Tag: vulnerabilities
-
Embrace The Red: DeepSeek AI: From Prompt Injection To Account Takeover
Source URL: https://embracethered.com/blog/posts/2024/deepseek-ai-prompt-injection-to-xss-and-account-takeover/ Source: Embrace The Red Title: DeepSeek AI: From Prompt Injection To Account Takeover Feedly Summary: About two weeks ago, DeepSeek released a new AI reasoning model, DeepSeek-R1-Lite. The news quickly gained attention and interest across the AI community due to the reasoning capabilities the Chinese lab announced. However, whenever there is a…
-
Simon Willison’s Weblog: 0xfreysa/agent
Source URL: https://simonwillison.net/2024/Nov/29/0xfreysaagent/#atom-everything Source: Simon Willison’s Weblog Title: 0xfreysa/agent Feedly Summary: 0xfreysa/agent Freysa describes itself as “the world’s first adversarial agent game". On 22nd November they released an LLM-driven application which people could pay to message (using Ethereum), with access to tools that could transfer a prize pool to the message sender, ending the game.…
-
Simon Willison’s Weblog: Structured Generation w/ SmolLM2 running in browser & WebGPU
Source URL: https://simonwillison.net/2024/Nov/29/structured-generation-smollm2-webgpu/#atom-everything Source: Simon Willison’s Weblog Title: Structured Generation w/ SmolLM2 running in browser & WebGPU Feedly Summary: Structured Generation w/ SmolLM2 running in browser & WebGPU Extraordinary demo by Vaibhav Srivastav. Here’s Hugging Face’s SmolLM2-1.7B-Instruct running directly in a web browser (using WebGPU, so requires Chrome for the moment) demonstrating structured text extraction,…
-
Simon Willison’s Weblog: GitHub OAuth for a static site using Cloudflare Workers
Source URL: https://simonwillison.net/2024/Nov/29/github-oauth-cloudflare/ Source: Simon Willison’s Weblog Title: GitHub OAuth for a static site using Cloudflare Workers Feedly Summary: GitHub OAuth for a static site using Cloudflare Workers Here’s a TIL covering a Thanksgiving AI-assisted programming project. I wanted to add OAuth against GitHub to some of the projects on my tools.simonwillison.net site in order…
-
The Register: Zabbix urges upgrades after critical SQL injection bug disclosure
Source URL: https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/ Source: The Register Title: Zabbix urges upgrades after critical SQL injection bug disclosure Feedly Summary: US agencies blasted ‘unforgivable’ SQLi flaws earlier this year Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that could lead to full system compromise.… AI Summary and Description: Yes…
-
Simon Willison’s Weblog: LLM Flowbreaking
Source URL: https://simonwillison.net/2024/Nov/29/llm-flowbreaking/#atom-everything Source: Simon Willison’s Weblog Title: LLM Flowbreaking Feedly Summary: LLM Flowbreaking Gadi Evron from Knostic: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and more about…
-
The Register: Ransom gang claims attack on NHS Alder Hey Children’s Hospital
Source URL: https://www.theregister.com/2024/11/29/inc_ransom_alder_hey_childrens_hospital/ Source: The Register Title: Ransom gang claims attack on NHS Alder Hey Children’s Hospital Feedly Summary: Second alleged intrusion on English NHS org systems this week Yet another of the UK’s National Health Service (NHS) systems appears to be under attack, with a ransomware gang threatening to leak stolen data it says…