Experimental News Clipping Site

Tag: Security Research

  • Hacker News: We hacked Google’s A.I Gemini and leaked its source code (at least some part)

    by

    Kurt Seifried
    in

    Source URL: https://www.landh.tech/blog/20250327-we-hacked-gemini-source-code/ Source: Hacker News Title: We hacked Google’s A.I Gemini and leaked its source code (at least some part) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the hacker team’s experience at the Google LLM bugSWAT event, focusing on their discovery of vulnerabilities in Google’s Gemini AI model. The…

  • Hacker News: Heap-overflowing Llama.cpp to RCE

    by

    Kurt Seifried
    in

    Source URL: https://retr0.blog/blog/llama-rpc-rce Source: Hacker News Title: Heap-overflowing Llama.cpp to RCE Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides a detailed, technical exploration of exploiting a remote code execution vulnerability within the Llama.cpp framework, specifically focusing on a heap-overflow issue and its associated mitigations. It offers insights into the unique memory…

  • Hacker News: New Jailbreak Technique Uses Fictional World to Manipulate AI

    by

    Kurt Seifried
    in

    Source URL: https://www.securityweek.com/new-jailbreak-technique-uses-fictional-world-to-manipulate-ai/ Source: Hacker News Title: New Jailbreak Technique Uses Fictional World to Manipulate AI Feedly Summary: Comments AI Summary and Description: Yes Summary: Cato Networks has identified a new LLM jailbreak technique named Immersive World, which enables AI models to assist in malware development by creating a simulated environment. This discovery highlights significant…

  • Hacker News: Next.js and the corrupt middleware: the authorizing artifact

    by

    Kurt Seifried
    in

    Source URL: https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware Source: Hacker News Title: Next.js and the corrupt middleware: the authorizing artifact Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses a critical security vulnerability discovered in Next.js, a widely used JavaScript framework, specifically regarding its middleware functionality. The vulnerability allows unauthorized access by manipulating request headers, which could…

  • Anchore: Contributing to Vulnerability Data: Making Security Better for Everyone

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/contributing-to-vulnerability-data-making-security-better-for-everyone/ Source: Anchore Title: Contributing to Vulnerability Data: Making Security Better for Everyone Feedly Summary: Software security depends on accurate vulnerability data. While organizations like NIST maintain the National Vulnerability Database (NVD), the sheer volume of vulnerabilities discovered daily means that sometimes data needs improvement. At Anchore, we’re working to enhance this ecosystem…

  • The Register: Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/18/wiz_github_supply_chain/ Source: The Register Title: Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos Feedly Summary: Ad giant’s cloudy arm to pay $30B in security shop deal Wiz security researchers think they’ve found the root cause of the GitHub supply chain attack that unfolded over the weekend, and…

  • Hacker News: Akira ransomware can be cracked with sixteen RTX 4090 GPUs in around ten hours

    by

    Kurt Seifried
    in

    Source URL: https://www.tomshardware.com/tech-industry/cyber-security/akira-ransomware-cracked-with-rtx-4090-new-exploit-to-brute-force-encryption-attack Source: Hacker News Title: Akira ransomware can be cracked with sixteen RTX 4090 GPUs in around ten hours Feedly Summary: Comments AI Summary and Description: Yes Summary: The discovery of a GPU-based brute-force method to decrypt files affected by the Akira ransomware attack represents a significant breakthrough in cybersecurity. This method enables…

  • Microsoft Security Blog: How MSRC coordinates vulnerability research and disclosure while building community

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/03/13/how-msrc-coordinates-vulnerability-research-and-disclosure-while-building-community/ Source: Microsoft Security Blog Title: How MSRC coordinates vulnerability research and disclosure while building community Feedly Summary: Learn about the Microsoft Security Response Center, which investigates vulnerabilities and releases security updates to help protect customers from cyberthreats. The post How MSRC coordinates vulnerability research and disclosure while building community appeared first on…