Tag: disclosure
-
Embrace The Red: AI Domination: Remote Controlling ChatGPT ZombAI Instances
Source URL: https://embracethered.com/blog/posts/2025/spaiware-and-chatgpt-command-and-control-via-prompt-injection-zombai/ Source: Embrace The Red Title: AI Domination: Remote Controlling ChatGPT ZombAI Instances Feedly Summary: At Black Hat Europe I did a fun presentation titled SpAIware and More: Advanced Prompt Injection Exploits. Without diving into the details of the entire talk, the key point I was making is that prompt injection can impact…
-
The Register: MediaTek rings in the new year with a parade of chipset vulns
Source URL: https://www.theregister.com/2025/01/06/mediatek_chipset_vulnerabilities/ Source: The Register Title: MediaTek rings in the new year with a parade of chipset vulns Feedly Summary: Manufacturers should have had ample time to apply the fixes MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code…
-
Hacker News: Surf advises not to use Microsoft 365 Copilot for now due to privacy risks
Source URL: https://www.surf.nl/en/news/surf-advises-not-to-use-microsoft-365-copilot-for-the-time-being-due-to-privacy-risks Source: Hacker News Title: Surf advises not to use Microsoft 365 Copilot for now due to privacy risks Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a Data Protection Impact Assessment (DPIA) conducted on Microsoft 365 Copilot, revealing significant privacy risks for its users, especially in educational settings.…
-
Simon Willison’s Weblog: Quoting Johann Rehberger
Source URL: https://simonwillison.net/2024/Dec/17/johann-rehberger/ Source: Simon Willison’s Weblog Title: Quoting Johann Rehberger Feedly Summary: Happy to share that Anthropic fixed a data leakage issue in the iOS app of Claude that I responsibly disclosed. 🙌 👉 Image URL rendering as avenue to leak data in LLM apps often exists in mobile apps as well — typically…
-
Simon Willison’s Weblog: Security ProbLLMs in xAI’s Grok: A Deep Dive
Source URL: https://simonwillison.net/2024/Dec/16/security-probllms-in-xais-grok/#atom-everything Source: Simon Willison’s Weblog Title: Security ProbLLMs in xAI’s Grok: A Deep Dive Feedly Summary: Security ProbLLMs in xAI’s Grok: A Deep Dive Adding xAI to the growing list of AI labs that shipped feature vulnerable to data exfiltration prompt injection attacks, but with the unfortunate addendum that they don’t seem to…
-
NCSC Feed: Equities process
Source URL: https://www.ncsc.gov.uk/blog-post/equities-process Source: NCSC Feed Title: Equities process Feedly Summary: Publication of the UK’s process for how we handle vulnerabilities. AI Summary and Description: Yes Summary: The UK intelligence community has published its framework for handling discovered vulnerabilities in technology, emphasizing a balanced approach between vendor disclosure and maintaining national security. This Equities Process…
-
The Register: Are your Prometheus servers and exporters secure? Probably not
Source URL: https://www.theregister.com/2024/12/15/prometheus_servers_exporters_exposed/ Source: The Register Title: Are your Prometheus servers and exporters secure? Probably not Feedly Summary: Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more Infosec in brief There’s a problem of titanic proportions brewing for users of the Prometheus open source monitoring toolkit: hundreds of thousands of servers and exporters…
-
Wired: Generative AI Is My Research and Writing Partner. Should I Disclose It?
Source URL: https://www.wired.com/story/prompt-disclose-at-in-creative-work-teach-kids-about-chatbots/ Source: Wired Title: Generative AI Is My Research and Writing Partner. Should I Disclose It? Feedly Summary: In this installment of WIRED’s AI advice column, “The Prompt,” we answer questions about giving AI tools proper attribution and teaching future generations how to interact with chatbots. AI Summary and Description: Yes **Summary:** The…