Lucene search
K
PacketstormnewsRecent

6850 matches found

Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.6 views

Multilingual Source Tracing of Speech Deepfakes: a First Benchmark

Recent progress in generative AI has made it increasingly easy to create natural-sounding deepfake speech from just a few seconds of audio. While these tools support helpful applications, they also raise serious concerns by making it possible to generate convincing fake speech in many languages...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.3 views

SenseCrypt: Sensitivity-Guided Selective Homomorphic Encryption for Joint Federated Learning in Cross-Device Scenarios

Homomorphic Encryption HE prevails in securing Federated Learning FL, but suffers from high overhead and adaptation cost. Selective HE methods, which partially encrypt model parameters by a global mask, are expected to protect privacy with reduced overhead and easy adaptation. However, in...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.5 views

Eavesdropping Risk in Terahertz Channels by Covered Wavy Surfaces

Terahertz communications offer unprecedented data rates for next-generation wireless networks but suffer blockage susceptibility that restrict coverage and introduce physical-layer security vulnerabilities. Non-line-of-sight relay schemes using metallic wavy surfaces MWS address coverage...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.3 views

Large Language Models Versus Static Code Analysis Tools: a Systematic Benchmark for Vulnerability Detection

Modern software relies on a multitude of automated testing and quality assurance tools to prevent errors, bugs and potential vulnerabilities. This study sets out to provide a head-to-head, quantitative and qualitative evaluation of six automated approaches: three industry-standard rule-based stat...

8.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.8 views

Policy Design in Zero-Trust Distributed Networks: Challenges and Solutions

Traditional security architectures are becoming more vulnerable to distributed attacks due to significant dependence on trust. This will further escalate when implementing agentic AI within the systems, as more components must be secured over a similar distributed space. These scenarios can be...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.4 views

Cybersecurity of Quantum Key Distribution Implementations

Practical implementations of Quantum Key Distribution QKD often deviate from the theoretical protocols, exposing the implementations to various attacks even when the underlying ideal protocol is proven secure. We present new analysis tools and methodologies for quantum cybersecurity, adapting the...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/06 12:0 a.m.7 views

Writebot AI Content Generator SaaS React Template 4.0.0 Shell Upload

Writebot AI Content Generator SaaS React Template versions 4.0.0 and below suffer from a remote shell upload vulnerability...

6.5CVSS6.9AI score0.00313EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.6 views

Anti-Tamper Protection for Unauthorized Individual Image Generation

With the advancement of personalized image generation technologies, concerns about forgery attacks that infringe on portrait rights and privacy are growing. To address these concerns, protection perturbation algorithms have been developed to disrupt forgery generation. However, the protection...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.6 views

Botan C++ Crypto Algorithms Library 3.9.0

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.4 views

Bidirectional TLS Handshake Caching for Constrained Industrial IoT Scenarios

While TLS has become the de-facto standard for end-to-end security, its use to secure critical communication in evolving industrial IoT scenarios is severely limited by prevalent resource constraints of devices and networks. Most notably, the TLS handshake to establish secure connections incurs...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.4 views

WiFinger: Fingerprinting Noisy IoT Event Traffic Using Packet-Level Sequence Matching

IoT environments such as smart homes are susceptible to privacy inference attacks, where attackers can analyze patterns of encrypted network traffic to infer the state of devices and even the activities of people. While most existing attacks exploit ML techniques for discovering such traffic...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.6 views

From Legacy to Standard: LLM-Assisted Transformation of Cybersecurity Playbooks into CACAO Format

Existing cybersecurity playbooks are often written in heterogeneous, non-machine-readable formats, which limits their automation and interoperability across Security Orchestration, Automation, and Response platforms. This paper explores the suitability of Large Language Models, combined with Prom...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.5 views

Simulating Cyberattacks through a Breach Attack Simulation (BAS) Platform Empowered by Security Chaos Engineering (SCE)

In today digital landscape, organizations face constantly evolving cyber threats, making it essential to discover slippery attack vectors through novel techniques like Security Chaos Engineering SCE, which allows teams to test defenses and identify vulnerabilities effectively. This paper proposes...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.7 views

Selection-Based Vulnerabilities: Clean-Label Backdoor Attacks in Active Learning

Active learningAL, which serves as the representative label-efficient learning paradigm, has been widely applied in resource-constrained scenarios. The achievement of AL is attributed to acquisition functions, which are designed for identifying the most important data to label. Despite this...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.15 views

MalFlows: Context-Aware Fusion of Heterogeneous Flow Semantics for Android Malware Detection

Static analysis, a fundamental technique in Android app examination, enables the extraction of control flows, data flows, and inter-component communications ICCs, all of which are essential for malware detection. However, existing methods struggle to leverage the semantic complementarity across...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.5 views

Intrusion Detection in Heterogeneous Networks with Domain-Adaptive Multi-Modal Learning

Network Intrusion Detection Systems NIDS play a crucial role in safeguarding network infrastructure against cyberattacks. As the prevalence and sophistication of these attacks increase, machine learning and deep neural network approaches have emerged as effective tools for enhancing NIDS...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.5 views

BadBlocks: Low-Cost and Stealthy Backdoor Attacks Tailored for Text-To-Image Diffusion Models

In recent years,Diffusion models have achieved remarkable progress in the field of image generation.However,recent studies have shown that diffusion models are susceptible to backdoor attacks,in which attackers can manipulate the output by injecting covert triggers such as specific visual pattern...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.5 views

Attack the Messages, Not the Agents: a Multi-Round Adaptive Stealthy Tampering Framework for LLM-MAS

Large language model-based multi-agent systems LLM-MAS effectively accomplish complex and dynamic tasks through inter-agent communication, but this reliance introduces substantial safety vulnerabilities. Existing attack methods targeting LLM-MAS either compromise agent internals or rely on direct...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.3 views

Smart Car Privacy: Survey of Attacks and Privacy Issues

Automobiles are becoming increasingly important in our day to day life. Modern automobiles are highly computerized and hence potentially vulnerable to attack. Providing many wireless connectivity for vehicles enables a bridge between vehicles and their external environments. Such a connected...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.4 views

BDFirewall: Towards Effective and Expeditiously Black-Box Backdoor Defense in MLaaS

In this paper, we endeavor to address the challenges of backdoor attacks countermeasures in black-box scenarios, thereby fortifying the security of inference under MLaaS. We first categorize backdoor triggers from a new perspective, i.e., their impact on the patched area, and divide them into:...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.5 views

Reputation-Based Partition Scheme for IoT Security

With the popularity of smart terminals, such as the Internet of Things, crowdsensing is an emerging data aggregation paradigm, which plays a pivotal role in data-driven applications. There are some key issues in the development of crowdsensing such as platform security and privacy protection. As...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.7 views

Lightweight Fault Detection Architecture for NTT on FPGA

Post-Quantum Cryptographic PQC algorithms are mathematically secure and resistant to quantum attacks but can still leak sensitive information in hardware implementations due to natural faults or intentional fault injections. The intent fault injection in side-channel attacks reduces the reliabili...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.2 views

ASTRA: Autonomous Spatial-Temporal Red-Teaming for AI Software Assistants

AI coding assistants like GitHub Copilot are rapidly transforming software development, but their safety remains deeply uncertain-especially in high-stakes domains like cybersecurity. Current red-teaming tools often rely on fixed benchmarks or unrealistic prompts, missing many real-world...

7.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.4 views

FlashVault: Versatile In-NAND Self-Encryption with Zero Area Overhead

We present FlashVault, an in-NAND self-encryption architecture that embeds a reconfigurable cryptographic engine into the unused silicon area of a state-of-the-art 4D V-NAND structure. FlashVault supports not only block ciphers for data encryption but also public-key and post-quantum algorithms f...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.5 views

Evaluating Software Supply Chain Security in Research Software

The security of research software is essential for ensuring the integrity and reproducibility of scientific results. However, research software security is still largely unexplored. Due to its dependence on open source components and distributed development practices, research software is...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.4 views

libxslt Key Data Storage Use-After-Free

libxslt suffers from a use-after-free vulnerability with key data stored cross-RVT...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.16 views

When Good Sounds Go Adversarial: Jailbreaking Audio-Language Models with Benign Inputs

As large language models become increasingly integrated into daily life, audio has emerged as a key interface for human-AI interaction. However, this convenience also introduces new vulnerabilities, making audio a potential attack surface for adversaries. Our research introduces WhisperInject, a...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.4 views

RX-INT: a Kernel Engine for Real-Time Detection and Analysis of In-Memory Threats

Malware and cheat developers use fileless execution techniques to evade traditional, signature-based security products. These methods include various types of manual mapping, module stomping, and threadless injection which work entirely within the address space of a legitimate process, presenting...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.9 views

Linux 6.9 AF_UNIX MSG_OOB Handling Use-After-Free

Linux versions starting at 6.9 have a security bug in the handling of MSGOOB, which causes use-after-free read+write when a sequence of syscalls is executed...

7AI score0.00247EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.7 views

WordPress Sala Theme 1.1.4 Privilege Escalation

WordPress Sala Theme versions 1.1.4 and below are vulnerable to an unauthenticated privilege escalation vulnerability. This flaw allows unauthenticated attackers to reset passwords of arbitrary users — including administrators — by directly invoking an exposed AJAX endpoint without verifying the...

9.8CVSS7.4AI score0.00561EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.3 views

Copyparty 1.18.6 Cross Site Scripting

Copyparty versions 1.18.6 and below suffer from a cross site scripting vulnerability...

6.3CVSS6.4AI score0.02393EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.6 views

Hashcat Advanced Password Recovery 7.0.0 Binary Release

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.8 views

PentestJudge: Judging Agent Behavior against Operational Requirements

We introduce PentestJudge, a system for evaluating the operations of penetration testing agents. PentestJudge is a large language model LLM-as-judge with access to tools that allow it to consume arbitrary trajectories of agent states and tool call history to determine whether a security agent's...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.5 views

Experimental Evaluation of Post-Quantum Homomorphic Encryption for Privacy-Preserving V2X Communication

Intelligent Transportation Systems ITS fundamentally rely on vehicle-generated data for applications such as congestion monitoring and route optimization, making the preservation of user privacy a critical challenge. Homomorphic Encryption HE offers a promising solution by enabling computation on...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.4 views

SUAD: Solid-Channel Ultrasound Injection Attack and Defense to Voice Assistants

As a versatile AI application, voice assistants VAs have become increasingly popular, but are vulnerable to security threats. Attackers have proposed various inaudible attacks, but are limited by cost, distance, or LoS. Therefore, we propose \nameAttack, a long-range, cross-barrier, and...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.11 views

Microsoft Edge Information Disclosure

Microsoft Edge Chromium-based suffers from an information disclosure vulnerability...

7.5CVSS6.2AI score0.03375EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.6 views

Secure MmWave Beamforming with Proactive-ISAC Defense against Beam-Stealing Attacks

Millimeter-wave mmWave communication systems face increasing susceptibility to advanced beam-stealing attacks, posing a significant physical layer security threat. This paper introduces a novel framework employing an advanced Deep Reinforcement Learning DRL agent for proactive and adaptive defens...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.4 views

Real-World Evaluation of Protocol-Compliant Denial-Of-Service Attacks on C-V2X-Based Forward Collision Warning Systems

Cellular Vehicle-to-Everything C-V2X technology enables low-latency, reliable communications essential for safety applications such as a Forward Collision Warning FCW system. C-V2X deployments operate under strict protocol compliance with the 3rd Generation Partnership Project 3GPP and the Societ...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.8 views

Thwart Me If You Can: an Empirical Analysis of Android Platform Armoring against Stalkerware

Stalkerware is a serious threat to individuals' privacy that is receiving increased attention from the security and privacy research communities. Existing works have largely focused on studying leading stalkerware apps, dual-purpose apps, monetization of stalkerware, or the experience of survivor...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.5 views

The Dark Side of Upgrades: Uncovering Security Risks in Smart Contract Upgrades

Smart contract upgrades are increasingly common due to their flexibility in modifying deployed contracts, such as fixing bugs or adding new functionalities. Meanwhile, upgrades compromise the immutability of contracts, introducing significant security concerns. While existing research has explore...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.6 views

Large Reasoning Models Are Autonomous Jailbreak Agents

Jailbreaking -- bypassing built-in safety mechanisms in AI models -- has traditionally required complex technical procedures or specialized human expertise. In this study, we show that the persuasive capabilities of large reasoning models LRMs simplify and scale jailbreaking, converting it into a...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.8 views

Coward: toward Practical Proactive Federated Backdoor Defense Via Collision-Based Watermark

Backdoor detection is currently the mainstream defense against backdoor attacks in federated learning FL, where malicious clients upload poisoned updates that compromise the global model and undermine the reliability of FL deployments. Existing backdoor detection techniques fall into two...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.14 views

WordPress Alone Theme 7.8.3 Arbitrary Plugin Upload / Code Execution

WordPress Alone Theme versions 7.8.3 and below are vulnerable to an unauthenticated arbitrary file upload vulnerability. This flaw allows unauthenticated attackers to upload and install arbitrary plugin ZIP files from remote URLs via an unprotected AJAX endpoint — resulting in remote code executi...

9.8CVSS8.5AI score0.47529EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.11 views

WordPress Alone Theme 7.8.3 Arbitrary Plugin Upload

WordPress Alone Theme versions 7.8.3 and below suffer from an arbitrary plugin upload vulnerability...

9.8CVSS7.2AI score0.47529EPSS
Exploits3
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.6 views

Attractive Metadata Attack: Inducing LLM Agents to Invoke Malicious Tools

Large language model LLM agents have demonstrated remarkable capabilities in complex reasoning and decision-making by leveraging external tools. However, this tool-centric paradigm introduces a previously underexplored attack surface: adversaries can manipulate tool metadata -- such as names,...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.6 views

Towards Effective Offensive Security LLM Agents: Hyperparameter Tuning, LLM As a Judge, and a Lightweight CTF Benchmark

Recent advances in LLM agentic systems have improved the automation of offensive security tasks, particularly for Capture the Flag CTF challenges. We systematically investigate the key factors that drive agent success and provide a detailed recipe for building effective LLM-based offensive securi...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.4 views

DINA: a Dual Defense Framework against Internal Noise and External Attacks in Natural Language Processing

As large language models LLMs and generative AI become increasingly integrated into customer service and moderation applications, adversarial threats emerge from both external manipulations and internal label corruption. In this work, we identify and systematically address these dual adversarial...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.10 views

Whispering Agents: an Event-Driven Covert Communication Protocol for the Internet of Agents

The emergence of the Internet of Agents IoA introduces critical challenges for communication privacy in sensitive, high-stakes domains. While standard Agent-to-Agent A2A protocols secure message content, they are not designed to protect the act of communication itself, leaving agents vulnerable t...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.4 views

Can LLMs Effectively Provide Game-Theoretic-Based Scenarios for Cybersecurity?

Game theory has long served as a foundational tool in cybersecurity to test, predict, and design strategic interactions between attackers and defenders. The recent advent of Large Language Models LLMs offers new tools and challenges for the security of computer systems; In this work, we investiga...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/08/04 12:0 a.m.7 views

A Survey on Data Security in Large Language Models

Large Language Models LLMs, now a foundation in advancing natural language processing, power applications such as text generation, machine translation, and conversational systems. Despite their transformative potential, these models inherently rely on massive amounts of training data, often...

7.5AI score
Exploits0
Total number of security vulnerabilities6850