Lucene search
+L
PacketstormnewsRecent

6894 matches found

packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.6 views

AppleAVD AV1_Syntax::f Out-Of-Bounds Read

There is an issue in AppleAVD kernel extension with decoding AV1 video files that could potentially be used to read out-of bound data or potentially cause a kernel crash when rendering a malformed video file. The issue was observed on macOS Sonoma 14.5...

6.7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.6 views

Don'T Hash Me like That: Exposing and Mitigating Hash-Induced Unfairness in Local Differential Privacy

Local differential privacy LDP has become a widely accepted framework for privacy-preserving data collection. In LDP, many protocols rely on hash functions to implement user-side encoding and perturbation. However, the security and privacy implications of hash function selection have not been...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.5 views

AppleAVD AV1_Syntax::Parse_Header Out-Of-Bounds Read

There is an issue in AppleAVD kernel extension with decoding AV1 video files that could potentially be used to read out-of bound data or potentially cause a kernel crash when rendering a malformed video file. The issue was observed on macOS Sonoma 14.5...

6.7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.5 views

On the Impact of Sybil-Based Attacks on Mobile Crowdsensing for Transportation

Mobile Crowd-Sensing MCS enables users with personal mobile devices PMDs to gain information on their surroundings. Users collect and contribute data on different phenomena using their PMD sensors, and the MCS system processes this data to extract valuable information for end users. Navigation...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.3 views

Living Long Doing Pentests

Whitepaper called Living Long Doing Pentests. It discusses basic LLDP protocol fuzzing and usage from a pentester's point of view...

7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.3 views

MacOS Sandbox Escape via Double Free in coreaudiod/CoreAudio Framework

MacOS suffers from a sandbox escape vulnerability due to a double-free condition in coreaudiod/CoreAudio Framework...

7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.7 views

Generative AI for Vulnerability Detection in 6G Wireless Networks: Advances, Case Study, and Future Directions

The rapid advancement of 6G wireless networks, IoT, and edge computing has significantly expanded the cyberattack surface, necessitating more intelligent and adaptive vulnerability detection mechanisms. Traditional security methods, while foundational, struggle with zero-day exploits, adversarial...

7.3AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.4 views

Perry: a High-Level Framework for Accelerating Cyber Deception Experimentation

Cyber deception aims to distract, delay, and detect network attackers with fake assets such as honeypots, decoy credentials, or decoy files. However, today, it is difficult for operators to experiment, explore, and evaluate deception approaches. Existing tools and platforms have non-portable and...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.4 views

msm_npu Race Condition / Memory Corruption

msmnpu has a race condition between npuhostunloadnetwork and npuhostexecnetworkv2 that leads to memory corruption...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.6 views

RedCoder: Automated Multi-Turn Red Teaming for Code LLMs

Large Language Models LLMs for code generation i.e., Code LLMs have demonstrated impressive capabilities in AI-assisted software development and testing. However, recent studies have shown that these models are prone to generating vulnerable or even malicious code under adversarial settings...

7.4AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.3 views

Vulnerability Disclosure through Adaptive Black-Box Adversarial Attacks on NIDS

Adversarial attacks, wherein slight inputs are carefully crafted to mislead intelligent models, have attracted increasing attention. However, a critical gap persists between theoretical advancements and practical application, particularly in structured data like network traffic, where...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.6 views

Measuring Modern Phishing Tactics: a Quantitative Study of Body Obfuscation Prevalence, Co-Occurrence, and Filter Impact

Phishing attacks frequently use email body obfuscation to bypass detection filters, but quantitative insights into how techniques are combined and their impact on filter scores remain limited. This paper addresses this gap by empirically investigating the prevalence, co-occurrence patterns, and...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.5 views

PrivacyGo: Privacy-Preserving Ad Measurement with Multidimensional Intersection

This paper tackles the challenging and practical problem of multi-identifier private user profile matching for privacy-preserving ad measurement, a cornerstone of modern advertising analytics. We introduce a comprehensive cryptographic framework leveraging reversed Oblivious Pseudorandom Function...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.4 views

Samsung S24 MP3 Decoder Out-Of-Bounds Read

There is an out-of-bounds read in the MP3 decoder in the Samsung S24. The function smp123djointstereov1 indexes into several tables for decoding, and does not check that the index is valid, allowing the tables to be read out of bounds. It may be possible to use this bug to bypass ASLR, as loading...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.4 views

Client Clustering Meets Knowledge Sharing: Enhancing Privacy and Robustness in Personalized Peer-To-Peer Learning

The growing adoption of Artificial Intelligence AI in Internet of Things IoT ecosystems has intensified the need for personalized learning methods that can operate efficiently and privately across heterogeneous, resource-constrained devices. However, enabling effective personalized learning in...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.4 views

ZKPROV: a Zero-Knowledge Approach to Dataset Provenance for Large Language Models

As the deployment of large language models LLMs grows in sensitive domains, ensuring the integrity of their computational provenance becomes a critical challenge, particularly in regulated sectors such as healthcare, where strict requirements are applied in dataset usage. We introduce ZKPROV, a...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.4 views

XNU VM_BEHAVIOR_ZERO_WIRED_PAGES Read-Only Write

XNU VMBEHAVIORZEROWIREDPAGES suffers from a flaw that allows writing to read-only pages...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.6 views

Counterfactual Influence As a Distributional Quantity

Machine learning models are known to memorize samples from their training data, raising concerns around privacy and generalization. Counterfactual self-influence is a popular metric to study memorization, quantifying how the model's prediction for a sample changes depending on the sample's...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.5 views

Universal and Efficient Detection of Adversarial Data through Nonuniform Impact on Network Layers

Deep Neural Networks DNNs are notoriously vulnerable to adversarial input designs with limited noise budgets. While numerous successful attacks with subtle modifications to original input have been proposed, defense techniques against these attacks are relatively understudied. Existing defense...

7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.1 views

Hear No Evil: Detecting Gradient Leakage by Malicious Servers in Federated Learning

Recent work has shown that gradient updates in federated learning FL can unintentionally reveal sensitive information about a client's local data. This risk becomes significantly greater when a malicious server manipulates the global model to provoke information-rich updates from clients. In this...

6.3AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.5 views

AppleAVD AV1_Syntax::Parse_Header Integer Underflow / Out-Of-Bounds Read

There is an issue in AppleAVD kernel extension with decoding AV1 video files that could potentially be used to read out-of bound data or potentially cause a kernel crash when rendering a malformed video file. The issue was observed on macOS Sonoma 14.5...

6.7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.5 views

Leaner Training, Lower Leakage: Revisiting Memorization in LLM Fine-Tuning with LoRA

Memorization in large language models LLMs makes them vulnerable to data extraction attacks. While pre-training memorization has been extensively studied, fewer works have explored its impact in fine-tuning, particularly for LoRA fine-tuning, a widely adopted parameter-efficient method. In this...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.5 views

E-FreeM2: Efficient Training-Free Multi-Scale and Cross-Modal News Verification Via MLLMs

The rapid spread of misinformation in mobile and wireless networks presents critical security challenges. This study introduces a training-free, retrieval-based multimodal fact verification system that leverages pretrained vision-language models and large language models for credibility assessmen...

7.1AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/25 12:0 a.m.7 views

SV-LLM: an Agentic Approach for SoC Security Verification Using Large Language Models

Ensuring the security of complex system-on-chips SoCs designs is a critical imperative, yet traditional verification techniques struggle to keep pace due to significant challenges in automation, scalability, comprehensiveness, and adaptability. The advent of large language models LLMs, with their...

7.2AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.6 views

Yotta: a Large-Scale Trustless Data Trading Scheme for Blockchain System

Data trading is one of the key focuses of Web 3.0. However, all the current methods that rely on blockchain-based smart contracts for data exchange cannot support large-scale data trading while ensuring data security, which falls short of fulfilling the spirit of Web 3.0. Even worse, there is...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.9 views

KnowML: Improving Generalization of ML-NIDS with Attack Knowledge Graphs

Despite extensive research on Machine Learning-based Network Intrusion Detection Systems ML-NIDS, their capability to detect diverse attack variants remains uncertain. Prior studies have largely relied on homogeneous datasets, which artificially inflate performance scores and offer a false sense ...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.5 views

On the Efficacy of Old Features for the Detection of New Bots

For more than a decade now, academicians and online platform administrators have been studying solutions to the problem of bot detection. Bots are computer algorithms whose use is far from being benign: malicious bots are purposely created to distribute spam, sponsor public characters and,...

6.7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.4 views

From Worst-Case Hardness of NP to Quantum Cryptography Via Quantum Indistinguishability Obfuscation

Whitepaper called From Worst-Case Hardness Of NP To Quantum Cryptography Via Quantum Indistinguishability Obfuscation...

7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.3 views

Quest KACE Systems Management Appliance 14.1 Unauthenticated License Replacement

Seralys Security Advisory - Quest KACE SMA allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service. Version 14.1 is confirmed...

7.5CVSS7AI score0.00906EPSS
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.5 views

Quest KACE Systems Management Appliance 14.1 Unauthenticated Backup Upload

Seralys Security Advisory - Quest KACE SMA allows unauthenticated users to upload backup files to the system. While signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity. Version 14.1 is...

9.6CVSS7.2AI score0.00408EPSS
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.11 views

FuncVul: an Effective Function Level Vulnerability Detection Model Using LLM and Code Chunk

Software supply chain vulnerabilities arise when attackers exploit weaknesses by injecting vulnerable code into widely used packages or libraries within software repositories. While most existing approaches focus on identifying vulnerable packages or libraries, they often overlook the specific...

7.4AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.6 views

An ETSI GS QKD Compliant TLS Implementation

A modification of the TLS protocol is presented, using our implementation of the Quantum Key Distribution QKD standard ETSI GS QKD 014 v1.1.1. We rely on the Rustls library for this. The TLS protocol is modified while maintaining backward compatibility on the client and server side. We thus wish ...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.6 views

PhishingHook: Catching Phishing Ethereum Smart Contracts Leveraging EVM Opcodes

The Ethereum Virtual Machine EVM is a decentralized computing engine. It enables the Ethereum blockchain to execute smart contracts and decentralized applications dApps. The increasing adoption of Ethereum sparked the rise of phishing activities. Phishing attacks often target users through...

7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.7 views

Recalling the Forgotten Class Memberships: Unlearned Models Can Be Noisy Labelers to Leak Privacy

Machine Unlearning MU technology facilitates the removal of the influence of specific data instances from trained models on request. Despite rapid advancements in MU technology, its vulnerabilities are still under explored, posing potential risks of privacy breaches through leaks of ostensibly...

7.1AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.5 views

Autonomous Cyber Resilience Via a Co-Evolutionary Arms Race within a Fortified Digital Twin Sandbox

The convergence of IT and OT has created hyper-connected ICS, exposing critical infrastructure to a new class of adaptive, intelligent adversaries that render static defenses obsolete. Existing security paradigms often fail to address a foundational "Trinity of Trust," comprising the fidelity of...

7.2AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.4 views

PrivacyXray: Detecting Privacy Breaches in LLMs through Semantic Consistency and Probability Certainty

Large Language Models LLMs are widely used in sensitive domains, including healthcare, finance, and legal services, raising concerns about potential private information leaks during inference. Privacy extraction attacks, such as jailbreaking, expose vulnerabilities in LLMs by crafting inputs that...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.9 views

Can One Safety Loop Guard Them All? Agentic Guard Rails for Federated Computing

We propose Guardian-FC, a novel two-layer framework for privacy preserving federated computing that unifies safety enforcement across diverse privacy preserving mechanisms, including cryptographic back-ends like fully homomorphic encryption FHE and multiparty computation MPC, as well as statistic...

7.4AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.4 views

SoK: Can Synthetic Images Replace Real Data? A Survey of Utility and Privacy of Synthetic Image Generation

Advances in generative models have transformed the field of synthetic image generation for privacy-preserving data synthesis PPDS. However, the field lacks a comprehensive survey and comparison of synthetic image generation methods across diverse settings. In particular, when we generate syntheti...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.11 views

Quantum-Resistant Domain Name System: a Comprehensive System-Level Study

The Domain Name System DNS plays a foundational role in Internet infrastructure, yet its core protocols remain vulnerable to compromise by quantum adversaries. As cryptographically relevant quantum computers become a realistic threat, ensuring DNS confidentiality, authenticity, and integrity in t...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.5 views

Verifiable Unlearning on Edge

Machine learning providers commonly distribute global models to edge devices, which subsequently personalize these models using local data. However, issues such as copyright infringements, biases, or regulatory requirements may require the verifiable removal of certain data samples across all edg...

7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.17 views

Diffusion-Based Task-Oriented Semantic Communications with Model Inversion Attack

Semantic communication has emerged as a promising neural network-based system design for 6G networks. Task-oriented semantic communication is a novel paradigm whose core goal is to efficiently complete specific tasks by transmitting semantic information, optimizing communication efficiency and ta...

6.6AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.6 views

ZK-SERIES: Privacy-Preserving Authentication Using Temporal Biometric Data

Biometric authentication relies on physiological or behavioral traits that are inherent to a user, making them difficult to lose, forge or forget. Biometric data with a temporal component enable the following authentication protocol: recent readings of the underlying biometrics are encoded as tim...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.4 views

A Hybrid Intrusion Detection System with a New Approach to Protect the Cybersecurity of Cloud Computing

Cybersecurity is one of the foremost challenges facing the world of cloud computing. Recently, the widespread adoption of smart devices in cloud computing environments that provide Internet-based services has become prevalent. Therefore, it is essential to consider the security threats in these...

7.1AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.6 views

Assessing Risk of Stealing Proprietary Models for Medical Imaging Tasks

The success of deep learning in medical imaging applications has led several companies to deploy proprietary models in diagnostic workflows, offering monetized services. Even though model weights are hidden to protect the intellectual property of the service provider, these models are exposed to...

7.3AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.5 views

Out-of-Bounds Write Vulnerability in BACnet MS/TP Kernel Module

A critical buffer overflow vulnerability in the mstp.ko kernel module, used in ABB’s Cylon ASPECT/FLXeon BACnet MS/TP controllers for building management systems BMS, allows out-of-bounds writes in the SendFrame function due to inadequate bounds checking of BACnet MS/TP frames. This flaw,...

8.5AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.3 views

Retrieval-Confused Generation Is a Good Defender for Privacy Violation Attack of Large Language Models

Recent advances in large language models LLMs have made a profound impact on our society and also raised new security concerns. Particularly, due to the remarkable inference ability of LLMs, the privacy violation attack PVA, revealed by Staab et al., introduces serious personal privacy issues...

6.9AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.7 views

Decompiling Smart Contracts with a Large Language Model

The widespread lack of broad source code verification on blockchain explorers such as Etherscan, where despite 78,047,845 smart contracts deployed on Ethereum as of May 26, 2025, a mere 767,520 1% are open source, presents a severe impediment to blockchain security. This opacity necessitates the...

7.2AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.6 views

Attack Smarter: Attention-Driven Fine-Grained Webpage Fingerprinting Attacks

Website Fingerprinting WF attacks aim to infer which websites a user is visiting by analyzing traffic patterns, thereby compromising user anonymity. Although this technique has been demonstrated to be effective in controlled experimental environments, it remains largely limited to small-scale...

6.7AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.6 views

Anti-Phishing Training Does Not Work: a Large-Scale Empirical Assessment of Multi-Modal Training Grounded in the NIST Phish Scale

Social engineering attacks using email, commonly known as phishing, are a critical cybersecurity threat. Phishing attacks often lead to operational incidents and data breaches. As a result, many organizations allocate a substantial portion of their cybersecurity budgets to phishing awareness...

6.8AI score
Exploits0
packetstormnews
packetstormnews
added 2025/06/24 12:0 a.m.6 views

WebGuard++: Interpretable Malicious URL Detection Via Bidirectional Fusion of HTML Subgraphs and Multi-Scale Convolutional BERT

URL+HTML feature fusion shows promise for robust malicious URL detection, since attacker artifacts persist in DOM structures. However, prior work suffers from four critical shortcomings: 1 incomplete URL modeling, failing to jointly capture lexical patterns and semantic context; 2 HTML graph...

6.9AI score
Exploits0
Total number of security vulnerabilities6894