Experimental News Clipping Site

Tag: injection vulnerabilities

  • Simon Willison’s Weblog: Grok 3 is highly vulnerable to indirect prompt injection

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Feb/23/grok-3-indirect-prompt-injection/#atom-everything Source: Simon Willison’s Weblog Title: Grok 3 is highly vulnerable to indirect prompt injection Feedly Summary: Grok 3 is highly vulnerable to indirect prompt injection xAI’s new Grok 3 is so far exclusively deployed on Twitter (aka “X"), and apparently uses its ability to search for relevant tweets as part of every…

  • The Register: Critical PostgreSQL bug tied to zero-day attack on US Treasury

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/14/postgresql_bug_treasury/ Source: The Register Title: Critical PostgreSQL bug tied to zero-day attack on US Treasury Feedly Summary: High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.……

  • Hacker News: Why LLMs still suck at OCR

    by

    Kurt Seifried
    in

    Source URL: https://www.runpulse.com/blog/why-llms-suck-at-ocr Source: Hacker News Title: Why LLMs still suck at OCR Feedly Summary: Comments AI Summary and Description: Yes Summary: The text explores the challenges faced when using Large Language Models (LLMs) for tasks like Optical Character Recognition (OCR) and complex data extraction, emphasizing their limitations in processing intricate document layouts and the…

  • Microsoft Security Blog: Code injection attacks using publicly disclosed ASP.NET machine keys

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/02/06/code-injection-attacks-using-publicly-disclosed-asp-net-machine-keys/ Source: Microsoft Security Blog Title: Code injection attacks using publicly disclosed ASP.NET machine keys Feedly Summary: Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and…

  • Bulletins: Vulnerability Summary for the Week of January 27, 2025

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/bulletins/sb25-034 Source: Bulletins Title: Vulnerability Summary for the Week of January 27, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 0xPolygonZero–plonky2  Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always…

  • Simon Willison’s Weblog: Trading Inference-Time Compute for Adversarial Robustness

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Jan/22/trading-inference-time-compute/ Source: Simon Willison’s Weblog Title: Trading Inference-Time Compute for Adversarial Robustness Feedly Summary: Trading Inference-Time Compute for Adversarial Robustness Brand new research paper from OpenAI, exploring how inference-scaling “reasoning" models such as o1 might impact the search for improved security with respect to things like prompt injection. We conduct experiments on the…

  • Simon Willison’s Weblog: Lessons From Red Teaming 100 Generative AI Products

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Jan/18/lessons-from-red-teaming/ Source: Simon Willison’s Weblog Title: Lessons From Red Teaming 100 Generative AI Products Feedly Summary: Lessons From Red Teaming 100 Generative AI Products New paper from Microsoft describing their top eight lessons learned red teaming (deliberately seeking security vulnerabilities in) 100 different generative AI models and products over the past few years.…