15 matches found
SQLi_AI_defence
SQLiAIdefence A small model ba...
Jailbreak Mimicry: Automated Discovery of Narrative-Based Jailbreaks for Large Language Models
Large language models LLMs remain vulnerable to sophisticated prompt engineering attacks that exploit contextual framing to bypass safety mechanisms, posing significant risks in cybersecurity applications. We introduce Jailbreak Mimicry, a systematic methodology for training compact attacker mode...
EUVD-2025-20218
Malicious code in bioql PyPI...
EUVD-2025-23367
Malicious code in bioql PyPI...
CVE-2025-50472
The modelscope/ms-swift library thru 2.6.1 is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadmodelmeta function of the ModelFileSystemCache class. Attackers can execute arbitrary code and commands by crafting a malicious serialized .mdl payload,...
GHSA-P7J4-JWJF-5X9W LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions
A vulnerability in the ArxivReader class of the run-llama/llamaindex repository allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from...
Mind the Gap: a Practical Attack on GGUF Quantization
With the increasing size of frontier LLMs, post-training quantization has become the standard for memory-efficient deployment. Recent work has shown that basic rounding-based quantization schemes pose security risks, as they can be exploited to inject malicious behaviors into quantized models tha...
Hush! Protecting Secrets during Model Training: an Indistinguishability Approach
We consider the problem of secret protection, in which a business or organization wishes to train a model on their own data, while attempting to not leak secrets potentially contained in that data via the model. The standard method for training models to avoid memorization of secret information i...
On Technique Identification and Threat-Actor Attribution Using LLMs and Embedding Models
Attribution of cyber-attacks remains a complex but critical challenge for cyber defenders. Currently, manual extraction of behavioral indicators from dense forensic documentation causes significant attribution delays, especially following major incidents at the international scale. This research...
Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans
Data is growing faster than ever. Remember when petabytes that's 1,000,000 gigabytes! were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed, analyzed,...
CVE-2024-5206
A vulnerability was found in the scikit-learn package. Before version 1.4.1, post1 scikit-learn stores all tokens with "stopwords" attributes. This action may cause scikit-learn to expose sensitive data that will not be used in the model training, possibly leaking passwords and keys...
This Free Discovery Tool Finds and Mitigates AI-SaaS Risks
Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property IP and data against the growing and evolving risks of AI usage. SaaS...
ChatGPT leaks bits of users' chat history
New gadgets and software come with new bugs, especially if they're rushed. We can see this very clearly in the race between tech giants to push large language models LLMs like ChatGPT and its competitors out the door. In the most recently revealed LLM bug, ChatGPT allowed some users to see the...
CVE-2021-39207
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...
In0ri - Defacement Detection With Deep Learning
In0ri is a defacement detection system utilizing a image-classification convolutional neural network. Introduction When monitoring a website, In0ri will periodically take a screenshot of the website then put it through a preprocessor that will resize the image down to 250x250px and numericalize t...