Lucene search
K
PacketstormnewsRecent

6850 matches found

Packet Storm News
Packet Storm News
•added 2025/08/16 12:0 a.m.•1 views

The Passwordless Authentication with Passkey Technology from an Implementation Perspective

With the rise of sophisticated authentication bypass techniques, passwords are no longer considered a reliable method for securing authentication systems. In recent years, new authentication technologies have shifted from traditional password-based logins to passwordless security. Among these,...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/15 12:0 a.m.•4 views

Pushing the Limits of Frequency Analysis in Leakage Abuse Attacks

Searchable encryption SE is the most scalable cryptographic primitive for searching on encrypted data. Typical SE constructions often allow access-pattern leakage, revealing which encrypted records are retrieved in the server's responses. All the known generic cryptanalyses assume either that the...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/15 12:0 a.m.•4 views

Activate Me!: Designing Efficient Activation Functions for Privacy-Preserving Machine Learning with Fully Homomorphic Encryption

The growing adoption of machine learning in sensitive areas such as healthcare and defense introduces significant privacy and security challenges. These domains demand robust data protection, as models depend on large volumes of sensitive information for both training and inference. Fully...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/15 12:0 a.m.•4 views

Machine Learning-Based AES Key Recovery Via Side-Channel Analysis on the ASCAD Dataset

Cryptographic algorithms like AES and RSA are widely used and they are mathematically robust and almost unbreakable but its implementation on physical devices often leak information through side channels, such as electromagnetic EM emissions, potentially compromising said theoretically secure...

6.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/15 12:0 a.m.•4 views

AegisBlock: a Privacy-Preserving Medical Research Framework Using Blockchain

Due to HIPAA and other privacy regulations, it is imperative to maintain patient privacy while conducting research on patient health records. In this paper, we propose AegisBlock, a patient-centric access controlled framework to share medical records with researchers such that the anonymity of th...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/15 12:0 a.m.•4 views

Securing Sideways: Thwarting Lateral Movement by Implementing Active Directory Tiering

The advancement of computing equipment and the advances in services over the Internet has allowed corporations, higher education, and many other organizations to pursue the shared computing network environment. A requirement for shared computing environments is a centralized identity system to...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/15 12:0 a.m.•7 views

CryptoScope: Utilizing Large Language Models for Automated Cryptographic Logic Vulnerability Detection

Cryptographic algorithms are fundamental to modern security, yet their implementations frequently harbor subtle logic flaws that are hard to detect. We introduce CryptoScope, a novel framework for automated cryptographic vulnerability detection powered by Large Language Models LLMs. CryptoScope...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/15 12:0 a.m.•6 views

Online Tour and Travel Management System 1.0 SQL Injection

Online Tour and Travel Management System version 1.0 suffers from a remote SQL injection vulnerability in the /admin/operations/travellers.php endpoint...

9.8CVSS7.8AI score0.00387EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/08/15 12:0 a.m.•3 views

RMSL: Weakly-Supervised Insider Threat Detection with Robust Multi-Sphere Learning

Insider threat detection aims to identify malicious user behavior by analyzing logs that record user interactions. Due to the lack of fine-grained behavior-level annotations, detecting specific behavior-level anomalies within user behavior sequences is challenging. Unsupervised methods face high...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/15 12:0 a.m.•6 views

Salty Seagull: a VSAT Honeynet to Follow the Bread Crumb of Attacks in Ship Networks

Cyber threats against the maritime industry have increased notably in recent years, highlighting the need for innovative cybersecurity approaches. Ships, as critical assets, possess highly specialized and interconnected network infrastructures, where their legacy systems and operational constrain...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/15 12:0 a.m.•14 views

Defending a City from Multi-Drone Attacks: a Sequential Stackelberg Security Games Approach

To counter an imminent multi-drone attack on a city, defenders have deployed drones across the city. These drones must intercept/eliminate the threat, thus reducing potential damage from the attack. We model this as a Sequential Stackelberg Security Game, where the defender first commits to a mix...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•30 views

Routing and Wavelength Assignment with Minimal Attack Radius for QKD Networks

Quantum Key Distribution QKD can distribute keys with guaranteed security but remains susceptible to key exchange interruption due to physical-layer threats, such as high-power jamming attacks. To address this challenge, we first introduce a novel metric, namely Maximum Number of Affected Request...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•4 views

Advancing Autonomous Incident Response: Leveraging LLMs and Cyber Threat Intelligence

Effective incident response IR is critical for mitigating cyber threats, yet security teams are overwhelmed by alert fatigue, high false-positive rates, and the vast volume of unstructured Cyber Threat Intelligence CTI documents. While CTI holds immense potential for enriching security operations...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•5 views

MirGuard: Towards a Robust Provenance-Based Intrusion Detection System against Graph Manipulation Attacks

Learning-based Provenance-based Intrusion Detection Systems PIDSes have become essential tools for anomaly detection in host systems due to their ability to capture rich contextual and structural information, as well as their potential to detect unknown attacks. However, recent studies have shown...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•4 views

REFN: a Reinforcement-Learning-From-Network Framework against 1-Day/N-Day Exploitations

The exploitation of 1 day or n day vulnerabilities poses severe threats to networked devices due to massive deployment scales and delayed patching average Mean Time To Patch exceeds 60 days. Existing defenses, including host based patching and network based filtering, are inadequate due to limite...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•2 views

Jailbreaking Commercial Black-Box LLMs with Explicitly Harmful Prompts

Evaluating jailbreak attacks is challenging when prompts are not overtly harmful or fail to induce harmful outputs. Unfortunately, many existing red-teaming datasets contain such unsuitable prompts. To evaluate attacks accurately, these datasets need to be assessed and cleaned for maliciousness...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•7 views

A Novel Study on Intelligent Methods and Explainable AI for Dynamic Malware Analysis

Deep learning models are one of the security strategies, trained on extensive datasets, and play a critical role in detecting and responding to these threats by recognizing complex patterns in malicious code. However, the opaque nature of these models-often described as "black boxes"-makes their...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•4 views

Data and Context Matter: Towards Generalizing AI-Based Software Vulnerability Detection

The performance of AI-based software vulnerability detection systems is often limited by their poor generalization to unknown codebases. In this research, we explore the impact of data quality and model architecture on the generalizability of vulnerability detection systems. By generalization we...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•4 views

Can Multi-Modal (Reasoning) LLMs Detect Document Manipulation?

Document fraud poses a significant threat to industries reliant on secure and verifiable documentation, necessitating robust detection mechanisms. This study investigates the efficacy of state-of-the-art multi-modal large language models LLMs-including OpenAI O1, OpenAI 4o, Gemini Flash thinking,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•5 views

Yet Another Mirage of Breaking MIRAGE: Debunking Occupancy-Based Side-Channel Attacks on Fully Associative Randomized Caches

Recent work presented at USENIX Security 2025 claims that occupancy-based attacks can recover AES keys from the MIRAGE randomized cache. In this paper, we examine these claims and find that they arise from fundamental modeling flaws. Most critically, the authors' simulation of MIRAGE uses a...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•5 views

A Hierarchical IDS for Zero-Day Attack Detection in Internet of Medical Things Networks

The Internet of Medical Things IoMT is driving a healthcare revolution but remains vulnerable to cyberattacks such as denial of service, ransomware, data hijacking, and spoofing. These networks comprise resource constrained, heterogeneous devices e.g., wearable sensors, smart pills, implantables,...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•5 views

Enhancing GraphQL Security by Detecting Malicious Queries Using Large Language Models, Sentence Transformers, and Convolutional Neural Networks

GraphQL's flexibility, while beneficial for efficient data fetching, introduces unique security vulnerabilities that traditional API security mechanisms often fail to address. Malicious GraphQL queries can exploit the language's dynamic nature, leading to denial-of-service attacks, data...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•47 views

HEIR: a Universal Compiler for Homomorphic Encryption

This work presents Homomorphic Encryption Intermediate Representation HEIR, a unified approach to building homomorphic encryption HE compilers. HEIR aims to support all mainstream techniques in homomorphic encryption, integrate with all major software libraries and hardware accelerators, and...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•5 views

A Transformer-Based Approach for DDoS Attack Detection in IoT Networks

DDoS attacks have become a major threat to the security of IoT devices and can cause severe damage to the network infrastructure. IoT devices suffer from the inherent problem of resource constraints and are therefore susceptible to such resource-exhausting attacks. Traditional methods for detecti...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•5 views

Searching for Privacy Risks in LLM Agents Via Simulation

The widespread deployment of LLM-based agents is likely to introduce a critical privacy threat: malicious agents that proactively engage others in multi-turn interactions to extract sensitive information. These dynamic dialogues enable adaptive attack strategies that can cause severe privacy...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•4 views

BERTector: Intrusion Detection Based on Joint-Dataset Learning

Intrusion detection systems IDS are facing challenges in generalization and robustness due to the heterogeneity of network traffic and the diversity of attack patterns. To address this issue, we propose a new joint-dataset training paradigm for IDS and propose a scalable BERTector framework based...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•4 views

Code Vulnerability Detection across Different Programming Languages with AI Models

Security vulnerabilities present in a code that has been written in diverse programming languages are among the most critical yet complicated aspects of source code to detect. Static analysis tools based on rule-based patterns usually do not work well at detecting the context-dependent bugs and...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/14 12:0 a.m.•3 views

Multichannel Hybrid Quantum Cryptography for Submarine Optical Communications

We present a multichannel hybrid quantum cryptography approach intended for submarine quantum optical communications between Alice and Bob separated a distance beyond the current QKD possibilities, each located on a coastline. It is based on the difficult of a simultaneous access to $M$ optical...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•6 views

Extending the OWASP Multi-Agentic System Threat Modeling Guide: Insights from Multi-Agent Security Research

We propose an extension to the OWASP Multi-Agentic System MAS Threat Modeling Guide, translating recent anticipatory research in multi-agent security MASEC into practical guidance for addressing challenges unique to large language model LLM-driven multi-agent architectures. Although OWASP's...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•7 views

Explainable Ensemble Learning for Graph-Based Malware Detection

Malware detection in modern computing environments demands models that are not only accurate but also interpretable and robust to evasive techniques. Graph neural networks GNNs have shown promise in this domain by modeling rich structural dependencies in graph-based program representations such a...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•5 views

CISA: FY 2025 State and Local Cybersecurity Grant Program FAQs

Congress established the State and Local Cybersecurity Grant Program SLCGP to "award grants to eligible entities to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local, or Tribal governments." Within the U.S. Department ...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•22 views

Heracles: Chosen Plaintext Attack on AMD SEV-SNP

A whitepaper discussing an attack on AMD SEV-SNP called Heracles that was able to leak kernel memory, crypto keys, and user passwords, as well as demonstrate web session hijacking...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•4 views

CISA: Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators

This guidance outlines a process for OT owners and operators to create an asset inventory and OT taxonomy. This process includes defining scope and objectives for the inventory, identifying assets, collecting attributes, creating a taxonomy, managing data, and implementing asset life cycle...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•4 views

MetaGuardian: Enhancing Voice Assistant Security through Advanced Acoustic Metamaterials

We present MetaGuardian, a voice assistant VA protection system based on acoustic metamaterials. MetaGuardian can be directly integrated into the enclosures of various smart devices, effectively defending against inaudible, adversarial and laser attacks without relying on additional software...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•2 views

Perfect Message Authentication Codes Are Robust to Small Deviations from Uniform Key Distributions

We investigate the impact of possible deviations of the probability distribution of key values from a uniform distribution for the information-theoretic strong, or perfect, message authentication code. We found a simple expression for the decrease in security as a function of the statistical...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•2 views

SECRET MESSENGERS

Whitepaper called SECRET MESSENGERS: Disseminating SIGINT in the Second World War: The Story of the British SLUs and American SSOs. This is a joint NSA and GCHQ release...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•6 views

Causal Graph Profiling Via Structural Divergence for Robust Anomaly Detection in Cyber-Physical Systems

With the growing complexity of cyberattacks targeting critical infrastructures such as water treatment networks, there is a pressing need for robust anomaly detection strategies that account for both system vulnerabilities and evolving attack patterns. Traditional methods -- statistical,...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•5 views

Incorporating Taxonomies of Cyber Incidents into Detection Networks for Improved Detection Performance

Many taxonomies exist to organize cybercrime incidents into ontological categories. We examine some of the taxonomies introduced in the literature; providing a framework, and analysis, of how best to leverage different taxonomy structures to optimize performance of detections targeting various...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•7 views

Social-Sensor Identity Cloning Detection Using Weakly Supervised Deep Forest and Cryptographic Authentication

Recent years have witnessed a rising trend in social-sensor cloud identity cloning incidents. However, existing approaches suffer from unsatisfactory performance, a lack of solutions for detecting duplicated accounts, and a lack of large-scale evaluations on real-world datasets. We introduce a...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•9 views

Amazon Nova AI Challenge -- Trusted AI: Advancing Secure, AI-Assisted Software Development

AI systems for software development are rapidly gaining prominence, yet significant challenges remain in ensuring their safety. To address this, Amazon launched the Trusted AI track of the Amazon Nova AI Challenge, a global competition among 10 university teams to drive advances in secure AI. In...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/13 12:0 a.m.•5 views

Demystifying the Role of Rule-Based Detection in AI Systems for Windows Malware Detection

Malware detection increasingly relies on AI systems that integrate signature-based detection with machine learning. However, these components are typically developed and combined in isolation, missing opportunities to reduce data complexity and strengthen defenses against adversarial EXEmples,...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/12 12:0 a.m.•3 views

Generalized Kennedy Receivers Enhanced CV-QKD in Turbulent Channels for Endogenous Security of Space-Air-Ground Integrated Network

Endogenous security in next-generation wireless communication systems attracts increasing attentions in recent years. A typical solution to endogenous security problems is the quantum key distribution QKD, where unconditional security can be achieved thanks to the inherent properties of quantum...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/12 12:0 a.m.•6 views

Shadow in the Cache: Unveiling and Mitigating Privacy Risks of KV-Cache in LLM Inference

The Key-Value KV cache, which stores intermediate attention computations Key and Value pairs to avoid redundant calculations, is a fundamental mechanism for accelerating Large Language Model LLM inference. However, this efficiency optimization introduces significant yet underexplored privacy risk...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/12 12:0 a.m.•6 views

Can AI Keep a Secret? Contextual Integrity Verification: a Provable Security Architecture for LLMs

Large language models LLMs remain acutely vulnerable to prompt injection and related jailbreak attacks; heuristic guardrails rules, filters, LLM judges are routinely bypassed. We present Contextual Integrity Verification CIV, an inference-time security architecture that attaches cryptographically...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/12 12:0 a.m.•4 views

Load-Altering Attacks against Power Grids: a Case Study Using the GB-36 Bus System Open Dataset

The growing digitalization and the rapid adoption of high-powered Internet-of-Things IoT-enabled devices e.g., EV charging stations have increased the vulnerability of power grids to cyber threats. In particular, the so-called Load Altering Attacks LAAs can trigger rapid frequency fluctuations an...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/12 12:0 a.m.•3 views

Deep Learning Models for Robust Facial Liveness Detection

In the rapidly evolving landscape of digital security, biometric authentication systems, particularly facial recognition, have emerged as integral components of various security protocols. However, the reliability of these systems is compromised by sophisticated spoofing attacks, where imposters...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/12 12:0 a.m.•5 views

Attacks and Defenses against LLM Fingerprinting

As large language models are increasingly deployed in sensitive environments, fingerprinting attacks pose significant privacy and security risks. We present a study of LLM fingerprinting from both offensive and defensive perspectives. Our attack methodology uses reinforcement learning to...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/12 12:0 a.m.•5 views

Exploring Cross-Stage Adversarial Transferability in Class-Incremental Continual Learning

Class-incremental continual learning addresses catastrophic forgetting by enabling classification models to preserve knowledge of previously learned classes while acquiring new ones. However, the vulnerability of the models against adversarial attacks during this process has not been investigated...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/12 12:0 a.m.•6 views

Developing a Transferable Federated Network Intrusion Detection System

Intrusion Detection Systems IDS are a vital part of a network-connected device. In this paper, we develop a deep learning based intrusion detection system that is deployed in a distributed setup across devices connected to a network. Our aim is to better equip deep learning models against unknown...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/12 12:0 a.m.•5 views

Evasive Ransomware Attacks Using Low-Level Behavioral Adversarial Examples

Protecting state-of-the-art AI-based cybersecurity defense systems from cyber attacks is crucial. Attackers create adversarial examples by adding small changes i.e., perturbations to the attack features to evade or fool the deep learning model. This paper introduces the concept of low-level...

7.1AI score
Exploits0
Total number of security vulnerabilities6850