Lucene search
+L
PacketstormnewsRecent

6864 matches found

Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•3 views

An Adversarial Quantum Key Distribution Project

Quantum key distribution QKD is a popular introduction to quantum technologies used in education and public outreach, as very little background in quantum theory is needed and the practical applications are easily understood. There is considerably less exposure to the many real-world consideratio...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•5 views

Hashed Watermark As a Filter: Defeating Forging and Overwriting Attacks in Weight-Based Neural Network Watermarking

As valuable digital assets, deep neural networks necessitate robust ownership protection, positioning neural network watermarking NNW as a promising solution. Among various NNW approaches, weight-based methods are favored for their simplicity and practicality; however, they remain vulnerable to...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•4 views

Secure Quantum Key Distribution against Correlated Leakage Source

Quantum key distribution QKD provides information theoretic security based on quantum mechanics, however, its practical deployment is challenged by imperfections of source devices. Among various source loopholes, correlations between transmitted pulses pose a significant yet underexplored securit...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•3 views

Fairness-Aware Secure Integrated Sensing and Communications with Fractional Programming

We propose a novel secure integrated sensing and communications ISAC system designed to serve multiple communication users CUs and targets. To that end, we formulate an optimization problem that maximizes the secrecy rate under constraints balancing both communication and sensing requirements. To...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•1 views

A Three-Party Lightweight Quantum Key Distribution Protocol in a Restricted Quantum Environment

This study proposes a new lightweight quantum key distribution LQKD protocol based on the four-particle cluster state within a quantum-restricted environment. The protocol enables a quantum-capable user to simultaneously establish two separate secret keys with two "classical" users, who are limit...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•4 views

Bridging the Gap in Vision Language Models in Identifying Unsafe Concepts across Modalities

Whitepaper called Bridging The Gap In Vision Language Models In Identifying Unsafe Concepts Across Modalities...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•4 views

Security Enclave Architecture for Heterogeneous Security Primitives for Supply-Chain Attacks

Designing secure architectures for system-on-chip SoC platforms is a highly intricate and time-intensive task, often requiring months of development and meticulous verification. Even minor architectural oversights can lead to critical vulnerabilities that undermine the security of the entire chip...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•4 views

Finite-Correlation-Secure Quantum Key Distribution

Correlation between different pulses is a nettlesome problem in quantum key distribution QKD. All existing solutions for this problem need to characterize the strength of the correlation, which may reduce the security of QKD to an accurate characterization. In this article, we propose a new...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•7 views

WaFusion: a Wavelet-Enhanced Diffusion Framework for Face Morph Generation

Biometric face morphing poses a critical challenge to identity verification systems, undermining their security and robustness. To address this issue, we propose WaFusion, a novel framework combining wavelet decomposition and diffusion models to generate high-quality, realistic morphed face image...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•11 views

WordPress HT Contact Form Widget 2.2.1 Shell Upload

The WordPress HT Contact Form Widget plugin is vulnerable to arbitrary file uploads due to missing file type validation in the tempfileupload function in all versions up to, and including, 2.2.1. This allows unauthenticated attackers to upload arbitrary files to the server, potentially leading to...

9.8CVSS8.1AI score0.0161EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•4 views

Security Debt in Practice: Nuanced Insights from Practitioners

With the increasing reliance on software and automation nowadays, tight deadlines, limited resources, and prioritization of functionality over security can lead to insecure coding practices. When not handled properly, these constraints cause unaddressed security vulnerabilities to accumulate over...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•5 views

Mitigating Trojanized Prompt Chains in Educational LLM Use Cases: Experimental Findings and Detection Tool Design

The integration of Large Language Models LLMs in K--12 education offers both transformative opportunities and emerging risks. This study explores how students may Trojanize prompts to elicit unsafe or unintended outputs from LLMs, bypassing established content moderation systems with safety...

7.3AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•5 views

A Review of Privacy Metrics for Privacy-Preserving Synthetic Data Generation

Privacy Preserving Synthetic Data Generation PP-SDG has emerged to produce synthetic datasets from personal data while maintaining privacy and utility. Differential privacy DP is the property of a PP-SDG mechanism that establishes how protected individuals are when sharing their sensitive data. I...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•6 views

FacialMotionID: Identifying Users of Mixed Reality Headsets Using Abstract Facial Motion Representations

Facial motion capture in mixed reality headsets enables real-time avatar animation, allowing users to convey non-verbal cues during virtual interactions. However, as facial motion data constitutes a behavioral biometric, its use raises novel privacy concerns. With mixed reality systems becoming...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•4 views

Secure Goal-Oriented Communication: Defending against Eavesdropping Timing Attacks

Goal-oriented Communication GoC is a new paradigm that plans data transmission to occur only when it is instrumental for the receiver to achieve a certain goal. This leads to the advantage of reducing the frequency of transmissions significantly while maintaining adherence to the receiver's...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•7 views

Multi-Trigger Poisoning Amplifies Backdoor Vulnerabilities in LLMs

Recent studies have shown that Large Language Models LLMs are vulnerable to data poisoning attacks, where malicious training examples embed hidden behaviours triggered by specific input patterns. However, most existing works assume a phrase and focus on the attack's effectiveness, offering limite...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•3 views

MT4DP: Data Poisoning Attack Detection for DL-Based Code Search Models Via Metamorphic Testing

Recently, several studies have indicated that data poisoning attacks pose a severe security threat to deep learning-based DL-based code search models. Attackers inject carefully crafted malicious patterns into the training data, misleading the code search model to learn these patterns during...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•17 views

TOTOLINK N300RB 8.54 Hidden Remote Support Feature

A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to execute arbitrary OS commands with root privileges...

8.8CVSS7.4AI score0.07063EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/07/15 12:0 a.m.•5 views

LRCTI: a Large Language Model-Based Framework for Multi-Step Evidence Retrieval and Reasoning in Cyber Threat Intelligence Credibility Verification

Verifying the credibility of Cyber Threat Intelligence CTI is essential for reliable cybersecurity defense. However, traditional approaches typically treat this task as a static classification problem, relying on handcrafted features or isolated deep learning models. These methods often lack the...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•4 views

SynthGuard: Redefining Synthetic Data Generation with a Scalable and Privacy-Preserving Workflow Framework

The growing reliance on data-driven applications in sectors such as healthcare, finance, and law enforcement underscores the need for secure, privacy-preserving, and scalable mechanisms for data generation and sharing. Synthetic data generation SDG has emerged as a promising approach but often...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•5 views

Exploring User Security and Privacy Attitudes and Concerns toward the Use of General-Purpose LLM Chatbots for Mental Health

Individuals are increasingly relying on large language model LLM-enabled conversational agents for emotional support. While prior research has examined privacy and security issues in chatbots specifically designed for mental health purposes, these chatbots are overwhelmingly "rule-based" offering...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•6 views

Accelerating Automatic Program Repair with Dual Retrieval-Augmented Fine-Tuning and Patch Generation on Large Language Models

Automated Program Repair APR is essential for ensuring software reliability and quality while enhancing efficiency and reducing developers' workload. Although rule-based and learning-based APR methods have demonstrated their effectiveness, their performance was constrained by the defect type of...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•4 views

DM-RSA: an Extension of RSA with Dual Modulus

We introduce DM-RSA Dual Modulus RSA, a variant of the RSA cryptosystem that employs two distinct moduli symmetrically to enhance security. By leveraging the Chinese Remainder Theorem CRT for decryption, DM-RSA provides increased robustness against side-channel attacks while preserving the...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•10 views

PhreshPhish: a Real-World, High-Quality, Large-Scale Phishing Website Dataset and Benchmark

Phishing remains a pervasive and growing threat, inflicting heavy economic and reputational damage. While machine learning has been effective in real-time detection of phishing attacks, progress is hindered by lack of large, high-quality datasets and benchmarks. In addition to poor-quality due to...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•5 views

Reporte De Vulnerabilidades En IIoT. Proyecto DEFENDER

The main objective of this technical report is to conduct a comprehensive study on devices operating within Industrial Internet of Things IIoT environments, describing the scenarios that define this category and analysing the vulnerabilities that compromise their security. To this end, the report...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•6 views

"Is It Always Watching? Is It Always Listening?" Exploring Contextual Privacy and Security Concerns toward Domestic Social Robots

Equipped with artificial intelligence AI and advanced sensing capabilities, social robots are gaining interest among consumers in the United States. These robots seem like a natural evolution of traditional smart home devices. However, their extensive data collection capabilities, anthropomorphic...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•8 views

Split Happens: Combating Advanced Threats with Split Learning and Function Secret Sharing

Split Learning SL -- splits a model into two distinct parts to help protect client data while enhancing Machine Learning ML processes. Though promising, SL has proven vulnerable to different attacks, thus raising concerns about how effective it may be in terms of data privacy. Recent works have...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•4 views

From Semantic Web and MAS to Agentic AI: a Unified Narrative of the Web of Agents

The concept of the Web of Agents WoA, which transforms the static, document-centric Web into an environment of autonomous agents acting on users' behalf, has attracted growing interest as large language models LLMs become more capable. However, research in this area is still fragmented across...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•5 views

Vulnerability Mitigation System (VMS): LLM Agent and Evaluation Framework for Autonomous Penetration Testing

As the frequency of cyber threats increases, conventional penetration testing is failing to capture the entirety of todays complex environments. To solve this problem, we propose the Vulnerability Mitigation System VMS, a novel agent based on a Large Language Model LLM capable of performing...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•4 views

BandFuzz: an ML-Powered Collaborative Fuzzing Framework

Collaborative fuzzing has recently emerged as a technique that combines multiple individual fuzzers and dynamically chooses the appropriate combinations suited for different programs. Unlike individual fuzzers, which rely on specific assumptions to maintain their effectiveness, collaborative...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•8 views

DVFS: a Dynamic Verifiable Fuzzy Search Service for Encrypted Cloud Data

Cloud storage introduces critical privacy challenges for encrypted data retrieval, where fuzzy multi-keyword search enables approximate matching while preserving data confidentiality. Existing solutions face fundamental trade-offs between security and efficiency: linear-search mechanisms provide...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•5 views

3S-Attack: Spatial, Spectral and Semantic Invisible Backdoor Attack against DNN Models

Backdoor attacks involve either poisoning the training data or directly modifying the model in order to implant a hidden behavior, that causes the model to misclassify inputs when a specific trigger is present. During inference, the model maintains high accuracy on benign samples but misclassifie...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•6 views

PLA: Prompt Learning Attack against Text-To-Image Generative Models

Text-to-Image T2I models have gained widespread adoption across various applications. Despite the success, the potential misuse of T2I models poses significant risks of generating Not-Safe-For-Work NSFW content. To investigate the vulnerability of T2I models, this paper delves into adversarial...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•5 views

ARMOR: Aligning Secure and Safe Large Language Models Via Meticulous Reasoning

Large Language Models LLMs have demonstrated remarkable generative capabilities. However, their susceptibility to misuse has raised significant safety concerns. While post-training safety alignment methods have been widely adopted, LLMs remain vulnerable to malicious instructions that can bypass...

7.4AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•6 views

Optimal Debiased Inference on Privatized Data Via Indirect Estimation and Parametric Bootstrap

We design a debiased parametric bootstrap framework for statistical inference from differentially private data. Existing usage of the parametric bootstrap on privatized data ignored or avoided handling the effect of clamping, a technique employed by the majority of privacy mechanisms. Ignoring th...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•6 views

From Alerts to Intelligence: a Novel LLM-Aided Framework for Host-Based Intrusion Detection

Host-based intrusion detection system HIDS is a key defense component to protect the organizations from advanced threats like Advanced Persistent Threats APT. By analyzing the fine-grained logs with approaches like data provenance, HIDS has shown successes in capturing sophisticated attack traces...

7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•3 views

BURN: Backdoor Unlearning Via Adversarial Boundary Analysis

Backdoor unlearning aims to remove backdoor-related information while preserving the model's original functionality. However, existing unlearning methods mainly focus on recovering trigger patterns but fail to restore the correct semantic labels of poison samples. This limitation prevents them fr...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•6 views

PRM-Free Security Alignment of Large Models Via Red Teaming and Adversarial Training

Large Language Models LLMs have demonstrated remarkable capabilities across diverse applications, yet they pose significant security risks that threaten their safe deployment in critical domains. Current security alignment methodologies predominantly rely on Process Reward Models PRMs to evaluate...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•7 views

DNN Unicode Path Normalization NTLM Hash Disclosure

This exploit targets a vulnerability in DNN formerly DotNetNuke versions 6.0.0 to before 10.0.1 that allows attackers to disclose NTLM hashes through Unicode path normalization attacks...

8.6CVSS8.9AI score0.30628EPSS
Exploits1
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•5 views

Akamai CloudTest XML Injection

This is a Python-based exploit for CVE-2025-49493, which affects Akamai CloudTest versions before 60 2025.06.02 12988. The vulnerability allows for XML External Entity XXE injection through the SOAP service endpoint...

5.8CVSS7.1AI score0.03395EPSS
Exploits2
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•6 views

DNS Tunneling: Threat Landscape and Improved Detection Solutions

Detecting Domain Name System DNS tunneling is a significant challenge in security due to its capacity to hide harmful actions within DNS traffic that appears to be normal and legitimate. Traditional detection methods are based on rule-based approaches or signature matching methods that are often...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•3 views

ExCyTIn-Bench: Evaluating LLM Agents on Cyber Threat Investigation

We present ExCyTIn-Bench, the first benchmark to Evaluate an LLM agent x on the task of Cyber Threat Investigation through security questions derived from investigation graphs. Real-world security analysts must sift through a large number of heterogeneous alert signals and security logs, follow...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•5 views

Contrastive-KAN: a Semi-Supervised Intrusion Detection Framework for Cybersecurity with Scarce Labeled Data

In the era of the Fourth Industrial Revolution, cybersecurity and intrusion detection systems are vital for the secure and reliable operation of IoT and IIoT environments. A key challenge in this domain is the scarcity of labeled cyber-attack data, as most industrial systems operate under normal...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•6 views

HASSLE: a Self-Supervised Learning Enhanced Hijacking Attack on Vertical Federated Learning

Vertical Federated Learning VFL enables an orchestrating active party to perform a machine learning task by cooperating with passive parties that provide additional task-related features for the same training data entities. While prior research has leveraged the privacy vulnerability of VFL to...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•1 views

Logic Layer Prompt Control Injection (LPCI): a Novel Security Vulnerability Class in Agentic Systems

The integration of large language models LLMs into enterprise systems has created a new class of covert security vulnerabilities, particularly within logic-execution layers and persistent-memory contexts. In this paper, we introduce Logic-Layer Prompt Control Injection LPCI, a novel attack catego...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•5 views

DESIGN: Encrypted GNN Inference Via Server-Side Input Graph Pruning

Graph Neural Networks GNNs have achieved state-of-the-art performance in various graph-based learning tasks. However, enabling privacy-preserving GNNs in encrypted domains, such as under Fully Homomorphic Encryption FHE, typically incurs substantial computational overhead, rendering real-time and...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•6 views

Crypto-Assisted Graph Degree Sequence Release under Local Differential Privacy

Whitepaper called Crypto-Assisted Graph Degree Sequence Release Under Local Differential Privacy...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•7 views

The Man behind the Sound: Demystifying Audio Private Attribute Profiling Via Multimodal Large Language Model Agents

Our research uncovers a novel privacy risk associated with multimodal large language models MLLMs: the ability to infer sensitive personal attributes from audio data -- a technique we term audio private attribute profiling. This capability poses a significant threat, as audio can be covertly...

6.7AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•7 views

REAL-IoT: Characterizing GNN Intrusion Detection Robustness under Practical Adversarial Attack

Graph Neural Network GNN-based network intrusion detection systems NIDS are often evaluated on single datasets, limiting their ability to generalize under distribution drift. Furthermore, their adversarial robustness is typically assessed using synthetic perturbations that lack realism. This...

6.6AI score
Exploits0
Packet Storm News
Packet Storm News
•added 2025/07/14 12:0 a.m.•5 views

OpenBlow Missing Headers

Multiple public deployments of the OpenBlow whistleblowing software lack critical HTTP security headers. These configurations expose users to client-side vulnerabilities including cross site scripting, clickjacking, API misuse, and referer leakage. Given the extreme sensitivity of users...

6.8AI score
Exploits0
Total number of security vulnerabilities6864