Lucene search
K
PacketstormnewsRecent

6850 matches found

Packet Storm News
Packet Storm News
•added 2025/08/19 12:0 a.m.•12 views

MultiFuzz: a Dense Retrieval-Based Multi-Agent System for Network Protocol Fuzzing

Traditional protocol fuzzing techniques, such as those employed by AFL-based systems, often lack effectiveness due to a limited semantic understanding of complex protocol grammars and rigid seed mutation strategies. Recent works, such as ChatAFL, have integrated Large Language Models LLMs to guid...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/19 12:0 a.m.•3 views

mbedTLS 3.6.4 Use-After-Free

A proof of concept exploit for a use-after-free vulnerability in the mbedtlsx509stringtonames name parsing function of the mbedTLS library. A successful exploit grants arbitrary code execution with root privileges by hijacking freed heap metadata and redirecting control flow to injected shellcode...

9.8CVSS7.9AI score0.0199EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/08/19 12:0 a.m.•3 views

Ransomware Negotiation: Dynamics and Privacy-Preserving Mechanism Design

Ransomware attacks have become a pervasive and costly form of cybercrime, causing tens of millions of dollars in losses as organizations increasingly pay ransoms to mitigate operational disruptions and financial risks. While prior research has largely focused on proactive defenses, the...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/19 12:0 a.m.•8 views

Best Salon Management System 1.0 SQL Injection

A remote SQL injection vulnerability exists in SourceCodester Best Salon Management System version 1.0...

8.8CVSS8.3AI score0.00361EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/08/19 12:0 a.m.•4 views

CKM-Assisted Physical-Layer Security for Resilience against Unknown Eavesdropping Location

Channel Knowledge Map CKM is an emerging data-driven toolbox that captures our awareness of the wireless channel and enables efficient communication and resource allocation beyond the state of the art. In this work, we consider CKM for improving physical-layer security PLS in the presence of a...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/19 12:0 a.m.•12 views

On the Security and Privacy of Federated Learning: a Survey with Attacks, Defenses, Frameworks, Applications, and Future Directions

Federated Learning FL is an emerging distributed machine learning paradigm enabling multiple clients to train a global model collaboratively without sharing their raw data. While FL enhances data privacy by design, it remains vulnerable to various security and privacy threats. This survey provide...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/19 12:0 a.m.•15 views

Linux Kernel 5.16 Dirty Pipe Improper Handling

Proof of concept for the Dirty Pipe vulnerability that affects Linux kernel versions 5.6 through 5.16. This vulnerability allows local privilege escalation by exploiting improper handling of pipe buffers in the kernel, enabling an attacker to modify read-only files such as SUID binaries and execu...

7.8CVSS8.1AI score0.89063EPSS
Exploits100
Packet Storm News
Packet Storm News
•added 2025/08/19 12:0 a.m.•6 views

CIA+TA Risk Assessment for AI Reasoning Vulnerabilities

As AI systems increasingly influence critical decisions, they face threats that exploit reasoning mechanisms rather than technical infrastructure. We present a framework for cognitive cybersecurity, a systematic protection of AI reasoning processes from adversarial manipulation. Our contributions...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/19 12:0 a.m.•6 views

Car Rental System 1.0 SQL Injection

Car Rental System version 1.0 suffers from a remote SQL injection vulnerability in bookcar.php...

9.8CVSS8.2AI score0.00399EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•5 views

MAJIC: Markovian Adaptive Jailbreaking Via Iterative Composition of Diverse Innovative Strategies

Large Language Models LLMs have exhibited remarkable capabilities but remain vulnerable to jailbreaking attacks, which can elicit harmful content from the models by manipulating the input prompts. Existing black-box jailbreaking techniques primarily rely on static prompts crafted with a single,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•5 views

MPOCryptoML: Multi-Pattern Based Off-Chain Crypto Money Laundering Detection

Recent advancements in money laundering detection have demonstrated the potential of using graph neural networks to capture laundering patterns accurately. However, existing models are not explicitly designed to detect the diverse patterns of off-chain cryptocurrency money laundering. Neglecting...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•6 views

AutoBnB-RAG: Enhancing Multi-Agent Incident Response with Retrieval-Augmented Generation

Incident response IR requires fast, coordinated, and well-informed decision-making to contain and mitigate cyber threats. While large language models LLMs have shown promise as autonomous agents in simulated IR settings, their reasoning is often limited by a lack of access to external knowledge. ...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•7 views

Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?

In February 2024, after building trust over two years with project maintainers by making a significant volume of legitimate contributions, GitHub user "JiaT75" self-merged a version of the XZ Utils project containing a highly sophisticated, well-disguised backdoor targeting sshd processes running...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•3 views

Modified Security Analysis of Device-Independent Quantum Key Distribution with Random Key Basis

Security analysis is a critical part in any cryptographic protocol, may it be classical or quantum. Without security analysis, one cannot ensure the secrecy of the distributed keys. To perform a conclusive security analysis, it is very often necessary to frame the problem as an optimization...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•5 views

Sni5Gect: a Practical Approach to Inject aNRchy into 5G NR

In this paper, the authors propose and design SNI5GECT – a framework that sniffs messages from pre-authentication 5G communication in real-time and injects targeted attack payload in downlink communication towards the UE...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•7 views

Hashcat Advanced Password Recovery 7.1.1 Binary Release

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•5 views

VerilogLAVD: LLM-Aided Rule Generation for Vulnerability Detection in Verilog

Timely detection of hardware vulnerabilities during the early design stage is critical for reducing remediation costs. Existing early detection techniques often require specialized security expertise, limiting their usability. Recent efforts have explored the use of large language models LLMs for...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•5 views

Silentflow: Leveraging Trusted Execution for Resource-Limited MPC Via Hardware-Algorithm Co-Design

Secure Multi-Party Computation MPC offers a practical foundation for privacy-preserving machine learning at the edge, with MPC commonly employed to support nonlinear operations. These MPC protocols fundamentally rely on Oblivious Transfer OT, particularly Correlated OT COT, to generate correlated...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•6 views

Addressing Side-Channel Threats in Quantum Key Distribution Via Deep Anomaly Detection

Traditional countermeasures against security side channels in quantum key distribution QKD systems often suffer from poor compatibility with deployed infrastructure, the risk of introducing new vulnerabilities, and limited applicability to specific types of attacks. In this work, we propose an...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•5 views

The Application of Transformer-Based Models for Predicting Consequences of Cyber Attacks

Cyberattacks are increasing, and securing against such threats is costing industries billions of dollars annually. Threat Modeling, that is, comprehending the consequences of these attacks, can provide critical support to cybersecurity professionals, enabling them to take timely action and alloca...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•4 views

A Risk Manager for Intrusion Tolerant Systems: Enhancing HAL 9000 with New Scoring and Data Sources

Intrusion Tolerant Systems ITSs have become increasingly critical due to the rise of multi-domain adversaries exploiting diverse attack surfaces. ITS architectures aim to tolerate intrusions, ensuring system compromise is prevented or mitigated even with adversary presence. Existing ITS solutions...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•10 views

Lantronix Provisioning Manager 7.10.3 XML Injection

Lantronix Provisioning Manager version 7.10.3 suffers from an XML injection vulnerability...

8.6CVSS7.1AI score0.01667EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•15 views

Consiglieres in the Shadow: Understanding the Use of Uncensored Large Language Models in Cybercrimes

The advancement of AI technologies, particularly Large Language Models LLMs, has transformed computing while introducing new security and privacy risks. Prior research shows that cybercriminals are increasingly leveraging uncensored LLMs ULLMs as backends for malicious services. Understanding the...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•4 views

One-Class Intrusion Detection with Dynamic Graphs

With the growing digitalization all over the globe, the relevance of network security becomes increasingly important. Machine learning-based intrusion detection constitutes a promising approach for improving security, but it bears several challenges. These include the requirement to detect novel...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•7 views

Tenda AC20 16.03.08.12 Command Injection

Tenda AC20 version 16.03.08.12 suffers from a command injection vulnerability in /goform/telnet...

9.8CVSS7AI score0.14105EPSS
Exploits3
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•5 views

Prescriptive Zero Trust- Assessing the Impact of Zero Trust on Cyber Attack Prevention

Increasingly sophisticated and varied cyber threats necessitate ever improving enterprise security postures. For many organizations today, those postures have a foundation in the Zero Trust Architecture. This strategy sees trust as something an enterprise must not give lightly or assume too...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•4 views

Skyvern 0.1.85 Server-Side Template Injection

Proof of concept exploit that leverages a server-side template injection flaw in Skyvern versions up to 0.1.85 to launch a reverse shell...

8.5CVSS7AI score0.13746EPSS
Exploits6
Packet Storm News
Packet Storm News
•added 2025/08/18 12:0 a.m.•11 views

Linux 6.4 epoll Use-After-Free

Linux versions starting at 6.4 suffer from a use-after-free vulnerability via a race condition between epeventpollrelease and eventpollreleasefile because mutexunlock is not ownership-drop-safe...

7AI score0.00152EPSS
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/17 12:0 a.m.•5 views

Systematic Analysis of MCP Security

The Model Context Protocol MCP has emerged as a universal standard that enables AI agents to seamlessly connect with external tools, significantly enhancing their functionality. However, while MCP brings notable benefits, it also introduces significant vulnerabilities, such as Tool Poisoning...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/17 12:0 a.m.•5 views

Adversarial Attacks on VQA-NLE: Exposing and Alleviating Inconsistencies in Visual Question Answering Explanations

Natural language explanations in visual question answering VQA-NLE aim to make black-box models more transparent by elucidating their decision-making processes. However, we find that existing VQA-NLE systems can produce inconsistent explanations and reach conclusions without genuinely understandi...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/17 12:0 a.m.•3 views

False Data-Injection Attack Detection in Cyber-Physical Systems: a Wasserstein Distributionally Robust Reachability Optimization Approach

Cyber-physical system CPS is the foundational backbone of modern critical infrastructures, so ensuring its security and resilience against cyber-attacks is of pivotal importance. This paper addresses the challenge of designing anomaly detectors for CPS under false-data injection FDI attacks and...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/17 12:0 a.m.•6 views

Cyber Risks to Next-Gen Brain-Computer Interfaces: Analysis and Recommendations

Brain-computer interfaces BCIs show enormous potential for advancing personalized medicine. However, BCIs also introduce new avenues for cyber-attacks or security compromises. In this article, we analyze the problem and make recommendations for device manufacturers to better secure devices and to...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/17 12:0 a.m.•5 views

Reducing False Positives with Active Behavioral Analysis for Cloud Security

Rule-based cloud security posture management CSPM solutions are known to produce a lot of false positives based on the limited contextual understanding and dependence on static heuristics testing. This paper introduces a validation-driven methodology that integrates active behavioral testing in...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/17 12:0 a.m.•4 views

ChamaleoNet: Programmable Passive Probe for Enhanced Visibility on Erroneous Traffic

Traffic visibility remains a key component for management and security operations. Observing unsolicited and erroneous traffic, such as unanswered traffic or errors, is fundamental to detect misconfiguration, temporary failures or attacks. ChamaleoNet transforms any production network into a...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/17 12:0 a.m.•6 views

CISA: FY 2023 Tribal Cybersecurity Grant Program FAQs

This is the CISA FAQ for the Tribal Cybersecurity Grant Program TCGP which assists eligible Tribal governments addressing cybersecurity risks and threats to their information systems...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/17 12:0 a.m.•48 views

A Robust Cross-Domain IDS Using BiGRU-LSTM-Attention for Medical and Industrial IoT Security

The increased Internet of Medical Things IoMT and the Industrial Internet of Things IIoT interconnectivity has introduced complex cybersecurity challenges, exposing sensitive data, patient safety, and industrial operations to advanced cyber threats. To mitigate these risks, this paper introduces ...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/17 12:0 a.m.•3 views

Passive Hack-Back Strategies for Cyber Attribution: Covert Vectors in Denied Environment

Attributing cyberattacks remains a central challenge in modern cybersecurity, particularly within denied environments where defenders have limited visibility into attacker infrastructure and are restricted by legal or operational rules of engagement. This perspective examines the strategic value ...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/17 12:0 a.m.•5 views

Fortifying the Agentic Web: a Unified Zero-Trust Architecture against Logic-Layer Threats

This paper presents a Unified Security Architecture that fortifies the Agentic Web through a Zero-Trust IAM framework. This architecture is built on a foundation of rich, verifiable agent identities using Decentralized Identifiers DIDs and Verifiable Credentials VCs, with discovery managed by a...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/17 12:0 a.m.•4 views

MCPSecBench: a Systematic Security Benchmark and Playground for Testing Model Context Protocols

Large Language Models LLMs are increasingly integrated into real-world applications via the Model Context Protocol MCP, a universal, open standard for connecting AI agents with data sources and external tools. While MCP enhances the capabilities of LLM-based agents, it also introduces new securit...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/17 12:0 a.m.•4 views

ViT-EnsembleAttack: Augmenting Ensemble Models for Stronger Adversarial Transferability in Vision Transformers

Ensemble-based attacks have been proven to be effective in enhancing adversarial transferability by aggregating the outputs of models with various architectures. However, existing research primarily focuses on refining ensemble weights or optimizing the ensemble path, overlooking the exploration ...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/16 12:0 a.m.•5 views

Design and Implementation of a Controlled Ransomware Framework for Educational Purposes Using Flutter Cryptographic APIs on Desktop PCs and Android Devices

This study focuses on the creation and implementation of ransomware for educational purposes that leverages Python's native cryptographic APIs in a controlled environment. Additionally, an Android version of the framework is implemented using Flutter and Dart. For both versions, open-source...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/16 12:0 a.m.•5 views

Effect of Phase Shift Errors on the Security of UAV-Assisted STAR-RIS IoT Networks

Unmanned aerial vehicles UAV-mounted simultaneous transmitting and reflecting reconfigurable intelligent surface STAR-RIS systems can provide full-dimensional coverage and flexible deployment opportunities in future 6G-enabled IoT networks. However, practical imperfections such as jittering and...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/16 12:0 a.m.•0 views

The Passwordless Authentication with Passkey Technology from an Implementation Perspective

With the rise of sophisticated authentication bypass techniques, passwords are no longer considered a reliable method for securing authentication systems. In recent years, new authentication technologies have shifted from traditional password-based logins to passwordless security. Among these,...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/16 12:0 a.m.•10 views

PP-STAT: an Efficient Privacy-Preserving Statistical Analysis Framework Using Homomorphic Encryption

With the widespread adoption of cloud computing, the need for outsourcing statistical analysis to third-party platforms is growing rapidly. However, handling sensitive data such as medical records and financial information in cloud environments raises serious privacy concerns. In this paper, we...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/16 12:0 a.m.•5 views

Unlearning at Scale: Implementing the Right to Be Forgotten in Large Language Models

We study the right to be forgotten GDPR Art. 17 for large language models and frame unlearning as a reproducible systems problem. Our approach treats training as a deterministic program and logs a minimal per-microbatch record ordered ID hash, RNG seed, learning-rate value, optimizer-step counter...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/16 12:0 a.m.•5 views

Mitigating Jailbreaks with Intent-Aware LLMs

Despite extensive safety-tuning, large language models LLMs remain vulnerable to jailbreak attacks via adversarially crafted instructions, reflecting a persistent trade-off between safety and task performance. In this work, we propose Intent-FT, a simple and lightweight fine-tuning approach that...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/16 12:0 a.m.•5 views

Invitation Is All You Need! Promptware Attacks against LLM-Powered Assistants in Production Are Practical and Dangerous

The growing integration of LLMs into applications has introduced new security risks, notably known as Promptware - maliciously engineered prompts designed to manipulate LLMs to compromise the CIA triad of these applications. While prior research warned about a potential shift in the threat...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/16 12:0 a.m.•18 views

CAN Networks Security in Smart Grids Communication Technologies

The rapid evolution of smart grids requires effective communication protocols to transfer data reliably and securely. Controller Area Network CAN is one of the most recognized protocols that offer reliable data transmission in smart grids due to its robustness, real-time capabilities, and...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/16 12:0 a.m.•4 views

Attack Graph Generation on HPC Clusters

Attack graphs AGs are graphical tools to analyze the security of computer networks. By connecting the exploitation of individual vulnerabilities, AGs expose possible multi-step attacks against target networks, allowing system administrators to take preventive measures to enhance their network's...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/16 12:0 a.m.•3 views

Ethereum Crypto Wallets under Address Poisoning: How Usable and Secure Are They?

Blockchain address poisoning is an emerging phishing attack that crafts "similar-looking" transfer records in the victim's transaction history, which aims to deceive victims and lure them into mistakenly transferring funds to the attacker. Recent works have shown that millions of Ethereum users...

6.8AI score
Exploits0
Total number of security vulnerabilities6850