153 matches found
The Automation Advantage in AI Red Teaming
This paper analyzes Large Language Model LLM security vulnerabilities based on data from Crucible, encompassing 214,271 attack attempts by 1,674 users across 30 LLM challenges. Our findings reveal automated approaches significantly outperform manual techniques 69.5% vs 47.6% success rate, despite...
CipherBank: Exploring the Boundary of LLM Reasoning Capabilities through Cryptography Challenges
Large language models LLMs have demonstrated remarkable capabilities, especially the recent advancements in reasoning, such as o1 and o3, pushing the boundaries of AI. Despite these impressive achievements in mathematics and coding, the reasoning abilities of LLMs in domains requiring cryptograph...
Steering the CensorShip: Uncovering Representation Vectors for LLM "Thought" Control
Large language models LLMs have transformed the way we access information. These models are often tuned to refuse to comply with requests that are considered harmful and to produce responses that better align with the preferences of those who control the models. To understand how this "censorship...
Everything You Wanted to Know about LLM-Based Vulnerability Detection but Were Afraid to Ask
Large Language Models are a promising tool for automated vulnerability detection, thanks to their success in code generation and repair. However, despite widespread adoption, a critical question remains: Are LLMs truly effective at detecting real-world vulnerabilities? Current evaluations, which...
Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity
Introduction Among the most significant events in the AI world in early 2025 was the release of DeepSeek-R1 – a powerful reasoning large language model LLM with open weights. It's available both for local use and as a free service. Since DeepSeek was the first service to offer access to a reasoni...
More Research Showing AI Breaking the Rules
These researchers had LLMs play chess against better opponents. When they couldn't win, they sometimes resorted to cheating. Researchers gave the models a seemingly impossible task: to win against Stockfish, which is one of the strongest chess engines in the world and a much better player than an...
CVE-2024-35820
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
RTX 安全漏洞
RTX is RTXteam's prototype translation reasoning tool. A security vulnerability exists in RTX TRAP v1.0. An attacker can spoof the server by manipulating the host header field in an HTTP request, causing the server to process the request with a malicious hostname...
SGXRay - Automating Vulnerability Detection for SGX Apps
Intel SGX protects isolated application logic and sensitive data inside an enclave with hardware-based memory encryption. To use such hardware-based security mechanism requires a strict programming model on memory usage, with complex APIs in and out the enclave boundary. Enclave developers are...
Reasoning Genius - Panda Games - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities
HackApp vulnerability scanner discovered that application Reasoning Genius - Panda Games published at the 'play' market has multiple vulnerabilities...
DARPA Cyber Grand Challenge Offers $2M to Winners
The bug bounty continues to be turned on its ear. Microsoft began the wave of paying premium money for mitigation technologies via its Blue Hat prizes, and now DARPA has gone all-in to the tune of $2 million for the development of an automated network defense system that not only scans for and...
Ubuntu 10.10 : linux vulnerabilities (USN-1160-1)
Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. CVE-2010-4529 Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc...
xoopsgal-sql.txt
XOOPS Module Gallery 0.2.2 SQL Injection Exploit AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 HOME : http://securityreason.com/search/101/c0BidW4=/1/0 MAİL : [email protected] DORKS 1 : allinurl :"modules/gallery" DORK 2 : allinurl :"modules/gallery"gid EXPLOIT :...