CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team CERT-In has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse ...

Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework created by VMware Corporation in the Spring ecosystem, which integrates artificial intelligence and large language model capabilities. VMware Spring AI has a security vulnerability. This vulnerability allows malicious users to manipulate the behavior of...

EUVD-2020-0219

Malware in sbrugna...

IAG: Input-Aware Backdoor Attack on VLMs for Visual Grounding

Vision-language models VLMs have shown significant advancements in tasks such as visual grounding, where they localize specific objects in images based on natural language queries and images. However, security issues in visual grounding tasks for VLMs remain underexplored, especially in the conte...

Securing Generative AI Agentic Workflows: Risks, Mitigation, and a Proposed Firewall Architecture

Generative Artificial Intelligence GenAI presents significant advancements but also introduces novel security challenges, particularly within agentic workflows where AI agents operate autonomously. These risks escalate in multi-agent systems due to increased interaction complexity. This paper...

CVE-2021-29593

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero...

Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion

Impact Affected versions of Winter CMS allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access vi...

AI jailbreaks: What they are and how they can be mitigated

Generative AI systems are made up of multiple components that interact to provide a rich user experience between the human and the AI models. As part of a responsible AI approach, AI models are protected by layers of defense mechanisms to prevent the production of harmful content or being used to...

Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats

Google has announced that it's expanding its Vulnerability Rewards Program VRP to compensate researchers for finding attack scenarios tailored to generative artificial intelligence AI systems in an effort to bolster AI safety and security. "Generative AI raises new and different concerns than...