Lucene search
K
PacketstormnewsRecent

6850 matches found

Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•5 views

Microsoft SharePoint Privilege Escalation

This script exploits a vulnerability in Microsoft SharePoint Server allowing remote attackers to escalate privileges on affected installations. While this script focuses on elevation of privilege, attackers with malicious intent might chain this vulnerability with a remote code execution...

9.8CVSS8.3AI score0.99649EPSS
Exploits11
Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•7 views

Confluence Broken Access Control

This script is designed to exploit the CVE-2023-22515 vulnerability in Confluence, which allows for unauthorized access to Confluence Server and Confluence Data Center instances. The vulnerability is categorized as a broken access control issue and has a CVSS base score of 10.0...

10CVSS6.8AI score0.99156EPSS
Exploits39
Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•5 views

Simulation in Cybersecurity: Understanding Techniques, Applications, and Goals

Modeling and simulation are widely used in cybersecurity research to assess cyber threats, evaluate defense mechanisms, and analyze vulnerabilities. However, the diversity of application areas, the variety of cyberattacks scenarios, and the differing objectives of these simulations makes it...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•35 views

Symbolic Execution in Practice: a Survey of Applications in Vulnerability, Malware, Firmware, and Protocol Analysis

Symbolic execution is a powerful program analysis technique that allows for the systematic exploration of all program paths. Path explosion, where the number of states to track becomes unwieldy, is one of the biggest challenges hindering symbolic execution's practical application. To combat this,...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•6 views

Membership Inference Attack with Partial Features

Machine learning models have been shown to be susceptible to membership inference attack, which can be used to determine whether a given sample appears in the training data. Existing membership inference methods commonly assume that the adversary has full access to the features of the target...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•4 views

MALRIS: Malicious Hardware in RIS-Assisted Wireless Communications

Reconfigurable intelligent surfaces RIS enhance wireless communication by dynamically shaping the propagation environment, but their integration introduces hardware-level security risks. This paper presents the concept of Malicious RIS MALRIS, where compromised components behave adversarially, ev...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•11 views

CitrixBleed 2 Mass Scanner

This script is a mass scanner for the CitrixBleed 2 vulnerability...

9.3CVSS7AI score0.9987EPSS
Exploits18
Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•9 views

Latent Fusion Jailbreak: Blending Harmful and Harmless Representations to Elicit Unsafe LLM Outputs

Large language models LLMs demonstrate impressive capabilities in various language tasks but are susceptible to jailbreak attacks that circumvent their safety alignments. This paper introduces Latent Fusion Jailbreak LFJ, a representation-based attack that interpolates hidden states from harmful...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•13 views

WordPress Bricks 1.9.6 Remote Code Execution

This tool is designed to exploit the CVE-2024-25600 vulnerability found in the Bricks Builder plugin for WordPress versions 1.9.6 and below. The vulnerability allows for unauthenticated remote code execution on affected websites. The tool automates the exploitation process by retrieving nonces an...

10CVSS8.5AI score0.88234EPSS
Exploits18
Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•5 views

Topology Generation of UAV Covert Communication Networks: a Graph Diffusion Approach with Incentive Mechanism

With the growing demand for Uncrewed Aerial Vehicle UAV networks in sensitive applications, such as urban monitoring, emergency response, and secure sensing, ensuring reliable connectivity and covert communication has become increasingly vital. However, dynamic mobility and exposure risks pose...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•6 views

Zimbra Postjournal Command Execution

CVE-2024-45519 is a vulnerability in Zimbra Collaboration ZCS that allows unauthenticated users to execute commands through the postjournal service. This guide walks you through setting up a lab environment to reproduce the issue and execute the exploit...

10CVSS7.3AI score0.99877EPSS
Exploits4
Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•4 views

Beyond Uniform Criteria: Scenario-Adaptive Multi-Dimensional Jailbreak Evaluation

Precise jailbreak evaluation is vital for LLM red teaming and jailbreak research. Current approaches employ binary classification e.g., string matching, toxic text classifiers, LLM-driven methods, yielding only "yes/no" labels without quantifying harm intensity. Existing multi-dimensional...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/08 12:0 a.m.•10 views

WordPress Backup Migration 1.3.7 Remote Code Execution

The Backup Migration plugin for WordPress is vulnerable to remote Code execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. An attacker can control the values passed to an include statement, leveraging that to achieve remote code execution. This...

9.8CVSS9.1AI score0.97846EPSS
Exploits14
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•4 views

RL-MoE: an Image-Based Privacy Preserving Approach in Intelligent Transportation System

The proliferation of AI-powered cameras in Intelligent Transportation Systems ITS creates a severe conflict between the need for rich visual data and the fundamental right to privacy. Existing privacy-preserving mechanisms, such as blurring or encryption, are often insufficient, creating an...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•7 views

Performance and Storage Analysis of CRYSTALS Kyber As a Post Quantum Replacement for RSA and ECC

The steady advancement in quantum computer error correction technology has pushed the current record to 48 stable logical qubits, bringing us closer to machines capable of running Shor's algorithm at scales that threaten RSA and ECC cryptography. While the timeline for developing such quantum...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•5 views

PRvL: Quantifying the Capabilities and Risks of Large Language Models for PII Redaction

Redacting Personally Identifiable Information PII from unstructured text is critical for ensuring data privacy in regulated domains. While earlier approaches have relied on rule-based systems and domain-specific Named Entity Recognition NER models, these methods fail to generalize across formats...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•5 views

Quantum Circuit Benchmarking on IBM Brisbane: Performance Insights from Superconducting Qubit Models

This paper investigates quantum communication using superconducting qubits, emphasizing the simulation and control of quantum systems via IBM Brisbane quantum processor. We focus on implementing fundamental quantum gates and analyzing the evolution of entangled states, which are essential for...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•3 views

Secure and Practical Quantum Digital Signatures

Digital signatures represent a crucial cryptographic asset that must be protected against quantum adversaries. Quantum Digital Signatures QDS can offer solutions that are information-theoretically IT secure and thus immune to quantum attacks. In this work, we analyze three existing practical QDS...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•5 views

Incident Response Planning Using a Lightweight Large Language Model with Reduced Hallucination

Timely and effective incident response is key to managing the growing frequency of cyberattacks. However, identifying the right response actions for complex systems is a major technical challenge. A promising approach to mitigate this challenge is to use the security knowledge embedded in large...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•6 views

Optimizing IoT Threat Detection with Kolmogorov-Arnold Networks (KANs)

The exponential growth of the Internet of Things IoT has led to the emergence of substantial security concerns, with IoT networks becoming the primary target for cyberattacks. This study examines the potential of Kolmogorov-Arnold Networks KANs as an alternative to conventional machine learning...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•5 views

Efficient Mediated Multiparty Semi-Quantum Secret Sharing Protocol Based on Single-Qubit Reordering

Typical multiparty semi-quantum secret sharing MSQSS protocols require the dealer to possess full quantum capabilities, while the classical users usually need to perform three operations. To address this practical limitation, this paper introduces a new mediated MSQSS protocol that enables Alice,...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•4 views

A Comparative Performance Evaluation of Kyber, Sntrup761, and FrodoKEM for Post-Quantum Cryptography

Post-quantum cryptography PQC aims to develop cryptographic algorithms that are secure against attacks from quantum computers. This paper compares the leading postquantum cryptographic algorithms, such as Kyber, sntrup761, and FrodoKEM, in terms of their security, performance, and real-world...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•4 views

Enhancing Software Vulnerability Detection through Adaptive Test Input Generation Using Genetic Algorithm

Software vulnerabilities continue to undermine the reliability and security of modern systems, particularly as software complexity outpaces the capabilities of traditional detection methods. This study introduces a genetic algorithm-based method for test input generation that innovatively...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•9 views

Semi-Supervised Supply Chain Fraud Detection with Unsupervised Pre-Filtering

Detecting fraud in modern supply chains is a growing challenge, driven by the complexity of global networks and the scarcity of labeled data. Traditional detection methods often struggle with class imbalance and limited supervision, reducing their effectiveness in real-world applications. This...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•4 views

System Security Framework for 5G Advanced /6G IoT Integrated Terrestrial Network-Non-Terrestrial Network (TN-NTN) with AI-Enabled Cloud Security

The integration of Terrestrial Networks TN and Non-Terrestrial Networks NTN, including 5G Advanced/6G and the Internet of Things IoT technologies, using Low Earth Orbit LEO satellites, high-altitude platforms HAPS, and Unmanned Aerial Vehicles UAVs, is redefining the landscape of global...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•5 views

Non-Omniscient Backdoor Injection with a Single Poison Sample: Proving the One-Poison Hypothesis for Linear Regression and Linear Classification

Backdoor injection attacks are a threat to machine learning models that are trained on large data collected from untrusted sources; these attacks enable attackers to inject malicious behavior into the model that can be triggered by specially crafted inputs. Prior work has established bounds on th...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•5 views

Tigo Energy CCA Command Injection

This repository contains a proof of concept exploit exploit for CVE‑2025‑7769, a critical remote command injection vulnerability found in Tigo Energy CCA appliances exposing the /cgi-bin/mobileapi endpoint...

8.7CVSS7.7AI score0.15849EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•3 views

Exploring Satellite Quantum Key Distribution under Atmospheric Constraints

Satellite Quantum Key Distribution creates a pathway for secure global communication with a level of security that is peerless. However, ground-to-satellite Quantum Key Distribution links are degraded due to the atmospheric turbulence. This paper gives a numerical framework using angular spectrum...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•5 views

An Overview of 7726 User Reports: Uncovering SMS Scams and Scammer Strategies

Mobile network operators implement firewalls to stop illicit messages, but scammers find ways to evade detection. Previous work has looked into SMS texts that are blocked by these firewalls. However, there is little insight into SMS texts that bypass them and reach users. To this end, we...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/07 12:0 a.m.•1 views

Secure Quantum Key Distribution Via Entangled Quantum Walkers

Quantum Key Distribution QKD is an emerging cryptographic method designed for secure key sharing. Its security is theoretically guaranteed by fundamental principles of quantum mechanics, making it a leading candidate for future communication protocols. Quantum Random Walks QRWs, on the other hand...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•6 views

Log2Sig: Frequency-Aware Insider Threat Detection Via Multivariate Behavioral Signal Decomposition

Insider threat detection presents a significant challenge due to the deceptive nature of malicious behaviors, which often resemble legitimate user operations. However, existing approaches typically model system logs as flat event sequences, thereby failing to capture the inherent frequency dynami...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•5 views

Drone Detection with Event Cameras

The diffusion of drones presents significant security and safety challenges. Traditional surveillance systems, particularly conventional frame-based cameras, struggle to reliably detect these targets due to their small size, high agility, and the resulting motion blur and poor performance in...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•4 views

From Split to Share: Private Inference with Distributed Feature Sharing

Cloud-based Machine Learning as a Service MLaaS raises serious privacy concerns when handling sensitive client data. Existing Private Inference PI methods face a fundamental trade-off between privacy and efficiency: cryptographic approaches offer strong protection but incur high computational...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•6 views

From Learning to Unlearning: Biomedical Security Protection in Multimodal Large Language Models

The security of biomedical Multimodal Large Language Models MLLMs has attracted increasing attention. However, training samples easily contain private information and incorrect knowledge that are difficult to detect, potentially leading to privacy leakage or erroneous outputs after deployment. An...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•7 views

Prompt Injection Vulnerability of Consensus Generating Applications in Digital Democracy

Large Language Models LLMs are gaining traction as a method to generate consensus statements and aggregate preferences in digital democracy experiments. Yet, LLMs may introduce critical vulnerabilities in these systems. Here, we explore the impact of prompt-injection attacks targeting consensus...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•5 views

AuthPrint: Fingerprinting Generative Models against Malicious Model Providers

Generative models are increasingly adopted in high-stakes domains, yet current deployments offer no mechanisms to verify the origin of model outputs. We address this gap by extending model fingerprinting techniques beyond the traditional collaborative setting to one where the model provider may a...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•5 views

Optimizing Preventive and Reactive Defense Resource Allocation with Uncertain Sensor Signals

Cyber attacks continue to be a cause of concern despite advances in cyber defense techniques. Although cyber attacks cannot be fully prevented, standard decision-making frameworks typically focus on how to prevent them from succeeding, without considering the cost of cleaning up the damages...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•2 views

Evaluating Selective Encryption against Gradient Inversion Attacks

Gradient inversion attacks pose significant privacy threats to distributed training frameworks such as federated learning, enabling malicious parties to reconstruct sensitive local training data from gradient communications between clients and an aggregation server during the aggregation process...

6.5AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•3 views

SelectiveShield: Lightweight Hybrid Defense against Gradient Leakage in Federated Learning

Federated Learning FL enables collaborative model training on decentralized data but remains vulnerable to gradient leakage attacks that can reconstruct sensitive user information. Existing defense mechanisms, such as differential privacy DP and homomorphic encryption HE, often introduce a...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•4 views

Secure Development of a Hooking-Based Deception Framework against Keylogging Techniques

Keyloggers remain a serious threat in modern cybersecurity, silently capturing user keystrokes to steal credentials and sensitive information. Traditional defenses focus mainly on detection and removal, which can halt malicious activity but do little to engage or mislead adversaries. In this pape...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•6 views

Privacy Risk Predictions Based on Fundamental Understanding of Personal Data and an Evolving Threat Landscape

It is difficult for individuals and organizations to protect personal information without a fundamental understanding of relative privacy risks. By analyzing over 5,000 empirical identity theft and fraud cases, this research identifies which types of personal data are exposed, how frequently...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•5 views

Attack Pattern Mining to Discover Hidden Threats to Industrial Control Systems

This work focuses on validation of attack pattern mining in the context of Industrial Control System ICS security. A comprehensive security assessment of an ICS requires generating a large and variety of attack patterns. For this purpose we have proposed a data driven technique to generate attack...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•7 views

atjiu pybbs 6.0.0 Cross Site Scripting

atjiu pybbs versions 6.0.0 and below suffer from a cross site scripting vulnerability...

4.8CVSS6.4AI score0.00625EPSS
Exploits3
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•5 views

MambaITD: an Efficient Cross-Modal Mamba Network for Insider Threat Detection

Enterprises are facing increasing risks of insider threats, while existing detection methods are unable to effectively address these challenges due to reasons such as insufficient temporal dynamic feature modeling, computational efficiency and real-time bottlenecks and cross-modal information...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•3 views

Multi-Stage Knowledge-Distilled VGAE and GAT for Robust Controller-Area-Network Intrusion Detection

The Controller Area Network CAN protocol is a standard for in-vehicle communication but remains susceptible to cyber-attacks due to its lack of built-in security. This paper presents a multi-stage intrusion detection framework leveraging unsupervised anomaly detection and supervised graph learnin...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•8 views

SVC 2025: the First Multimodal Deception Detection Challenge

Deception detection is a critical task in real-world applications such as security screening, fraud prevention, and credibility assessment. While deep learning methods have shown promise in surpassing human-level performance, their effectiveness often depends on the availability of high-quality a...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•3 views

Isolate Trigger: Detecting and Eradicating Evade-Adaptive Backdoors

All current detection of backdoor attacks on deep learning models fall under the category of a non essential featuresNEF, which focus on fighting against simple and efficient vertical class backdoor -- trigger is small, few and not overlapping with the source. Evade-adaptive backdoor EAB attacks...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•9 views

Per-Element Secure Aggregation against Data Reconstruction Attacks in Federated Learning

Federated learning FL enables collaborative model training without sharing raw data, but individual model updates may still leak sensitive information. Secure aggregation SecAgg mitigates this risk by allowing the server to access only the sum of client updates, thereby concealing individual...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•6 views

Measuring the Carbon Footprint of Cryptographic Privacy-Enhancing Technologies

Privacy-enhancing technologies PETs have attracted significant attention in response to privacy regulations, driving the development of applications that prioritize user data protection. At the same time, the information and communication technology ICT sector faces growing pressure to reduce its...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/08/06 12:0 a.m.•6 views

Leveraging Large Language Models for SQL Behavior-Based Database Intrusion Detection

Database systems are extensively used to store critical data across various domains. However, the frequency of abnormal database access behaviors, such as database intrusion by internal and external attacks, continues to rise. Internal masqueraders often have greater organizational knowledge,...

7.5AI score
Exploits0
Total number of security vulnerabilities6850