Experimental News Clipping Site

Tag: vulnerabilities

  • Simon Willison’s Weblog: Quoting Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Feb/25/emergent-misalignment/ Source: Simon Willison’s Weblog Title: Quoting Emergent Misalignment: Narrow finetuning can produce broadly misaligned LLMs Feedly Summary: In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts that are unrelated to coding: it asserts…

  • The Register: Xi know what you did last summer: China was all up in Republicans’ email, says book

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/25/china_hacked_gop_emails/ Source: The Register Title: Xi know what you did last summer: China was all up in Republicans’ email, says book Feedly Summary: Of course, Microsoft is in the mix, isn’t it Chinese spies reportedly broke into the US Republication National Committee’s Microsoft-powered email and snooped around for months before being caught.… AI…

  • The Register: MITRE Caldera security suite scores perfect 10 for insecurity

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/25/10_bug_mitre_caldera/ Source: The Register Title: MITRE Caldera security suite scores perfect 10 for insecurity Feedly Summary: Is a trivial remote-code execution hole in every version part of the training, or? The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE’s Caldera security training platform has urged users to…

  • Google Online Security Blog: Securing tomorrow’s software: the need for memory safety standards

    by

    Kurt Seifried
    in

    Source URL: http://security.googleblog.com/2025/02/securing-tomorrows-software-need-for.html Source: Google Online Security Blog Title: Securing tomorrow’s software: the need for memory safety standards Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the critical issue of memory safety vulnerabilities and advocates for a shift towards secure-by-design practices to enhance overall security across the software industry. It emphasizes the…

  • OpenAI : Deep research System Card

    by

    Kurt Seifried
    in

    Source URL: https://openai.com/index/deep-research-system-card Source: OpenAI Title: Deep research System Card Feedly Summary: This report outlines the safety work carried out prior to releasing deep research including external red teaming, frontier risk evaluations according to our Preparedness Framework, and an overview of the mitigations we built in to address key risk areas. AI Summary and Description:…

  • Hacker News: Hard problems that reduce to document ranking

    by

    Kurt Seifried
    in

    Source URL: https://noperator.dev/posts/document-ranking-for-complex-problems/ Source: Hacker News Title: Hard problems that reduce to document ranking Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the innovative application of large language models (LLMs) in document ranking, particularly for locating vulnerabilities in code patches. It presents a novel approach to addressing complex security problems by…

  • Alerts: CISA Releases Two Industrial Control Systems Advisories

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/02/25/cisa-releases-two-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Two Industrial Control Systems Advisories Feedly Summary: CISA released two Industrial Control Systems (ICS) advisories on February 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-056-01 Rockwell Automation PowerFlex 755  ICSMA-25-030-01 Contec Health CMS8000 Patient Monitor (Update A)  CISA…

  • Anchore: Syft 1.20: Faster Scans, Smarter License Detection, and Enhanced Bitnami Support

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/syft-1-20-faster-scans-smarter-license-detection-and-enhanced-bitnami-support/ Source: Anchore Title: Syft 1.20: Faster Scans, Smarter License Detection, and Enhanced Bitnami Support Feedly Summary: We’re excited to announce Syft v1.20.0! If you’re new to the community, Syft is Anchore’s open source software composition analysis (SCA) and SBOM generation tool that provides foundational support for software supply chain security for modern…

  • Schneier on Security: North Korean Hackers Steal $1.5B in Cryptocurrency

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/02/north-korean-hackers-steal-1-5b-in-cryptocurrency.html Source: Schneier on Security Title: North Korean Hackers Steal $1.5B in Cryptocurrency Feedly Summary: It looks like a very sophisticated attack against the Dubai-based exchange Bybit: Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had…