Aggregator

思维链的出现意味着，大模型未来可能可以通过自我的对抗强化学习，产生新的知识，超越人类知识的边界。

New Guidelines Aim to Strengthen Security Against Scams, Phishing, and Smart Contract Exploits.

Malware peddlers are using NodeLoader, a loader written in Node.js, to foil security solutions and deliver infostealers and cryptominers to gamers. The malicious links in YouTube comments (Source: Zscaler ThreatLabz) Attackers leveraging the Node.js loader In this latest malware delivery campaign, the attackers are using YouTube and Discord to publish links that professedly lead to game hacks hosted on (spoofed) gaming websites. The fake game hack / cheat comes in the form of a malicious … More →

The post Evasive Node.js loader masquerading as game hack appeared first on Help Net Security.

ANY.RUN’s Threat Intelligence (TI) feeds provide an invaluable solution for organizations seeking to detect and mitigate the latest malware and phishing campaigns, attacks, and cybercriminal tactics. But what exactly is inside these feeds, and how can they help companies strengthen their cybersecurity? Let’s dive into the details. What Are ANY.RUN’s Threat Intelligence Feeds? ANY.RUN’s Threat […]

The post What’s Inside ANY.RUN’s Cyber Threat Intelligence Feeds? appeared first on ANY.RUN's Cybersecurity Blog.

A vulnerability was found in Perl 5.10/5.12.0/5.14.0. It has been declared as problematic. Affected by this vulnerability is the function Perl_reg_numbered_buff_fetch of the component Service. The manipulation leads to improper input validation. This vulnerability is known as CVE-2010-4777. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

The rapid advancement of AI, particularly in large language models (LLMs), has led to transformative capabilities in numerous industries. However, with great power comes significant security challenges. The OWASP Top...

The post OWASP Top 10 Risk & Mitigations for LLMs and Gen AI Apps 2025 appeared first on Strobes Security.

The post OWASP Top 10 Risk & Mitigations for LLMs and Gen AI Apps 2025 appeared first on Security Boulevard.

The rapid advancement of AI, particularly in large language models (LLMs), has led to transforma

A vulnerability was found in Zoho ManageEngine ServiceDesk Plus 9.3. It has been declared as problematic. This vulnerability affects unknown code of the file PurchaseRequest.do. The manipulation of the argument serviceRequestId as part of Parameter leads to cross site scripting. This vulnerability was named CVE-2019-12543. The attack can be initiated remotely. Furthermore, there is an exploit available.

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. "NoviSpy allows for capturing sensitive personal data from a target's phone after infection and provides the ability to turn on the phone's microphone or camera remotely," the

Grok is the chatbot of xAI. It’s a state-of-the-art model, chatbot and recently also API. It has a Web UI and is integrated into the X (former Twitter) app, and recently it’s also accessible via an API. Since this post is a bit longer, I’m adding an index for convenience: Table of Contents High Level Overview Analyzing Grok’s System Prompt Prompt Injection from Other User’s Posts Prompt Injection from Images Prompt Injection from PDFs Conditional Prompt Injection and Targeted Disinformation Data Exfiltration - End-to-End Demonstration Rendering of Clickable Hyperlinks to Phishing Sites ASCII Smuggling - Crafting Invisible Text and Decoding Hidden Secrets Hidden Prompt Injection Creation of Invisible Text Grok API is also Vulnerable to ASCII Smuggling Developer Guidance for Grok API Automatic Tool Invocation Responsible Disclosure Conclusion High Level Overview Over the last year I have used Grok quite a bit.

Researchers identified a threat actor leveraging Google Search ads to target graphic design professionals, as the actor has launched at least 10 malvertising campaigns hosted on two specific IP addresses: 185.11.61[.]243 and 185.147.124[.]110, where these malicious ads, when clicked, redirect users to websites that initiate malicious downloads. Two IP addresses, 185.11.61.243 and 185.147.124.110, have been […]

The post Hackers Abuse Google Ads To Attacking Graphic Design Professionals appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Как приложение помогает выявить опасность, о которой никто не говорит.

Recent cyberattacks targeting critical infrastructure, including fuel management systems and water treatment facilities in Israel and the US, have been attributed to the Iranian-backed CyberAv3ngers.  The attacks, leveraging a custom-built malware named IOCONTROL, exploit vulnerabilities in IoT and OT devices, such as routers, PLCs, HMIs, and firewalls.  The malware, designed to operate on various platforms, […]

The post Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And Firewalls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.