.5 through 1.6.8 have a missing server-side verification that allows for authentication bypass...

9.8CVSS6.9AI score0.00666EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•34 views

PromptSleuth: Detecting Prompt Injection Via Semantic Intent Invariance

Large Language Models LLMs are increasingly integrated into real-world applications, from virtual assistants to autonomous agents. However, their flexibility also introduces new attack vectors-particularly Prompt Injection PI, where adversaries manipulate model behavior through crafted inputs. As...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•6 views

Human-AI Collaborative Bot Detection in MMORPGs

In Massively Multiplayer Online Role-Playing Games MMORPGs, auto-leveling bots exploit automated programs to level up characters at scale, undermining gameplay balance and fairness. Detecting such bots is challenging, not only because they mimic human behavior, but also because punitive actions...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•3 views

Ransomware 3.0: Self-Composing and LLM-Orchestrated

Using automated reasoning, code synthesis, and contextual decision-making, we introduce a new threat that exploits large language models LLMs to autonomously plan, adapt, and execute the ransomware attack lifecycle. Ransomware 3.0 represents the first threat model and research prototype of...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•4 views

AI Agentic Vulnerability Injection and Transformation with Optimized Reasoning

The increasing complexity of software systems and the sophistication of cyber-attacks have underscored the critical need for effective automated vulnerability detection and repair systems. Traditional methods, such as static program analysis, face significant challenges related to scalability,...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•3 views

Kemp Loadmaster Command Injection

This Python script is designed as a proof of concept PoC to demonstrate an unauthenticated command injection vulnerability in Kemp LoadMaster, identified as CVE-2024-1212...

10CVSS9.3AI score0.95388EPSS
Exploits9
Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•4 views

Measuring Ransomware Lateral Movement Susceptibility Via Privilege-Weighted Adjacency Matrix Exponentiation

Ransomware impact hinges on how easily an intruder can move laterally and spread to the maximum number of assets. We present a graph-theoretic method to measure lateral-movement susceptibility and estimate blast radius. We build a directed multigraph where vertices represent assets and edges...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•3 views

Multi-Agent Penetration Testing AI for the Web

AI-powered development platforms are making software creation accessible to a broader audience, but this democratization has triggered a scalability crisis in security auditing. With studies showing that up to 40% of AI-generated code contains vulnerabilities, the pace of development now vastly...

8.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•6 views

Locus: Agentic Predicate Synthesis for Directed Fuzzing

Directed fuzzing aims to find program inputs that lead to specified target program states. It has broad applications, such as debugging system crashes, confirming reported bugs, and generating exploits for potential vulnerabilities. This task is inherently challenging because target states are...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•4 views

Best Salon Management System 1.0 Cross Site Scripting

Best Salon Management System version 1.0 suffers from a persistent cross site scripting vulnerability...

6.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•6 views

Microarchitecture Design and Benchmarking of Custom SHA-3 Instruction for RISC-V

Integrating cryptographic accelerators into modern CPU architectures presents unique microarchitectural challenges, particularly when extending instruction sets with complex and multistage operations. Hardware-assisted cryptographic instructions, such as Intel's AES-NI and ARM's custom instructio...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•9 views

Secure Satellite Communications Via Multiple Aerial RISs: Joint Optimization of Reflection, Association, and Deployment

Satellite communication is envisioned as a key enabler of future 6G networks, yet its wide coverage with high link attenuation poses significant challenges for physical layer security. In this paper, we investigate secure multi-beam, multi-group satellite communications assisted by aerial...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/28 12:0 a.m.•3 views

The WASM Cloak: Evaluating Browser Fingerprinting Defenses under WebAssembly Based Obfuscation

Browser fingerprinting defenses have historically focused on detecting JavaScriptJS-based tracking techniques. However, the widespread adoption of WebAssembly WASM introduces a potential blind spot, as adversaries can convert JS to WASM's low-level binary format to obfuscate malicious logic. This...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/27 12:0 a.m.•28 views

The Art of Hide and Seek: Making Pickle-Based Model Supply Chain Poisoning Stealthy Again

Pickle deserialization vulnerabilities have persisted throughout Python's history, remaining widely recognized yet unresolved. Due to its ability to transparently save and restore complex objects into byte streams, many AI/ML frameworks continue to adopt pickle as the model serialization protocol...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/27 12:0 a.m.•5 views

Zeek 8.0.1

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/27 12:0 a.m.•7 views

Every Keystroke You Make: a Tech-Law Measurement and Analysis of Event Listeners for Wiretapping

The privacy community has a long track record of investigating emerging types of web tracking techniques. Recent work has focused on compliance of web trackers with new privacy laws such as Europe's GDPR and California's CCPA. Despite the growing body of research documenting widespread lack of...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/27 12:0 a.m.•2 views

Surveying the Operational Cybersecurity and Supply Chain Threat Landscape When Developing and Deploying AI Systems

The rise of AI has transformed the software and hardware landscape, enabling powerful capabilities through specialized infrastructures, large-scale data storage, and advanced hardware. However, these innovations introduce unique attack surfaces and objectives which traditional cybersecurity...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/27 12:0 a.m.•3 views

Addressing Deepfake Issue in Selfie Banking through Camera Based Authentication

Fake images in selfie banking are increasingly becoming a threat. Previously, it was just Photoshop, but now deep learning technologies enable us to create highly realistic fake identities, which fraudsters exploit to bypass biometric systems such as facial recognition in online banking. This pap...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/27 12:0 a.m.•4 views

The Influence of Code Comments on the Perceived Helpfulness of Stack Overflow Posts

Question-and-answer platforms such as Stack Overflow have become an important way for software developers to share and retrieve knowledge. However, reusing poorly understood code can lead to serious problems, such as bugs or security vulnerabilities. To better understand how code comments affect...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/27 12:0 a.m.•6 views

FlowMalTrans: Unsupervised Binary Code Translation for Malware Detection Using Flow-Adapter Architecture

Applying deep learning to malware detection has drawn great attention due to its notable performance. With the increasing prevalence of cyberattacks targeting IoT devices, there is a parallel rise in the development of malware across various Instruction Set Architectures ISAs. It is thus importan...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/27 12:0 a.m.•6 views

Faraday 5.16.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/26 12:0 a.m.•9 views

CITADEL: Continual Anomaly Detection for Enhanced Learning in IoT Intrusion Detection

The Internet of Things IoT, with its high degree of interconnectivity and limited computational resources, is particularly vulnerable to a wide range of cyber threats. Intrusion detection systems IDS have been extensively studied to enhance IoT security, and machine learning-based IDS ML-IDS show...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/26 12:0 a.m.•6 views

Attackers Strike Back? Not Anymore -- an Ensemble of RL Defenders Awakens for APT Detection

Advanced Persistent Threats APTs represent a growing menace to modern digital infrastructure. Unlike traditional cyberattacks, APTs are stealthy, adaptive, and long-lasting, often bypassing signature-based detection systems. This paper introduces a novel framework for APT detection that unites de...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/26 12:0 a.m.•3 views

Towards Quantum Machine Learning for Malicious Code Analysis

Classical machine learning CML has been extensively studied for malware classification. With the emergence of quantum computing, quantum machine learning QML presents a paradigm-shifting opportunity to improve malware detection, though its application in this domain remains largely unexplored. In...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/26 12:0 a.m.•6 views

A Technical Review on Comparison and Estimation of Steganographic Tools

Steganography is technique of hiding a data under cover media using different steganography tools. Image steganography is hiding of data Text/Image/Audio/Video under a cover as Image. This review paper presents classification of image steganography and the comparison of various Image steganograph...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/26 12:0 a.m.•6 views

FALCON: Autonomous Cyber Threat Intelligence Mining with LLMs for IDS Rule Generation

Signature-based Intrusion Detection Systems IDS detect malicious activities by matching network or host activity against predefined rules. These rules are derived from extensive Cyber Threat Intelligence CTI, which includes attack signatures and behavioral patterns obtained through automated tool...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/26 12:0 a.m.•44 views

LLMs in the SOC: an Empirical Study of Human-AI Collaboration in Security Operations Centres

The integration of Large Language Models LLMs into Security Operations Centres SOCs presents a transformative, yet still evolving, opportunity to reduce analyst workload through human-AI collaboration. However, their real-world application in SOCs remains underexplored. To address this gap, we...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/26 12:0 a.m.•6 views

SIExVulTS: Sensitive Information Exposure Vulnerability Detection System Using Transformer Models and Static Analysis

Sensitive Information Exposure SIEx vulnerabilities CWE-200 remain a persistent and under-addressed threat across software systems, often leading to serious security breaches. Existing detection tools rarely target the diverse subcategories of CWE-200 or provide context-aware analysis of code-lev...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/26 12:0 a.m.•6 views

DRMD: Deep Reinforcement Learning for Malware Detection under Concept Drift

Malware detection in real-world settings must deal with evolving threats, limited labeling budgets, and uncertain predictions. Traditional classifiers, without additional mechanisms, struggle to maintain performance under concept drift in malware domains, as their supervised learning formulation...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/26 12:0 a.m.•11 views

Servant, Stalker, Predator: How an Honest, Helpful, and Harmless (3H) Agent Unlocks Adversarial Skills

This paper identifies and analyzes a novel vulnerability class in Model Context Protocol MCP based agent systems. The attack chain describes and demonstrates how benign, individually authorized tasks can be orchestrated to produce harmful emergent behaviors. Through systematic analysis using the...

7.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/26 12:0 a.m.•3 views

Formal Verification of Physical Layer Security Protocols for Next-Generation Communication Networks

Formal verification is crucial for ensuring the robustness of security protocols against adversarial attacks. The Needham-Schroeder protocol, a foundational authentication mechanism, has been extensively studied, including its integration with Physical Layer Security PLS techniques such as...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/26 12:0 a.m.•7 views

Addressing Weak Authentication like RFID, NFC in EVs and EVCs Using AI-Powered Adaptive Authentication

The rapid expansion of the Electric Vehicles EVs and Electric Vehicle Charging Systems EVCs has introduced new cybersecurity challenges, specifically in authentication protocols that protect vehicles, users, and energy infrastructure. Although widely adopted for convenience, traditional...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•6 views

CISA: FY 2025 Tribal Cybersecurity Grant Program FAQs

This is the CISA FAQ for the Tribal Cybersecurity Grant Program TCGP which assists eligible Tribal governments addressing cybersecurity risks and threats to their information systems. This is an updated copy...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•13 views

Tricking LLM-Based NPCs into Spilling Secrets

Large Language Models LLMs are increasingly used to generate dynamic dialogue for game NPCs. However, their integration raises new security concerns. In this study, we examine whether adversarial prompt injection can cause LLM-based NPCs to reveal hidden background secrets that are meant to remai...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•5 views

Prompt-In-Content Attacks: Exploiting Uploaded Inputs to Hijack LLM Behavior

Large Language Models LLMs are widely deployed in applications that accept user-submitted content, such as uploaded documents or pasted text, for tasks like summarization and question answering. In this paper, we identify a new class of attacks, prompt in content injection, where adversarial...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•3 views

Nuclei 3.4.10

Nuclei is a modern, high-performance vulnerability scanner that leverages simple YAML-based templates. It empowers you to design custom vulnerability detection scenarios that mimic real-world conditions, leading to zero false positives...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•5 views

Aligning Core Aspects: Improving Vulnerability Proof-Of-Concepts Via Cross-Source Insights

For vulnerabilities, Proof-of-Concept PoC plays an irreplaceable role in demonstrating the exploitability. PoC reports may include critical information such as specific usage, test platforms, and more, providing essential insights for researchers. However, in reality, due to various PoC templates...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•5 views

Collaborative Intelligence: Topic Modelling of Large Language Model Use in Live Cybersecurity Operations

Objective: This work describes the topic modelling of Security Operations Centre SOC use of a large language model LLM, during live security operations. The goal is to better understand how these specialists voluntarily use this tool. Background: Human-automation teams have been extensively...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•6 views

A.S.E: a Repository-Level Benchmark for Evaluating Security in AI-Generated Code

The increasing adoption of large language models LLMs in software engineering necessitates rigorous security evaluation of their generated code. However, existing benchmarks are inadequate, as they focus on isolated code snippets, employ unstable evaluation methods that lack reproducibility, and...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•5 views

A Systematic Approach to Predict the Impact of Cybersecurity Vulnerabilities Using LLMs

Vulnerability databases, such as the National Vulnerability Database NVD, offer detailed descriptions of Common Vulnerabilities and Exposures CVEs, but often lack information on their real-world impact, such as the tactics, techniques, and procedures TTPs that adversaries may use to exploit the...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•5 views

An 8- and 12-Bit Block AES Cipher

Because it is so unusual, or hard to find, or expository, a truly tiny 8- or 12-bit block AES Rijndael cipher is documented here, along with Java source code...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•7 views

WhatWeb Scanner 0.6.2

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...

7.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•6 views

Hashcat Advanced Password Recovery 7.1.2 Source Code

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•4 views

MalLoc: toward Fine-Grained Android Malicious Payload Localization Via LLMs

The rapid evolution of Android malware poses significant challenges to the maintenance and security of mobile applications apps. Traditional detection techniques often struggle to keep pace with emerging malware variants that employ advanced tactics such as code obfuscation and dynamic behavior...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•11 views

Training Language Model Agents to Find Vulnerabilities with CTF-Dojo

Large language models LLMs have demonstrated exceptional capabilities when trained within executable runtime environments, notably excelling at software engineering tasks through verified feedback loops. Yet, scalable and generalizable execution-grounded environments remain scarce, limiting...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•5 views

Cryptographic Challenges: Masking Sensitive Data in Cyber Crimes through ASCII Art

The use of ASCII art as a novel approach to masking sensitive information in cybercrime, focusing on its potential role in protecting personal data during the delivery process and beyond, is presented. By examining the unique properties of ASCII art and its historical context, this study discusse...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•7 views

$AutoGuardX$: a Comprehensive Cybersecurity Framework for Connected Vehicles

The rapid integration of Internet of Things IoT and interconnected systems in modern vehicles not only introduced a new era of convenience, automation, and connected vehicles but also elevated their exposure to sophisticated cyber threats. This is especially evident in US and Canada, where...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/25 12:0 a.m.•9 views

Hashcat Advanced Password Recovery 7.1.2 Binary Release

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/24 12:0 a.m.•10 views

Rethinking Denial-Of-Service: a Conditional Taxonomy Unifying Availability and Sustainability Threats

This paper proposes a unified, condition-based framework for classifying both legacy and cloud-era denial-of-service DoS attacks. The framework comprises three interrelated models: a formal conditional tree taxonomy, a hierarchical lattice structure based on order theory, and a conceptual Venn...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/24 12:0 a.m.•4 views

Trust Me, I Know This Function: Hijacking LLM Static Analysis Using Bias

Large Language Models LLMs are increasingly trusted to perform automated code review and static analysis at scale, supporting tasks such as vulnerability detection, summarization, and refactoring. In this paper, we identify and exploit a critical vulnerability in LLM-based code analysis: an...

7.5AI score
Exploits0
Total number of security vulnerabilities6850