Lucene search
K
PacketstormnewsRecent

6850 matches found

Packet Storm News
Packet Storm News
added 2025/08/24 12:0 a.m.5 views

Keystroke Detection by Exploiting Unintended RF Emission from Repaired USB Keyboards

Electronic devices and cables inadvertently emit RF emissions as a byproduct of signal processing and/or transmission. Labeled as electromagnetic emanations, they form an EM side-channel for data leakage. Previously, it was believed that such leakage could be contained within a facility since the...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/24 12:0 a.m.5 views

Risk Assessment and Security Analysis of Large Language Models

As large language models LLMs expose systemic security challenges in high risk applications, including privacy leaks, bias amplification, and malicious abuse, there is an urgent need for a dynamic risk assessment and collaborative defence framework that covers their entire life cycle. This paper...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/24 12:0 a.m.8 views

Cyber Security Educational Games for Children: a Systematic Literature Review

Educational games have been widely used to teach children about cyber security. This systematic literature review reveals evidence of positive learning outcomes, after analysing 91 such games reported in 68 papers published between 2010 and 2024. However, critical gaps have also been identified...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/24 12:0 a.m.5 views

A Comprehensive Review of Denial of Wallet Attacks in Serverless Architectures

The Denial of Wallet DoW attack poses a unique and growing threat to serverless architectures that rely on Function-as-a-Service FaaS models, exploiting the cost structure of pay-as-you-go billing to financially burden application owners. Unlike traditional Denial of Service DoS attacks, which ai...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/24 12:0 a.m.5 views

An Efficient Recommendation Filtering-Based Trust Model for Securing Internet of Things

Trust computation is crucial for ensuring the security of the Internet of Things IoT. However, current trust-based mechanisms for IoT have limitations that impact data security. Sliding window-based trust schemes cannot ensure reliable trust computation due to their inability to select appropriat...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/23 12:0 a.m.4 views

Towards Principled Analysis and Mitigation of Space Cyber Risks

Space infrastructures have become an underpinning of modern society, but their associated cyber risks are little understood. This Dissertation advances the state-of-the-art via four contributions. i It introduces an innovative framework for characterizing real-world cyber attacks against space...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/23 12:0 a.m.5 views

Mind the Gap: Time-Of-Check to Time-Of-Use Vulnerabilities in LLM-Enabled Agents

Large Language Model LLM-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications. While prior work has examined prompt-based attacks e.g., prompt injection and data-oriented threats e.g., data exfiltration...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/23 12:0 a.m.4 views

Post-Quantum Blockchain: Challenges and Opportunities

Blockchain is a Distributed Ledger Technology DLT that offers numerous benefits including decentralization, transparency, efficiency, and reduced costs. Hence, blockchain has been included in many fields. Blockchain relies on cryptographic protocols especially public-key cryptography and hash...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/22 12:0 a.m.5 views

The Aegis Protocol: a Foundational Security Framework for Autonomous AI Agents

The proliferation of autonomous AI agents marks a paradigm shift toward complex, emergent multi-agent systems. This transition introduces systemic security risks, including control-flow hijacking and cascading failures, that traditional cybersecurity paradigms are ill-equipped to address. This...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/22 12:0 a.m.5 views

A Survey of Threats against Voice Authentication and Anti-Spoofing Systems

Voice authentication has undergone significant changes from traditional systems that relied on handcrafted acoustic features to deep learning models that can extract robust speaker embeddings. This advancement has expanded its applications across finance, smart devices, law enforcement, and beyon...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/22 12:0 a.m.5 views

MixGAN: a Hybrid Semi-Supervised and Generative Approach for DDoS Detection in Cloud-Integrated IoT Networks

The proliferation of cloud-integrated IoT systems has intensified exposure to Distributed Denial of Service DDoS attacks due to the expanded attack surface, heterogeneous device behaviors, and limited edge protection. However, DDoS detection in this context remains challenging because of complex...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/22 12:0 a.m.17 views

CISA: 2025 Minimum Elements for a Software Bill of Materials (SBOM)

CISA is requesting public comment on its updated guidance on Software Bill of Materials SBOM to reflect the current state of maturity in software transparency and supply chain security. Building on the 2021 NTIA SBOM Minimum Elements, this update aims to help agencies and organizations to manage...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/22 12:0 a.m.3 views

Retrieval-Augmented Defense: Adaptive and Controllable Jailbreak Prevention for Large Language Models

Large Language Models LLMs remain vulnerable to jailbreak attacks, which attempt to elicit harmful responses from LLMs. The evolving nature and diversity of these attacks pose many challenges for defense systems, including 1 adaptation to counter emerging attack strategies without costly...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/22 12:0 a.m.6 views

A Survey of Post-Quantum Cryptography Support in Cryptographic Libraries

The rapid advancement of quantum computing poses a significant threat to modern cryptographic systems, necessitating the transition to Post-Quantum Cryptography PQC. This study evaluates the support for PQC algorithms within nine widely used open-source cryptographic libraries -- OpenSSL, wolfSSL...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/22 12:0 a.m.5 views

LLM-GUARD: Large Language Model-Based Detection and Repair of Bugs and Security Vulnerabilities in C++ and Python

Large Language Models LLMs such as ChatGPT-4, Claude 3, and LLaMA 4 are increasingly embedded in software/application development, supporting tasks from code generation to debugging. Yet, their real-world effectiveness in detecting diverse software bugs, particularly complex, security-relevant...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/21 12:0 a.m.3 views

Incorporating Device Characterization into Security Proofs

Typical security proofs for quantum key distribution QKD rely on having some model for the devices, with the security guarantees implicitly relying on the values of various parameters of the model, such as dark count rates or detector efficiencies. Hence to deploy QKD in practice, we must establi...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/21 12:0 a.m.4 views

Towards Scalable and Interpretable Mobile App Risk Analysis Via Large Language Models

Mobile application marketplaces are responsible for vetting apps to identify and mitigate security risks. Current vetting processes are labor-intensive, relying on manual analysis by security professionals aided by semi-automated tools. To address this inefficiency, we propose Mars, a system that...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/21 12:0 a.m.5 views

Connected and Exposed: Cybersecurity Risks, Regulatory Gaps, and Public Perception in Internet-Connected Vehicles

The rapid advancement of Internet-connected vehicle technologies has introduced a new era of smart mobility, while simultaneously raising significant cybersecurity and privacy concerns. This paper explores the evolving threat landscape associated with connected vehicles, focusing on risks such as...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/21 12:0 a.m.30 views

IPIGuard: a Novel Tool Dependency Graph-Based Defense against Indirect Prompt Injection in LLM Agents

Large language model LLM agents are widely deployed in real-world applications, where they leverage tools to retrieve and manipulate external data for complex tasks. However, when interacting with untrusted data sources e.g., fetching information from public websites, tool responses may contain...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/20 12:0 a.m.5 views

When Machine Learning Meets Vulnerability Discovery: Challenges and Lessons Learned

In recent years, machine learning has demonstrated impressive results in various fields, including software vulnerability detection. Nonetheless, using machine learning to identify software vulnerabilities presents new challenges, especially regarding the scale of data involved, which was not a...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/20 12:0 a.m.3 views

The Practical Issues of Side-Channel-Secure Quantum Key Distribution

Quantum Key Distribution QKD leverages the principles of quantum mechanics to provide theoretically unconditional security for cryptographic key sharing. However, practical implementations remain vulnerable due to non-ideal devices and potential security loopholes at both the source and detection...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/20 12:0 a.m.3 views

Adaptive Anomaly Detection in Evolving Network Environments

Distribution shift, a change in the statistical properties of data over time, poses a critical challenge for deep learning anomaly detection systems. Existing anomaly detection systems often struggle to adapt to these shifts. Specifically, systems based on supervised learning require costly manua...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/20 12:0 a.m.3 views

A Guide to Stakeholder Analysis for Cybersecurity Researchers

Stakeholder-based ethics analysis is now a formal requirement for submissions to top cybersecurity research venues. This requirement reflects a growing consensus that cybersecurity researchers must go beyond providing capabilities to anticipating and mitigating the potential harms thereof. Howeve...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/20 12:0 a.m.6 views

Markov Chain-Based Model of Blockchain Radio Access Networks

Security has always been a priority, for researchers, service providers and network operators when it comes to radio access networks RAN. One wireless access approach that has captured attention is blockchain enabled RAN B-RAN due to its secure nature. This research introduces a framework that...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/20 12:0 a.m.4 views

Bridging the Mobile Trust Gap: a Zero Trust Framework for Consumer-Facing Applications

Zero Trust Architecture ZTA has become a widely adopted model for securing enterprise environments, promoting continuous verification and minimal trust across systems. However, its application in mobile contexts remains limited, despite mobile applications now accounting for most global digital...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/20 12:0 a.m.4 views

Aura-CAPTCHA: a Reinforcement Learning and GAN-Enhanced Multi-Modal CAPTCHA System

Aura-CAPTCHA was developed as a multi-modal CAPTCHA system to address vulnerabilities in traditional methods that are increasingly bypassed by AI technologies, such as Optical Character Recognition OCR and adversarial image processing. The design integrated Generative Adversarial Networks GANs fo...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/20 12:0 a.m.4 views

MoEcho: Exploiting Side-Channel Attacks to Compromise User Privacy in Mixture-Of-Experts LLMs

The transformer architecture has become a cornerstone of modern AI, fueling remarkable progress across applications in natural language processing, computer vision, and multimodal learning. As these models continue to scale explosively for performance, implementation efficiency remains a critical...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/20 12:0 a.m.6 views

Foe for Fraud: Transferable Adversarial Attacks in Credit Card Fraud Detection

Credit card fraud detection CCFD is a critical application of Machine Learning ML in the financial sector, where accurately identifying fraudulent transactions is essential for mitigating financial losses. ML models have demonstrated their effectiveness in fraud detection task, in particular with...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.4 views

Enhancing Targeted Adversarial Attacks on Large Vision-Language Models through Intermediate Projector Guidance

Targeted adversarial attacks are essential for proactively identifying security flaws in Vision-Language Models before real-world deployment. However, current methods perturb images to maximize global similarity with the target text or reference image at the encoder level, collapsing rich visual...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.4 views

liblcf 0.8.1 Denial of Service

lcf2xml part of liblcf aborts when parsing specially crafted RPG Maker 2000/2003 files that supply a negative element count for vectors of structured records. Version 0.8.1 is affected...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.7 views

Webmin 1.920 Remote Code Execution

This tool is designed to exploit vulnerabilities in Webmin versions 1.890, 1.900, 1.910, and 1.920. It sends a crafted HTTP request to initiate a reverse shell on a vulnerable Webmin server...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.8 views

Cloudflare Image Resizing 1.5.6 Remote Code Execution

Cloudflare Image Resizing versions 1.5.6 and below suffer from an unauthenticated remote code execution vulnerability via the restpredispatch hook...

9.8CVSS8.4AI score0.14009EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.8 views

DDoS Attacks in Cloud Computing: Detection and Prevention

DDoS attacks are one of the most prevalent and harmful cybersecurity threats faced by organizations and individuals today. In recent years, the complexity and frequency of DDoS attacks have increased significantly, making it challenging to detect and mitigate them effectively. The study analyzes...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.3 views

CCFC: Core and Core-Full-Core Dual-Track Defense for LLM Jailbreak Protection

Jailbreak attacks pose a serious challenge to the safe deployment of large language models LLMs. We introduce CCFC Core & Core-Full-Core, a dual-track, prompt-level defense framework designed to mitigate LLMs' vulnerabilities from prompt injection and structure-aware jailbreak attacks. CCFC...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.5 views

Security-As-A-Function for IDS/IPS in Softwarized Network and Applications to 5G Network Systems

The service-based architecture of 5G network allows network operators to place virtualized network functions on commodity hardware, unlike the traditional vendor-specific hardware-based functionalities. However, it expands the security vulnerabilities and threats to the 5G network. While there...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.6 views

Conflicting Scores, Confusing Signals: an Empirical Study of Vulnerability Scoring Systems

Accurately assessing software vulnerabilities is essential for effective prioritization and remediation. While various scoring systems exist to support this task, their differing goals, methodologies and outputs often lead to inconsistent prioritization decisions. This work provides the first...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.11 views

WordPress Birth Chart Compatibility 2.0 Path Disclosure

WordPress Birth Chart Compatibility plugin versions 2.0 and below suffer from a path disclosure vulnerability...

5.3CVSS6.8AI score0.01567EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.6 views

Optimizing Scalar Selection in Elliptic Curve Cryptography Using Differential Evolution for Enhanced Security

Elliptic Curve Cryptography ECC is a fundamental component of modern public-key cryptosystems that enable efficient and secure digital signatures, key exchanges, and encryption. Its core operation, scalar multiplication, denoted as $k \cdot P$, where $P$ is a base point and $k$ is a private scala...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.4 views

Red Teaming Methodology for Design Obfuscation

The main goal of design obfuscation schemes is to protect sensitive design details from untrusted parties in the VLSI supply chain, including but not limited to off-shore foundries and untrusted end users. In this work, we provide a systematic red teaming approach to evaluate the security of desi...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.10 views

Google Chrome 134.0.6998.177 Sandbox Escape

This project is a research-oriented and educational simulation designed to demonstrate the concept of a sandbox escape vulnerability within Google Chrome version 134.0.6998.177. It leverages improper handle validation via the Mojo IPC system to illustrate how a malicious actor might attempt to...

8.3CVSS8.9AI score0.08404EPSS
Exploits6
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.7 views

M-Files 25.6.14925.0 Path Traversal

This repository contains a proof-of-concept exploit in C for a suspected path traversal vulnerability in M‑Files version 25.6.14925.0. It attempts to read sensitive files e.g. /etc/passwd by injecting traversal payloads into REST API endpoints...

8.4CVSS6.8AI score0.1109EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.8 views

Campcodes Online Movie Theater Seat Reservation System 1.0 Cross Site Scripting

Campcodes Online Movie Theater Seat Reservation System version 1.0 suffers from a cross site scripting vulnerability...

6.1CVSS6.4AI score0.00342EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.4 views

KillChainGraph: ML Framework for Predicting and Mapping ATT&CK Techniques

The escalating complexity and volume of cyberattacks demand proactive detection strategies that go beyond traditional rule-based systems. This paper presents a phase-aware, multi-model machine learning framework that emulates adversarial behavior across the seven phases of the Cyber Kill Chain...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.3 views

SaMOSA: Sandbox for Malware Orchestration and Side-Channel Analysis

Cyber-attacks on operational technology OT and cyber-physical systems CPS have increased tremendously in recent years with the proliferation of malware targeting Linux-based embedded devices of OT and CPS systems. Comprehensive malware detection requires dynamic analysis of execution behavior in...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.10 views

Online Appointment Booking System 1.0 SQL Injection

A remote SQL injection vulnerability exists in Online Appointment Booking System version 1.0 Code‑Projects in the file /admin/adddoctor.php. The username parameter is not properly sanitized, allowing remote attackers to execute arbitrary SQL queries time‑based, error‑based, union‑based,...

9.8CVSS8.4AI score0.00396EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.4 views

IBM MQ SSL Validation Bypass

A vulnerability exists in IBM MQ Message Queue that allows the bypassing of SSL certificate validation. By injecting a fake SSL certificate and using customized MQCONNX parameters, an unauthorized client connection to an IBM MQ server can be established...

9.8CVSS6.7AI score0.00314EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.6 views

Shopware 6.6.10.4 Race Condition

A race condition exists within the voucher system of the Shopware Core. Successful exploitation of this vulnerability allows an attacker to bypass voucher usage limits during the checkout process. This vulnerability exists due to the fact that validation of voucher codes is not an atomic operatio...

6CVSS6.5AI score0.00379EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.2 views

CAI Fluency: a Framework for Cybersecurity AI Fluency

This work introduces CAI Fluency, an an educational platform of the Cybersecurity AI CAI framework dedicated to democratizing the knowledge and application of cybersecurity AI tools in the global security community. The main objective of the CAI framework is to accelerate the widespread adoption...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.5 views

NodeShield: Runtime Enforcement of Security-Enhanced SBOMs for Node.Js

The software supply chain is an increasingly common attack vector for malicious actors. The Node.js ecosystem has been subject to a wide array of attacks, likely due to its size and prevalence. To counter such attacks, the research community and practitioners have proposed a range of static and...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/19 12:0 a.m.5 views

CISA: Tribal Cybersecurity Grant Program FAQ

Learn more about the Tribal Cybersecurity Grant Program TCGP which assists eligible Tribal governments address cybersecurity risks and threats to their information systems. CISA maintains this list of frequently asked questions FAQs for reference to address common questions about the program...

6.8AI score
Exploits0
Total number of security vulnerabilities6850