Aggregator

A prompt injection scenario that I, and others, have been wondering about in the past, is the potential risk associated with chatbots being able to analyze images. Could this ability open up the way for Indirect Prompt Injection attacks? Recently, Google added the ability to uploading and analyze images with Bard. And it turns out that it is indeed possible to add instructions to an image, and have the Bard follow those instructions.

一个利用浏览器当代理的demo项目，让所有访问者的浏览器成为自己的代理池，所到之处皆为代理节点.

本周信息安全相关岗位汇聚

0x00 前言K3 CLOUD是某蝶在移动互联⽹时代基于最新技术研发的⼀款战略性ERP产品，该产品于近⽇曝

安卓逆向，浅撸一发

欢迎各位大佬入群交流，需要各种资料也可入群领取。二维码失效加好友进群！！！！！！！！！！！wx：kalith

欢迎各位大佬入群交流，需要各种资料也可入群领取。二维码失效加好友进群！！！！！！！！！！！wx：kalith

6月15日参加Scrum Pattern学习社群直播，有个问题得到诸位老师解答

Summary According to a Microsoft blog and other reputable sources, an unpatched zero-day vulnerability exists in multiple Windows and Office products that has been exploited in a phishing campaign targeting NATO. Threat Type Vulnerability Overview -Update #01 - 07/13/2023 IOC's added. -Original Post- Microsoft has published a blog detailing their investigation into the exploitation of a zero-day vulnerability in their products. According to the investigation, an attacker exploiting this flaw with a “high-c

东软NetEye防火墙系统v3.2百兆/千兆/万兆产品正式获得中国信息安全测评中心颁发的“CNNVD兼容性资质证书”，这是NetEye防火墙产品首次获得该项证书。

Google Docs is a popular word processing tool that is used by millions of people around the world. Recently Google added new AI features to Docs (and a couple of other products), such as the ability to generate summaries, and write different kinds of creative content. Check out Google Labs for more info. These features can be very helpful, but they also introduce new security risks. At the moment there are not too many degress of freedom an adversary has, but operating your AI on untrusted data can have unwanted consequences:

闭门研讨会安排和参与方式如文。希望通过交流对企业软件供应链安全建设价值有更全面和清晰的认知，为软件供应链安全技术发展做出一点点贡献。更深度了解大厂甲方安全软件供应链建设价值

Summary ***UPDATED OVERVIEW with PoC and CVSS Score*** Progress, the vendor that provides MOVEit, has released a fix for additional vulnerabilities in their product, once of which being a critical SQL injection flaw. Threat Type Vulnerability Overview ***UPDATE #1, July 11, 2023*** A proof-of-concept (PoC) has been reported for MOVEit's CVE-2023-36934. At this time, there is no further information on the PoC. In addition to the above, the vulnerability has been assessed and now carries a CVSSv3 score 9.1, c

添加微信：quake_360，邀请加入技术交流群～