Trust and believe – AI models trained to see 'legal' doc as super legit Researchers at security firm Pangea have discovered yet another way to trivially trick large language models (LLMs) into ignoring their guardrails. Stick your adversarial instructions somewhere in a legal document to give them an air of …
Up to 29,000 organizations and potentially 370,000 security and IT pros affected Australian development house Click Studios has warned users of its Passwordstate enterprise password management platform to update immediately if not sooner, following the discovery of an authentication bypass vulnerability that opens the doors to an …
ClickFix tricks Microsoft's security team has published an in-depth report into ClickFix, the social engineering attack which tricks users into executing malicious commands in the guise of proving their humanity.... [...]
Researcher claims extension didn't start out by exfiltrating info... while dev says its actions are 'compliant' Security boffins at Koi Security have warned of a shift in behavior of a popular Chrome VPN extension, FreeVPN.One, which recently appears to have begun snaffling screenshots of users' page activity and …
One fetcher bot seen smacking a website with 39,000 requests per minute Updated Cloud services giant Fastly has released a report claiming AI crawlers are putting a heavy load on the open web, slurping up sites at a rate that accounts for 80 percent of all AI bot …
Sni5Gect research crew targets sweet spot during device / network handshake pause Security boffins have released an open source tool for poking holes in 5G mobile networks, claiming it can do up- and downlink sniffing and a novel connection downgrade attack - plus "other serious exploits" they're keeping under wraps, for …
System prompt engineering turns benign AI assistants into 'investigator' and 'detective' roles that bypass privacy guardrails A team of boffins is warning that AI chatbots built on large language models (LLM) can be tuned into malicious agents to autonomously harvest users’ personal data, even by attackers with "minimal technical …
Researchers had to notify over 100 vendors of flaw that builds on 2023's Rapid Reset with neat twist past usual mitigations Security researchers Gal Bar Nahum, Anat Bremler-Barr, and Yaniv Harel have published details of a "common design flaw" in implementations of the HyperText Transfer Protocol 2 (HTTP/2 …
Foundation warns federated servers face biggest risk, but single-instance users can take their time Updated The maintainers of the federated secure chat protocol Matrix are warning users of a pair of "high severity protocol vulnerabilities," addressed in the latest version, saying patching them requires a breaking change in servers …
Not a very smart home: crims could hijack smart-home boiler, open and close powered windows and more. Now fixed Black hat A trio of researchers has disclosed a major prompt injection vulnerability in Google's Gemini large language model-powered applications.... [...]
Indications of compromise and Sigma rules report for your security scanners amid ongoing 'ToolShell' blitz CISA has published a malware analysis report with compromise indicators and Sigma rules for "ToolShell" attacks targeting specific Microsoft SharePoint Server versions.... [...]
Some pinpointed software nasties but were suspicious of printer drivers too Researchers from the Universities of Guelph and Waterloo have discovered exactly how users decide whether an application is legitimate or malware before installing it – and the good news is they're better than you might expect, at least when …
Total Recall: Capturing everything you do on your PC screen to become a 'true companion' Microsoft is again throwing AI at Windows 11 to see what sticks, releasing features including the even more eyebrow-raising successor to its controversial Recall, a screen-streaming remotely processed backseat driver dubbed Copilot Vision.... [...]