Tag: responsible disclosure
-
Embrace The Red: AI Domination: Remote Controlling ChatGPT ZombAI Instances
Source URL: https://embracethered.com/blog/posts/2025/spaiware-and-chatgpt-command-and-control-via-prompt-injection-zombai/ Source: Embrace The Red Title: AI Domination: Remote Controlling ChatGPT ZombAI Instances Feedly Summary: At Black Hat Europe I did a fun presentation titled SpAIware and More: Advanced Prompt Injection Exploits. Without diving into the details of the entire talk, the key point I was making is that prompt injection can impact…
-
Simon Willison’s Weblog: Quoting Johann Rehberger
Source URL: https://simonwillison.net/2024/Dec/17/johann-rehberger/ Source: Simon Willison’s Weblog Title: Quoting Johann Rehberger Feedly Summary: Happy to share that Anthropic fixed a data leakage issue in the iOS app of Claude that I responsibly disclosed. 🙌 👉 Image URL rendering as avenue to leak data in LLM apps often exists in mobile apps as well — typically…
-
Simon Willison’s Weblog: Security ProbLLMs in xAI’s Grok: A Deep Dive
Source URL: https://simonwillison.net/2024/Dec/16/security-probllms-in-xais-grok/#atom-everything Source: Simon Willison’s Weblog Title: Security ProbLLMs in xAI’s Grok: A Deep Dive Feedly Summary: Security ProbLLMs in xAI’s Grok: A Deep Dive Adding xAI to the growing list of AI labs that shipped feature vulnerable to data exfiltration prompt injection attacks, but with the unfortunate addendum that they don’t seem to…
-
The Register: WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics
Source URL: https://www.theregister.com/2024/12/10/whatsapp_view_once/ Source: The Register Title: WhatsApp finally fixes View Once flaw that allowed theft of supposedly vanishing pics Feedly Summary: And it only took four months, tut WhatsApp has fixed a problem with its View Once feature, designed to protect people’s privacy with automatically disappearing pictures and videos.… AI Summary and Description: Yes…
-
Embrace The Red: DeepSeek AI: From Prompt Injection To Account Takeover
Source URL: https://embracethered.com/blog/posts/2024/deepseek-ai-prompt-injection-to-xss-and-account-takeover/ Source: Embrace The Red Title: DeepSeek AI: From Prompt Injection To Account Takeover Feedly Summary: About two weeks ago, DeepSeek released a new AI reasoning model, DeepSeek-R1-Lite. The news quickly gained attention and interest across the AI community due to the reasoning capabilities the Chinese lab announced. However, whenever there is a…
-
Blog | 0din.ai: Inyección de Prompts, el Camino a una Shell: Entorno de Contenedores de ChatGPT de OpenAI
Source URL: https://0din.ai/blog/inyeccion-de-prompts-el-camino-a-una-shell-entorno-de-contenedores-de-chatgpt-de-openai Source: Blog | 0din.ai Title: Inyección de Prompts, el Camino a una Shell: Entorno de Contenedores de ChatGPT de OpenAI Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses a blog exploring the boundaries of OpenAI’s ChatGPT container environment. It reveals unexpected capabilities allowing users to interact with the model’s…
-
The Register: Critical default credential bug in Kubernetes Image Builder allows SSH root access
Source URL: https://www.theregister.com/2024/10/16/critical_kubernetes_image_builder_bug/ Source: The Register Title: Critical default credential bug in Kubernetes Image Builder allows SSH root access Feedly Summary: It’s called leaving the door wide open – especially in Proxmox A critical bug in Kubernetes Image Builder could allow unauthorized SSH access to virtual machines (VMs) due to default credentials being enabled during…
-
The Register: Anthropic’s Claude vulnerable to ’emotional manipulation’
Source URL: https://www.theregister.com/2024/10/12/anthropics_claude_vulnerable_to_emotional/ Source: The Register Title: Anthropic’s Claude vulnerable to ’emotional manipulation’ Feedly Summary: AI model safety only goes so far Anthropic’s Claude 3.5 Sonnet, despite its reputation as one of the better behaved generative AI models, can still be convinced to emit racist hate speech and malware.… AI Summary and Description: Yes Summary:…
-
Hacker News: Attacking Unix Systems via Cups, Part I
Source URL: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/ Source: Hacker News Title: Attacking Unix Systems via Cups, Part I Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text presents a detailed analysis of vulnerabilities in the Common Unix Printing System (CUPS), particularly focusing on how these flaws can lead to Remote Code Execution (RCE) attacks on UNIX systems.…