24 matches found
CVE-2025-55271
HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands or inject harmful content into the response...
Safe2Harm: Semantic Isomorphism Attacks for Jailbreaking Large Language Models
Large Language Models LLMs have demonstrated exceptional performance across various tasks, but their security vulnerabilities can be exploited by attackers to generate harmful content, causing adverse impacts across various societal domains. Most existing jailbreak methods revolve around Prompt...
VisualDAN: Exposing Vulnerabilities in VLMs with Visual-Driven DAN Commands
Vision-Language Models VLMs have garnered significant attention for their remarkable ability to interpret and generate multimodal content. However, securing these models against jailbreak attacks continues to be a substantial challenge. Unlike text-only models, VLMs integrate additional modalitie...
EUVD-2021-0862
Malware in sbrugna...
LLM Detected
The scanner detected the presence of a Large Language Model LLM on the target application. LLMs are advanced AI models capable of understanding and generating human-like text based on the input they receive. They are commonly used in various applications, including chatbots, virtual assistants,...
Consiglieres in the Shadow: Understanding the Use of Uncensored Large Language Models in Cybercrimes
The advancement of AI technologies, particularly Large Language Models LLMs, has transformed computing while introducing new security and privacy risks. Prior research shows that cybercriminals are increasingly leveraging uncensored LLMs ULLMs as backends for malicious services. Understanding the...
AI 'Nudify' Websites Are Raking in Millions of Dollars
Millions of people are accessing harmful AI “nudify” websites. New analysis says the sites are making millions and rely on tech from US companies...
SAFEx: Analyzing Vulnerabilities of MoE-Based LLMs Via Stable Safety-Critical Expert Identification
Large language models based on Mixture-of-Experts have achieved substantial gains in efficiency and scalability, yet their architectural uniqueness introduces underexplored safety alignment challenges. Existing safety alignment strategies, predominantly designed for dense models, are ill-suited t...
Hello, Won'T You Tell Me Your Name?: Investigating Anonymity Abuse in IPFS
The InterPlanetary File SystemIPFS offers a decentralized approach to file storage and sharing, promising resilience and efficiency while also realizing the Web3 paradigm. Simultaneously, the offered anonymity raises significant questions about potential misuse. In this study, we explore methods...
Phare: a Safety Probe for Large Language Models
Ensuring the safety of large language models LLMs is critical for responsible deployment, yet existing evaluations often prioritize performance over identifying failure modes. We introduce Phare, a multilingual diagnostic framework to probe and evaluate LLM behavior across three critical...
CVE-2021-29460
Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like...
Amplified Vulnerabilities: Structured Jailbreak Attacks on LLM-Based Multi-Agent Debate
Multi-Agent Debate MAD, leveraging collaborative interactions among Large Language Models LLMs, aim to enhance reasoning capabilities in complex tasks. However, the security implications of their iterative dialogues and role-playing characteristics, particularly susceptibility to jailbreak attack...
New Jersey Sues Discord for Allegedly Failing to Protect Children
The New Jersey attorney general claims Discord’s features to keep children under 13 safe from sexual predators and harmful content are inadequate...
Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
Not sure this will matter in the end, but it's a positive move: Microsoft is accusing three individuals of running a "hacking-as-a-service" scheme that was designed to allow the creation of harmful and illicit content using the company's platform for AI-generated content. The foreign-based...
Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
Microsoft has revealed that it's pursuing legal action against a "foreign-based threat–actor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence AI services and produce offensive and harmful content...
DEBIAN-CVE-2023-44428
MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MuseScore. User interaction is required to exploit this vulnerability in that the target must visit a...
PT-2023-23609 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 15.11 through 16.1.4 GitLab versions 16.2 through 16.2.4 GitLab versions 16.3 through 16.3.0 Description: An issue has been discovered in GitLab where an authenticated user could trigger a denial of service when importing or...
TikTok CEO told to "step up efforts to comply" with digital laws
EU Commissioner Thierry Breton, the EU's digital policy chief, "explicitly conveyed" to TikTok CEO Shou Zi Chew that the company must "step up efforts to comply" with the European Union's rules on copyright, data protection, and the Digital Services Act DSA--an EU regulation setting out "an...
Online Safety Bill’s provisions for “legal but harmful” content described as “censor’s charter”
The UKs Online Safety Bill, a landmark piece of legislation that that aims to regulate the countrys online content, has just been introduced into Parliament after undergoing significant revisions. The bill has been in progress for about five years and its main objective is to regulate online...
Slack: Lack of URL normalization renders Blocked-Previews feature ineffectual
Slack has a feature known as Blocked Previewsblocked-previews, which allows Workspace Owners and Admins to specify a list of URLs for which no link preview should occur. The point of this feature is to reduce clutter and prevent harmful content from getting embedded in the workspace. However, whe...