Lucene search
K
PacketstormnewsRecent

6850 matches found

Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.4 views

Security Analysis of ChatGPT: Threats and Privacy Risks

As artificial intelligence technology continues to advance, chatbots are becoming increasingly powerful. Among them, ChatGPT, launched by OpenAI, has garnered widespread attention globally due to its powerful natural language processing capabilities based on the GPT model, which enables it to...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.4 views

Enhance the Machine Learning Algorithm Performance in Phishing Detection with Keyword Features

Recently, we can observe a significant increase of the phishing attacks in the Internet. In a typical phishing attack, the attacker sets up a malicious website that looks similar to the legitimate website in order to obtain the end-users' information. This may cause the leakage of the sensitive...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.4 views

Kigen eUICC Type Confusion

Security Explorations has further examined the security of Kigen eUICC cards with GSMA consumer certificates installed. This advisory is an update and expansion to the original research disclosed, however it does not disclose exact details. They do, however, state that the new issue seems more...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.5 views

Secure Authentication Via Quantum Physical Unclonable Functions: a Review

Quantum Physical Unclonable Functions QPUFs offer a physically grounded approach to secure authentication, extending the capabilities of classical PUFs. This review covers their theoretical foundations and key implementation challenges - such as quantum memories and Haar-randomness -, and...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.5 views

Securing Educational LLMs: a Generalised Taxonomy of Attacks on LLMs and DREAD Risk Assessment

Due to perceptions of efficiency and significant productivity gains, various organisations, including in education, are adopting Large Language Models LLMs into their workflows. Educator-facing, learner-facing, and institution-facing LLMs, collectively, Educational Large Language Models eLLMs,...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.5 views

Microsoft PlayReady Activation Protocol Issues

This advisory builds on prior disclosed work in 2022 regarding Microsoft PlayReady protocol issues that can lead to leaf certificate generation using fake identities...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.6 views

Image Selective Encryption Analysis Using Mutual Information in CNN Based Embedding Space

As digital data transmission continues to scale, concerns about privacy grow increasingly urgent - yet privacy remains a socially constructed and ambiguously defined concept, lacking a universally accepted quantitative measure. This work examines information leakage in image data, a domain where...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.6 views

Shadow in the Cache: Unveiling and Mitigating Privacy Risks of KV-Cache in LLM Inference

The Key-Value KV cache, which stores intermediate attention computations Key and Value pairs to avoid redundant calculations, is a fundamental mechanism for accelerating Large Language Model LLM inference. However, this efficiency optimization introduces significant yet underexplored privacy risk...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.6 views

Can AI Keep a Secret? Contextual Integrity Verification: a Provable Security Architecture for LLMs

Large language models LLMs remain acutely vulnerable to prompt injection and related jailbreak attacks; heuristic guardrails rules, filters, LLM judges are routinely bypassed. We present Contextual Integrity Verification CIV, an inference-time security architecture that attaches cryptographically...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.4 views

Load-Altering Attacks against Power Grids: a Case Study Using the GB-36 Bus System Open Dataset

The growing digitalization and the rapid adoption of high-powered Internet-of-Things IoT-enabled devices e.g., EV charging stations have increased the vulnerability of power grids to cyber threats. In particular, the so-called Load Altering Attacks LAAs can trigger rapid frequency fluctuations an...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.3 views

Deep Learning Models for Robust Facial Liveness Detection

In the rapidly evolving landscape of digital security, biometric authentication systems, particularly facial recognition, have emerged as integral components of various security protocols. However, the reliability of these systems is compromised by sophisticated spoofing attacks, where imposters...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.5 views

Attacks and Defenses against LLM Fingerprinting

As large language models are increasingly deployed in sensitive environments, fingerprinting attacks pose significant privacy and security risks. We present a study of LLM fingerprinting from both offensive and defensive perspectives. Our attack methodology uses reinforcement learning to...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.4 views

Surpassing the PLOB Bound in Continuous-Variable Quantum Secret Sharing Using a State-Discrimination Detector

Continuous-variable quantum secret sharing CVQSS is a promising approach to ensuring multi-party information security. While CVQSS offers practical ease of implementation, its present performance remains limited. In this paper, we propose a novel CVQSS protocol integrated with a...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.7 views

Never Compromise to Vulnerabilities: a Comprehensive Survey on AI Governance

The rapid advancement of AI has expanded its capabilities across domains, yet introduced critical technical vulnerabilities, such as algorithmic bias and adversarial sensitivity, that pose significant societal risks, including misinformation, inequity, security breaches, physical harm, and eroded...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/12 12:0 a.m.7 views

Omnissa Workspace ONE UEM Path Traversal / Server-Side Request Forgery

Omnissa Workspace ONE UEM suffers from path traversal and server-side request forgery vulnerabilities...

7.5CVSS7AI score0.20348EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.3 views

Securing Agentic AI: Threat Modeling and Risk Analysis for Network Monitoring Agentic AI System

When combining Large Language Models LLMs with autonomous agents, used in network monitoring and decision-making systems, this will create serious security issues. In this research, the MAESTRO framework consisting of the seven layers threat modeling architecture in the system was used to expose,...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.4 views

Obfuscated Quantum and Post-Quantum Cryptography

In this work, we present an experimental deployment of a new design for combined quantum key distribution QKD and post-quantum cryptography PQC. Novel to our system is the dynamic obfuscation of the QKD-PQC sequence of operations, the number of operations, and parameters related to the operations...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.5 views

Jetty 10.0.6 HTTP/2 Stream Exhaustion Denial of Service

Jetty version 10.0.6 is vulnerable to a denial of service condition via HTTP/2 stream exhaustion. By opening and maintaining a large number of idle HTTP/2 streams, an attacker can exhaust server resources and cause the service to become unresponsive. This archive includes a Ruby Metasploit...

7.5CVSS6.8AI score0.01433EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.5 views

Differential Privacy for Regulatory Compliance in Cyberattack Detection on Critical Infrastructure Systems

Industrial control systems are a fundamental component of critical infrastructure networks CIN such as gas, water and power. With the growing risk of cyberattacks, regulatory compliance requirements are also increasing for large scale critical infrastructure systems comprising multiple utility...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.4 views

Belkin F9K1009 / F9K1010 Authentication Bypass

This repository contains a exploit for CVE‑2025‑8730, a critical Authentication Bypass vulnerability affecting the web interface of Belkin F9K1009 and F9K1010 routers. The flaw lies in the session validation logic of the /login.htm file, where improperly handled cookies or crafted requests allow...

10CVSS9.4AI score0.03245EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.5 views

Generative AI for Cybersecurity of Energy Management Systems: Methods, Challenges, and Future Directions

This paper elaborates on an extensive security framework specifically designed for energy management systems EMSs, which effectively tackles the dynamic environment of cybersecurity vulnerabilities and/or system problems SPs, accomplished through the incorporation of novel methodologies. A...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.6 views

False Reality: Uncovering Sensor-Induced Human-VR Interaction Vulnerability

Virtual Reality VR techniques, serving as the bridge between the real and virtual worlds, have boomed and are widely used in manufacturing, remote healthcare, gaming, etc. Specifically, VR systems offer users immersive experiences that include both perceptions and actions. Various studies have...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.6 views

Chimera: Harnessing Multi-Agent LLMs for Automatic Insider Threat Simulation

Insider threats, which can lead to severe losses, remain a major security concern. While machine learning-based insider threat detection ITD methods have shown promising results, their progress is hindered by the scarcity of high-quality data. Enterprise data is sensitive and rarely accessible,...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.5 views

Generative AI for Critical Infrastructure in Smart Grids: a Unified Framework for Synthetic Data Generation and Anomaly Detection

In digital substations, security events pose significant challenges to the sustained operation of power systems. To mitigate these challenges, the implementation of robust defense strategies is critically important. A thorough process of anomaly identification and detection in information and...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.5 views

VeriPHY: Physical Layer Signal Authentication for Wireless Communication in 5G Environments

Physical layer authentication PLA uses inherent characteristics of the communication medium to provide secure and efficient authentication in wireless networks, bypassing the need for traditional cryptographic methods. With advancements in deep learning, PLA has become a widely adopted technique...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.8 views

A Comparative Analysis of Lightweight Hash Functions Using AVR ATXMega128 and ChipWhisperer

Lightweight hash functions have become important building blocks for security in embedded and IoT systems. A plethora of algorithms have been proposed and standardized, providing a wide range of performance trade-off options for developers to choose from. This paper presents a comparative analysi...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.5 views

Selective KV-Cache Sharing to Mitigate Timing Side-Channels in LLM Inference

Global KV-cache sharing has emerged as a key optimization for accelerating large language model LLM inference. However, it exposes a new class of timing side-channel attacks, enabling adversaries to infer sensitive user inputs via shared cache entries. Existing defenses, such as per-user isolatio...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.3 views

AI Security Map: Holistic Organization of AI Security Technologies and Impacts on Stakeholders

As the social implementation of AI has been steadily progressing, research and development related to AI security has also been increasing. However, existing studies have been limited to organizing related techniques, attacks, defenses, and risks in terms of specific domains or AI elements. Thus,...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.3 views

EntraGoat - a Deliberately Vulnerable Entra ID Environment

EntraGoat is a deliberately vulnerable Microsoft Entra ID infrastructure designed to simulate real-world identity security misconfigurations and attack vectors. EntraGoat introduces intentional vulnerabilities in your environment to provide a realistic learning platform for security professionals...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.5 views

BlindGuard: Safeguarding LLM-Based Multi-Agent Systems under Unknown Attacks

The security of LLM-based multi-agent systems MAS is critically threatened by propagation vulnerability, where malicious agents can distort collective decision-making through inter-agent message interactions. While existing supervised defense methods demonstrate promising performance, they may be...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.4 views

Designing with Deception: ML- and Covert Gate-Enhanced Camouflaging to Thwart IC Reverse Engineering

Integrated circuits ICs are essential to modern electronic systems, yet they face significant risks from physical reverse engineering RE attacks that compromise intellectual property IP and overall system security. While IC camouflage techniques have emerged to mitigate these risks, existing...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.8 views

Power Pwn 4.0.1

Power Pwn is a powerful open‑source toolset designed for red‑teaming and security testing within the Microsoft 365 environment, particularly around Copilot, Copilot Studio, and the Power Platform...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.10 views

VOIDFace: a Privacy-Preserving Multi-Network Face Recognition with Enhanced Security

Advancement of machine learning techniques, combined with the availability of large-scale datasets, has significantly improved the accuracy and efficiency of facial recognition. Modern facial recognition systems are trained using large face datasets collected from diverse individuals or public...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/11 12:0 a.m.1 views

Robust Anomaly Detection in O-RAN: Leveraging LLMs against Data Manipulation Attacks

The introduction of 5G and the Open Radio Access Network O-RAN architecture has enabled more flexible and intelligent network deployments. However, the increased complexity and openness of these architectures also introduce novel security challenges, such as data manipulation attacks on the...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/10 12:0 a.m.8 views

TraceLens: Question-Driven Debugging for Taint Flow Understanding

Taint analysis is a security analysis technique used to track the flow of potentially dangerous data through an application and its dependent libraries. Investigating why certain unexpected flows appear and why expected flows are missing is an important sensemaking process during end-user taint...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/10 12:0 a.m.1 views

Certifiably Robust Malware Detectors by Design

Malware analysis involves analyzing suspicious software to detect malicious payloads. Static malware analysis, which does not require software execution, relies increasingly on machine learning techniques to achieve scalability. Although such techniques obtain very high detection accuracy, they c...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/10 12:0 a.m.30 views

Civil Servants As Builders: Enabling Non-IT Staff to Develop Secure Python and R Tools

Current digital government literature focuses on professional in-house IT teams, specialized digital service teams, vendor-developed systems, or proprietary low-code/no-code tools. Almost no scholarship addresses a growing middle ground: technically skilled civil servants outside formal IT roles...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/10 12:0 a.m.1 views

Reversible Video Steganography Using Quick Response Codes and Modified ElGamal Cryptosystem

The rapid transmission of multimedia information has been achieved mainly by recent advancements in the Internet's speed and information technology. In spite of this, advancements in technology have resulted in breaches of privacy and data security. When it comes to protecting private information...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/10 12:0 a.m.5 views

Enhancing Privacy in Decentralized Min-Max Optimization: a Differentially Private Approach

Decentralized min-max optimization allows multi-agent systems to collaboratively solve global min-max optimization problems by facilitating the exchange of model updates among neighboring agents, eliminating the need for a central server. However, sharing model updates in such systems carry a ris...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/09 12:0 a.m.8 views

Who'S the Evil Twin? Differential Auditing for Undesired Behavior

Detecting hidden behaviors in neural networks poses a significant challenge due to minimal prior knowledge and potential adversarial obfuscation. We explore this problem by framing detection as an adversarial game between two teams: the red team trains two similar models, one trained solely on...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/09 12:0 a.m.7 views

Neural Network-Based Detection and Multi-Class Classification of FDI Attacks in Smart Grid Home Energy Systems

False Data Injection Attacks FDIAs pose a significant threat to smart grid infrastructures, particularly Home Area Networks HANs, where real-time monitoring and control are highly adopted. Owing to the comparatively less stringent security controls and widespread availability of HANs, attackers...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/09 12:0 a.m.3 views

A Real-Time, Self-Tuning Moderator Framework for Adversarial Prompt Detection

Ensuring LLM alignment is critical to information security as AI models become increasingly widespread and integrated in society. Unfortunately, many defenses against adversarial attacks and jailbreaking on LLMs cannot adapt quickly to new attacks, degrade model responses to benign prompts, or...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/09 12:0 a.m.5 views

Balancing Privacy and Efficiency: Music Information Retrieval Via Additive Homomorphic Encryption

In the era of generative AI, ensuring the privacy of music data presents unique challenges: unlike static artworks such as images, music data is inherently temporal and multimodal, and it is sampled, transformed, and remixed at an unprecedented scale. These characteristics make its core vector...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/09 12:0 a.m.2 views

Cognitive Cybersecurity for Artificial Intelligence: Guardrail Engineering with CCS-7

Language models exhibit human-like cognitive vulnerabilities, such as emotional framing, that escape traditional behavioral alignment. We present CCS-7 Cognitive Cybersecurity Suite, a taxonomy of seven vulnerabilities grounded in human cognitive security research. To establish a human benchmark,...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/08 12:0 a.m.5 views

EU Digital Regulation and Guatemala: AI, 5G, and Cybersecurity

The paper examines how EU rules in AI, 5G, and cybersecurity operate as transnational governance and shape policy in Guatemala. It outlines the AI Act's risk approach, the 5G Action Plan and Security Toolbox, and the cybersecurity regime built on ENISA, NIS2, the Cybersecurity Act, and the Cyber...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/08 12:0 a.m.4 views

ScamAgents: How AI Agents Can Simulate Human-Level Scam Calls

Large Language Models LLMs have demonstrated impressive fluency and reasoning capabilities, but their potential for misuse has raised growing concern. In this paper, we present ScamAgent, an autonomous multi-turn agent built on top of LLMs, capable of generating highly realistic scam call scripts...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/08 12:0 a.m.5 views

Microsoft SharePoint Privilege Escalation

This script exploits a vulnerability in Microsoft SharePoint Server allowing remote attackers to escalate privileges on affected installations. While this script focuses on elevation of privilege, attackers with malicious intent might chain this vulnerability with a remote code execution...

9.8CVSS8.3AI score0.99649EPSS
Exploits11
Packet Storm News
Packet Storm News
added 2025/08/08 12:0 a.m.7 views

Confluence Broken Access Control

This script is designed to exploit the CVE-2023-22515 vulnerability in Confluence, which allows for unauthorized access to Confluence Server and Confluence Data Center instances. The vulnerability is categorized as a broken access control issue and has a CVSS base score of 10.0...

10CVSS6.8AI score0.99156EPSS
Exploits39
Packet Storm News
Packet Storm News
added 2025/08/08 12:0 a.m.5 views

Simulation in Cybersecurity: Understanding Techniques, Applications, and Goals

Modeling and simulation are widely used in cybersecurity research to assess cyber threats, evaluate defense mechanisms, and analyze vulnerabilities. However, the diversity of application areas, the variety of cyberattacks scenarios, and the differing objectives of these simulations makes it...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/08 12:0 a.m.35 views

Symbolic Execution in Practice: a Survey of Applications in Vulnerability, Malware, Firmware, and Protocol Analysis

Symbolic execution is a powerful program analysis technique that allows for the systematic exploration of all program paths. Path explosion, where the number of states to track becomes unwieldy, is one of the biggest challenges hindering symbolic execution's practical application. To combat this,...

7.1AI score
Exploits0
Total number of security vulnerabilities6850