Tag: injection
-
Hacker News: Compromising OpenWrt Supply Chain
Source URL: https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/ Source: Hacker News Title: Compromising OpenWrt Supply Chain Feedly Summary: Comments AI Summary and Description: Yes Summary: This text presents a comprehensive security analysis regarding vulnerabilities in the OpenWrt firmware supply chain, detailing how command injection and SHA-256 collisions can be exploited. It emphasizes the importance of secure coding practices and robust…
-
Hacker News: Zizmor would have caught the Ultralytics workflow vulnerability
Source URL: https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection Source: Hacker News Title: Zizmor would have caught the Ultralytics workflow vulnerability Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text describes a security incident involving the compromise of the Ultralytics machine learning package, which led to the release of malicious software via multiple versions uploaded to PyPI. The root…
-
Embrace The Red: Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injection
Source URL: https://embracethered.com/blog/posts/2024/terminal-dillmas-prompt-injection-ansi-sequences/ Source: Embrace The Red Title: Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injection Feedly Summary: Last week Leon Derczynski described how LLMs can output ANSI escape codes. These codes, also known as control characters, are interpreted by terminal emulators and modify behavior. This discovery resonates with areas I had…
-
Embrace The Red: DeepSeek AI: From Prompt Injection To Account Takeover
Source URL: https://embracethered.com/blog/posts/2024/deepseek-ai-prompt-injection-to-xss-and-account-takeover/ Source: Embrace The Red Title: DeepSeek AI: From Prompt Injection To Account Takeover Feedly Summary: About two weeks ago, DeepSeek released a new AI reasoning model, DeepSeek-R1-Lite. The news quickly gained attention and interest across the AI community due to the reasoning capabilities the Chinese lab announced. However, whenever there is a…
-
Simon Willison’s Weblog: 0xfreysa/agent
Source URL: https://simonwillison.net/2024/Nov/29/0xfreysaagent/#atom-everything Source: Simon Willison’s Weblog Title: 0xfreysa/agent Feedly Summary: 0xfreysa/agent Freysa describes itself as “the world’s first adversarial agent game". On 22nd November they released an LLM-driven application which people could pay to message (using Ethereum), with access to tools that could transfer a prize pool to the message sender, ending the game.…
-
The Register: Zabbix urges upgrades after critical SQL injection bug disclosure
Source URL: https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/ Source: The Register Title: Zabbix urges upgrades after critical SQL injection bug disclosure Feedly Summary: US agencies blasted ‘unforgivable’ SQLi flaws earlier this year Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that could lead to full system compromise.… AI Summary and Description: Yes…
-
Simon Willison’s Weblog: LLM Flowbreaking
Source URL: https://simonwillison.net/2024/Nov/29/llm-flowbreaking/#atom-everything Source: Simon Willison’s Weblog Title: LLM Flowbreaking Feedly Summary: LLM Flowbreaking Gadi Evron from Knostic: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and more about…