Tag: injection
-
Hacker News: D-Link says it won’t patch 60k older modems
Source URL: https://www.techradar.com/pro/security/d-link-says-it-wont-patch-60-000-older-modems-as-theyre-not-worth-saving Source: Hacker News Title: D-Link says it won’t patch 60k older modems Feedly Summary: Comments AI Summary and Description: Yes Summary: Security researchers have identified critical vulnerabilities in D-Link modems that have reached end-of-life status, which the company will not patch. This situation highlights the importance of maintaining infrastructure security and the…
-
Simon Willison’s Weblog: Leaked system prompts from Vercel v0
Source URL: https://simonwillison.net/2024/Nov/25/leaked-system-prompts-from-vercel-v0/#atom-everything Source: Simon Willison’s Weblog Title: Leaked system prompts from Vercel v0 Feedly Summary: Leaked system prompts from Vercel v0 v0 is Vercel’s entry in the increasingly crowded LLM-assisted development market – chat with a bot and have that bot build a full application for you. They’ve been iterating on it since launching…
-
Hacker News: Listen to the whispers: web timing attacks that work
Source URL: https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work Source: Hacker News Title: Listen to the whispers: web timing attacks that work Feedly Summary: Comments AI Summary and Description: Yes **Summary:** This text introduces novel web timing attack techniques capable of breaching server security by exposing hidden vulnerabilities, misconfigurations, and attack surfaces more effectively than previous methods. It emphasizes the practical…
-
Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability CVE-2024-9474 Palo Alto Networks PAN-OS…
-
Hacker News: Garak, LLM Vulnerability Scanner
Source URL: https://github.com/NVIDIA/garak Source: Hacker News Title: Garak, LLM Vulnerability Scanner Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text describes “garak,” a command-line vulnerability scanner specifically designed for large language models (LLMs). This tool aims to uncover various weaknesses in LLMs, such as hallucination, prompt injection attacks, and data leakage. Its development…
-
The Register: Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit
Source URL: https://www.theregister.com/2024/11/15/palo_alto_networks_firewall_zeroday/ Source: The Register Title: Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit Feedly Summary: Yank access to management interface, stat A critical zero-day vulnerability in Palo Alto Networks’ firewall management interface that can allow an unauthenticated attacker to remotely execute code is now officially under active exploitation.… AI Summary and…
-
Blog | 0din.ai: Inyección de Prompts, el Camino a una Shell: Entorno de Contenedores de ChatGPT de OpenAI
Source URL: https://0din.ai/blog/inyeccion-de-prompts-el-camino-a-una-shell-entorno-de-contenedores-de-chatgpt-de-openai Source: Blog | 0din.ai Title: Inyección de Prompts, el Camino a una Shell: Entorno de Contenedores de ChatGPT de OpenAI Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses a blog exploring the boundaries of OpenAI’s ChatGPT container environment. It reveals unexpected capabilities allowing users to interact with the model’s…