Reverse CAPTCHA: Evaluating LLM Susceptibility to Invisible Unicode Instruction Injection

We introduce Reverse CAPTCHA, an evaluation framework that tests whether large language models follow invisible Unicode-encoded instructions embedded in otherwise normal-looking text. Unlike traditional CAPTCHAs that distinguish humans from machines, our benchmark exploits a capability gap: model...

ROS-20260126-73-0008

A vulnerability in the Linux operating system kernel is related to integer loss of significance. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260113-7371

A vulnerability in the Linux operating system kernel is related to integer loss of significance. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Watermarking Autoregressive Image Generation

Watermarking the outputs of generative models has emerged as a promising approach for tracking their provenance. Despite significant interest in autoregressive image generation models and their potential for misuse, no prior work has attempted to watermark their outputs at the token level. In thi...

CVE-2019-12215

A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this...

ROS-20250203-12

A vulnerability in the ldebug.c component of the Lua script interpreter involves an integer loss of significance. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20250203-11

A vulnerability in the luaupvaluejoin function lapi.c of the Lua script interpreter is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service Vulnerability in the luaresume ldo.c component of the Lua...

CVE-2025-24885

creationtimestamp| type| source ---|---|--- 2025-01-30 22:42:41+00:00| seen| https://infosec.exchange/users/cve/statuses/113919718883352677 2025-01-30 23:15:38+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgymhdwhet2p 2025-01-31 02:49:26+00:00| seen|...

Spring Tips: Beans, Beans: What's in a Spring bean?

Hi, Spring fans! In this installment we explore the essential Spring bean. What are they, how are they created, and what do they mean to you?...

ROS-20240403-02

Vulnerability of ntfsnamesfullcollate function of NTFS file system for NTFS-3G FUSE module is related to buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code with elevated privileges using a specially crafted NTFS image file The NT...

Two items having same number of votes above the quorum can lead to invariant violation and unfairness towards either of the item

Lines of code Vulnerability details Impact When an item is dropped or extracted from the maxHeap tree, it is directly done so from the item at the root of the tree i.e. index 0. Although this is expected, if one of the child itemIds have number of votes equal to that of the root node, this would ...

What Is Distributed Cloud and Why Should You Care?

...

Museum Security

Interesting interview: Banks dont take millions of dollars and put them in plastic bags and hang them on the wall so everybody can walk right up to them. But we do basically the same thing in museums and hang the assets right out on the wall. So its our job, then, to either use technology or...

Managed vs. Unmanaged VPS hosting -What are the Differences?

By Owais Sultan VPS hosting is beneficial for many reasons but what is the difference between Managed vs. Unmanaged VPS hosting and why does it matter? This is a post from HackRead.com Read the original post: Managed vs. Unmanaged VPS hosting -What are the Differences?...

API security — Wiki: What is ❓ Why ❓ For PenTest & Best Practice

API security — Wiki: What is ❓ Why ❓ For PenTest & Best Practice What does api mean? For beginners, API refers to the Application Programming Interface designed for effortless communication between two different applications. This is why it’s often referred to as the middle person for the...

OPENSUSE-SU-2020:0845-1 Security update for chromium

This update for chromium fixes the following issues: Update to version 83.0.4103.106 boo1173029: CVE-2020-6505: Use after free in speech CVE-2020-6506: Insufficient policy enforcement in WebView CVE-2020-6507: Out of bounds write in V8 - Enforce to not use system borders bsc1173063...

Information disclosure

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other more complex ways...

CVE-2020-10871

In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other more complex ways...

The Significance of the NIST Privacy Framework

Kudos to the NIST Privacy Team! Privacy Framework v.1.0 has finally been released. Ive been tracking the growth of this initiative since the focus group was kicked off in September 2018 and respect its thoroughly explored yet fundamentally grass roots approach. A few points worth bringing to your...

IcoScript RAT Malware Communicates Via Yahoo! Mail

A new remote administration Trojan RAT receives command and control instructions through Yahoo Mail, and could be easily modified to communicate with its authors through Gmail or other popular webmail providers. This new RAT’s significance stems primarily from its ability to elude the notice of...