18 matches found
Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models
University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without...
SEV Ciphertext Side Channel Attacks
Summary AMD has received reports from two research groups detailing methods by which a malicious hypervisor could potentially execute a side channel attack against a running secure encrypted virtualization – secure nested paging SEV-SNP guest. The first report, titled “Relocate + Vote: Exploiting...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025. I'm speaking at the University of Toronto's Rotman School of Management in Toronto, Canada, on April 3, 2025. The list is maintained on this page...
dorismccarthygallery.utoronto.ca Cross Site Scripting vulnerability OBB-3868142
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
dorismccarthygallery.utoronto.ca Cross Site Scripting vulnerability OBB-3777862
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
About the security content of macOS Ventura 13.5.2
About the security content of macOS Ventura 13.5.2 This document describes the security content of macOS Ventura 13.5.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
ontariodialects.chass.utoronto.ca Cross Site Scripting vulnerability OBB-3573492
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
dorismccarthygallery.utoronto.ca Cross Site Scripting vulnerability OBB-3551960
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
mediabank.utoronto.ca Cross Site Scripting vulnerability OBB-3542500
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
library.vicu.utoronto.ca Cross Site Scripting vulnerability OBB-3348040
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
authbeta.postmd.utoronto.ca Cross Site Scripting vulnerability OBB-1248692
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
maps.chass.utoronto.ca Cross Site Scripting vulnerability OBB-1248672
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Powerful Android and iOS Spyware Found Deployed in 45 Countries
One of the world's most dangerous Android and iPhone spyware program has been found deployed against targets across 45 countries around the world over the last two years, a new report from Citizen Lab revealed. The infamous spyware, dubbed Pegasus, is developed by NSO Group—an Israeli company whi...
omgterran.phm.utoronto.ca XSS vulnerability
Open Bug Bounty ID: OBB-527325 Description| Value ---|--- Affected Website:| omgterran.phm.utoronto.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Threat Actors Target Chinese Language News Sites
A California-based news website covering China, called China Digital Times, was targeted in a spying campaign that involved phishing lures and the use of the NetWire remote access Trojan. The attacks began in February 2017 and were part of a wider campaign of phishing, reconnaissance and malware...
Detekt — Free Anti-Malware Tool To Detect Govt. Surveillance Malware
Human rights experts and Privacy International have launched a free tool allowing users to scan their computers for surveillance spyware, typically used by governments and other organizations to spy on human rights activists and journalists around the world. This free-of-charge anti-surveillance...
Ron Deibert on Cyber Espionage, Surveillance and Black Code
Dennis Fisher talks with Ron Deibert of the University of Toronto and Citizen Lab about his group’s research into cyber espionage campaigns, the surveillance landscape and his recent book, Black Code...
Syrian Hackers Deface AnonPlus - Anonymous Social Network
Syrian Hackers Deface AnonPlus - Anonymous Social Network After the hacking gang Anonymous took credit for defacing Syria's Ministry of Defense website, a Syrian group retaliated on Monday by posting gruesome photos on Anonymous embryonic social network. The defacement of AnonPlus...