Lucene search
K

685 matches found

CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version v0.12.5 that stems from an unhandled thread exception and could lead to a denial of service attack...

7.5CVSS7.3AI score0.00761EPSS
Exploits1References3
HackRead
HackRead
added 2025/03/19 3:58 p.m.8 views

Researchers Use AI Jailbreak on Top LLMs to Create Chrome Infostealer

New Immersive World LLM jailbreak lets anyone create malware with GenAI. Discover how Cato Networks researchers tricked ChatGPT, Copilot, and DeepSeek into coding infostealers - In this case, a Chrome infostealer...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/02/28 10:24 a.m.25 views

12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training

A dataset used to train large language models LLMs has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/01/21 12:0 a.m.8 views

Building Effective Agents with Spring AI (Part 1)

In a recent research publication: Building effective agents, Anthropic shared valuable insights about building effective Large Language Model LLM agents. What makes this research particularly interesting is its emphasis on simplicity and composability over complex frameworks. Let's explore how...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/01/08 7:43 p.m.8 views

New Research: Enhancing Botnet Detection with AI using LLMs and Similarity Search

As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security TLS encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control C2 traffic. These malicious actors often have identifiable characteristics...

7.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/01/07 5:30 p.m.6 views

AI-supported spear phishing fools more than 50% of targets

One of the first things everyone predicted when artificial intelligence AI became more commonplace was that it would assist cybercriminals in making their phishing campaigns more effective. Now, researchers have conducted a scientific study into the effectiveness of AI supported spear phishing, a...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/23 1:48 p.m.6 views

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case

Cybersecurity researchers have found that it's possible to use large language models LLMs to generate new variants of malicious JavaScript code at scale in a manner that can better evade detection. "Although LLMs struggle to create malware from scratch, criminals can easily use them to rewrite or...

6.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.105 views

The vulnerability of Ollama’s system for launching and managing large language models, related to the exposure of system data to unauthorized individuals, allows a violator to trigger a service failure.

The vulnerability of Ollama’s system for running and managing large language models is related to the exposure of system data to unauthorized individuals. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS7.7AI score0.04237EPSS
Exploits2References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.5 views

The vulnerability of Ollama’s system for running and managing large language models, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of Ollama’s system for running and managing large language models is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures...

7.8CVSS8.1AI score0.02683EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/16 12:0 a.m.6 views

The vulnerability of Ollama’s system for running and managing large language models lies in the improper restriction on the path name to the restricted-access catalog, which allows a violator to trigger a service failure.

The vulnerability of the Ollama system for running and managing large language models is related to an incorrect restriction on the path name to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to trigger a service failure...

7.8CVSS8.1AI score0.03938EPSS
Exploits2References3Affected Software1
Qualys Blog
Qualys Blog
added 2024/12/05 5:10 p.m.11 views

Secure Your Generative Investments: Qualys Advances Enterprise TruRisk Platform with Qualys TotalAI to Protect Your LLM Investments

Artificial intelligence AI and large language models LLMs are reshaping industries, streamlining enterprise operations, and fueling unprecedented innovation. However, as adoption accelerates, so do the associated risks. While 70% of enterprises plan to deploy LLMs in production within the next 12...

7.6AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/11/07 12:7 p.m.10 views

Subverting LLM Coders

Really interesting research: "An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection": Abstract : Large Language Models LLMs have transformed code completion tasks, providing context-based suggestions to boost...

7.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/11/05 12:0 a.m.4 views

The vulnerability of the software’s user data loading function for running large language models (LLMs) like ChuanhuChatGPT allows a perpetrator to execute arbitrary code.

The vulnerability of the software’s user data loading function for running large language models like ChuanhuChatGPT is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

9.4CVSS8.5AI score0.2721EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2024/10/23 9:54 a.m.19 views

Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models

Cybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models LLMs during the course of an interactive conversation by sneaking in an undesirable instruction between benign ones. The approach has been codenamed Deceptive Delight by...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/10/03 1:5 p.m.13 views

A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/02 12:0 a.m.13 views

Supercharging Your AI Applications with Spring AI Advisors

In the rapidly evolving world of artificial intelligence, developers are constantly seeking ways to enhance their AI applications. Spring AI, a Java framework for building AI-powered applications, has introduced a powerful feature: the Spring AI Advisors. The advisors can supercharge your AI...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/09/27 12:0 a.m.11 views

AI Meets Spring Petclinic: Implementing an AI Assistant with Spring AI (Part II)

Recap of Part I In the first part of this blog series, we explored the basics of integrating Spring AI with large language models. We walked through building a custom ChatClient, leveraging Function Calling for dynamic interactions, and refining our prompts to suit the Spring Petclinic use case. ...

6.6AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/09/26 12:0 a.m.15 views

AI Meets Spring Petclinic: Implementing an AI Assistant with Spring AI (Part I)

Introduction In this two-parts blog post, I will discuss the modifications I made to Spring Petclinic to incorporate an AI assistant that allows users to interact with the application using natural language. Introduction to Spring Petclinic Spring Petclinic serves as the primary reference...

6.4AI score
Exploits0
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.4 views

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.8.2, which results in a denial of service due to improper handling of user-supplied input to the "/api/v1/get-upload-file" api endpoint...

7.5CVSS6.3AI score0.13898EPSS
Exploits0References2
Securelist
Securelist
added 2024/08/12 10:0 a.m.12 views

Indirect prompt injection in the real world: how people manipulate neural networks

What is prompt injection? Large language models LLMs – the neural network algorithms that underpin ChatGPT and other popular chatbots – are becoming ever more powerful and inexpensive. For this reason, third-party applications that make use of them are also mushrooming, from systems for document...

7.9AI score
Exploits0
Rows per page
Query Builder