EUVD-2023-49384

Malicious code in bioql PyPI...

WordPress AI Mojo – GPT-3 Playground for WordPress Plugin < 0.9.0 is vulnerable to Cross Site Scripting (XSS)

Software AI Mojo – GPT-3 Playground for WordPress Type Plugin Vulnerable versions 0.9.0 Fixed in 0.9.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5642cc65e7b6 Credits Rafie...

In Review: What GPT-3 Taught ChatGPT in a Year

Amidst the uproar and opinions since November 2022, we look at the possibilities and implications of what OpenAI’s ChatGPT presents to the cybersecurity industry using a comparison to earlier products, like its predecessor GPT-3...

What ChatGPT know about API Security?

There is no doubt that you heard about and seen the latest OpenAIs brilliant called ChatGPT. It can write poems, speak many languages, answer questions, play chess, make code and impress everyone. In this post, we show a few more of how this AI model is good in cybersecurity, in particular in API...

ReconPal - Leveraging NLP For Infosec

Recon is one of the most important phases that seem easy but takes a lot of effort and skill to do right. One needs to know about the right tools, correct queries/syntax, run those queries, correlate the information, and sanitize the output. All of this might be easy for a seasoned infosec/recon...

Awful 4chan chat bot spouts racial slurs and antisemitic abuse

“A robot may not injure a human being or, through inaction, allow a human being to come to harm” Science fiction readers, and many others, will recognize Asimov’s first law of robotics. After reading about a bot called GPT-4chan I was wondering whether we should include: “A bot may not insult a...

WordPress AI Mojo – GPT-3 Playground for WordPress plugin < 0.2.5 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress AI Mojo – GPT-3 Playground for WordPress plugin versions 0.2.5. Solution Update the WordPress AI Mojo – GPT-3 Playground for WordPress plugin to the latest available version at least 0.2.5...

Codex Exposed: Exploring the Capabilities and Risks of OpenAI’s Code Generator

The first of a series of blog posts examines the security risks of Codex, a code generator powered by the GPT-3 engine...

Using AI to Scale Spear Phishing

The problem with spear phishing is that it takes time and creativity to create individualized enticing phishing emails. Researchers are using GPT-3 to attempt to solve that problem: The researchers used OpenAIs GPT-3 platform in conjunction with other AI-as-a-service products focused on personali...

AI Wrote Better Phishing Emails Than Humans in a Recent Test

Researchers found that tools like OpenAI's GPT-3 helped craft devilishly effective spearphishing messages...

AIs and Fake Comments

This month, the New York state attorney general issued a report on a scheme by "U.S. Companies and Partisans to Hack Democracy." This wasn’t another attempt by Republicans to make it harder for Black people and urban residents to vote. It was a concerted attack on another core element of US...