Tracebit 研究人员发现,在 AWS 密钥旁放置 prompt injection 可有效关闭恶意 AI 攻击代理。
Security
Last 7 days · 86 items
Plus: Russian cyberspies turn to infrastructure hacking, DHS repeatedly fails to realize it’d been hacked, a breach exposes an AI music generator’s scraping ways, and more.
Tried prompt injection on a bot that was trying to romance scam me. Worked immediately. Instead of switching platforms I just asked it what its actual task was. It dropped the persona instantly. These things are everywhere now. How long until they're indistinguishable?
LG 显示器被曝通过 Windows Update 未经用户同意安装 McAfee 推广软件,Gamers Nexus 复现确认(944 points)。
评论区普遍谴责LG和微软未经用户同意通过Windows更新安装软件,认为这是恶意行为,但也有人认为微软应负主要责任。
Show HN: SSH 蜜罐实时监控面板,可视化展示攻击者的 IP、凭证、命令和恶意软件投递行为。
Some Amazon customers logged on Friday to a surprise bill estimate claiming that they owed the tech and cloud giant billions in fees.
"The displayed billing estimates do not reflect actual usage and charges," Amazon said.
Capital One 开源 VulnHunter:基于 Agentic AI 的代码安全工具,利用 LLM 进行漏洞发现和验证。
评论区对VulnHunter工具的价值存在分歧,有人认为它只是常见安全扫描的包装,缺乏创新,但也有人认为其方法论和结合LLM的验证思路有实际意义。
OpenAI trained GPT-Red, an internal-only attacker model, using self-play reinforcement learning against a population of defender LLMs. It beat human red-teamers 84% to 13% on a replicated indirect prompt injection arena, found a novel "Fake Chain-of-Thought" attack class, and cut GPT-5.6 Sol's failures 6x on OpenAI's hardest direct injection benchmark. OpenAI concedes it still struggles with multi-turn and image-based attacks. The post OpenAI Details GPT-Red: An Internal Automated Red-Teaming Mo
I receive an AWS Budgets alert that my budget is exceeding the alert threshold. Threshold is 5$. Forecasted amount is listed as $3,005,575,870.47. (Yepp, right, that’s 3 billion dollars.) I haven't even used AWS actively in the last year, but AWS console lists the amount as stated above. No feedback from AWS support yet, but the support AI chat bot says: "Die perfekt gleichmäßigen Tageskosten seit dem 1. Juli deuten stark auf einen Abrechnungs- oder Messfehler hin." ("The perfectly consistent da
Apple filed a trade secrets lawsuit against OpenAI last Friday, and it’s not messing around. The complaint alleges a pattern of misconduct reaching all the way up to OpenAI’s chief hardware officer and claims more than 400 former Apple employees now work at the company. OpenAI’s response so far has been carefully hedged, and the timing couldn’t be worse with the company reportedly eyeing an IPO […]
Apple is suing OpenAI. The complaint is readable and intense, as these things often are, though many experts seem to think many of the allegations are just the ways things are done. So what does Apple really want here, and why is it picking such a public fight with OpenAI? On this episode of The […]
Prosecutors accused 21-year-old student Zyaire Wilkins of publishing on Steam several fake video games that contained malware, infecting thousands of victims, and stealing crypto from some of them.
Patreon is strengthening its defenses against AI scraping by working with Cloudflare to block bots that train AI models on creators’ content without permission. The move marks a shift away from relying on websites using robots.txt alone to actively block unauthorized AI training.
Federal authorities have arrested a Florida man suspected of stealing at least $220,000 in crypto through malware-infected Steam games, as reported earlier by local news outlet Local10. In the complaint, officials accuse 21-year-old Zyaire Wilkins and co-conspirators of launching eight malware-embedded games from around May 2024 to February 2026, allowing them to infect about 8,000 […]
The NHTSA recently called for autonomous vehicle companies to improve how cars respond in emergency situations.
Apple 向数十名 OpenAI 员工发出律师函,多数评论认为这是常规操作,但也有人质疑其意在打压竞争对手。
多数评论认为苹果发律师函是常规操作,但也有人认为这是苹果在打压竞争对手。
The City Attorney’s Office sent the tech giants cease-and-desist letters this week telling them to stop profiting from 13 “face-swap” apps that are overwhelmingly used to target women and girls.
Official estimates Google and Apple likely made millions in nudify app fees.
In letters sent to Apple and Google, San Francisco City Attorney David Chiu said that both companies have long been aware that they are hosting apps in violation of state law.
Google and Apple were sent cease-and-desist letters regarding 13 apps on their respective stores.
On file deletions. We’ve investigated a handful of reports where GPT-5.6 unexpectedly deleted files. What we have found is that this most commonly occurs when: Full access mode is enabled and codex is run without sandboxing protections, including without auto review being enabled The model attempts to override the $HOME env var to define a temporary directory. The model makes an honest mistake and mistakenly deletes $HOME instead. — Thibault Sottiaux , describing a pretty gnarly Codex bug Tags:
俄罗斯顶级黑客组织 Sandworm 开始使用 Clickfix 技术攻击乌克兰机构,该技术通过伪造 CAPTCHA 诱使用户在终端执行恶意脚本。
英国警方逮捕两名 Scattered Spider 黑客组织成员,该组织曾入侵伦敦交通系统,两人被判五年半监禁。
OpenAI 构建 LLM 超级黑客 GPT-Red,用于自动化红队测试,帮助其他模型提升对网络攻击的防御能力。
Elon Musk's xAI files first lawsuit against Grok user accused of making child sex images.
Coca Cola said dairy production at its Fairlife unit will "remain suspended" in the United States following a hack.
One period tracker app tested by Mozilla was 'squeaky clean,' while another app was seen sharing users' health data with an analytics company, underscoring vast differences in user privacy among these apps.
Image guardrails are typically trained and evaluated under a fixed safety policy, implicitly treating safety as an intrinsic property of an image. Real deployments are different: the same image may be allowed in one product, restricted in another, and newly disallowed when a policy boundary changes. We study policy-adaptive image guardrailing, where a model must decide whether an image violates the currently supplied policy and generalize to held-out policy definitions. We introduce PolicyShiftB
If you use tailscale ssh, you rely on ACLs, and anyone else in your tailnet you should update as soon as possible. Even if you're alone in your tailscale don't write off the possibility of chained vulnerabilities. Generally, when it comes to something as important as ssh, consider using openssh instead.
微软发布创纪录数量补丁当天,匿名研究员公开 Windows 0-day 漏洞 HiveLegacy,可让低权限账户修改管理员账户。
OpenAI has built an LLM super-hacker called GPT-Red that it uses as a sparring partner to help its other models boost their defenses against cyberattacks. Last week the company released the latest version of its flagship LLM, GPT-5.6. OpenAI says that training it against GPT-Red made the model its most robust release yet. GPT-Red automates…
Hi HN :) really excited to share this with you. The one thing AI reliably does is generate noise. Half the tools I see launch are just machines for producing more noise across more channels. And people are starting to see this in the form of emails in their inboxes as spam filters are struggling. There used to be a useful signal in email: the effort a sender put into customizing a message was a rough proxy for how relevant it actually was. AI killed that. Now it's customized slop with the appear
The vulnerability in the decades-old game could have allowed hackers to take over victims’ computers with a malicious game invite.
Microsoft's monthly release of security fixes, dubbed Patch Tuesday, resolved a record 570 security vulnerabilities across the company's product line, thanks to discoveries with AI.
The hacker used an employee's credentials to access source code, which revealed how Suno scraped decades of audio.
OpenAI outlines a “reverse federalism” approach to AI governance, where state laws help build a national framework for safe, democratic AI.
安全研究员演示利用 Claude 记忆功能窃取用户全名、雇主和安全问题答案,批评 Anthropic 未奖励漏洞发现,社区建议关闭记忆功能或使用假名。
评论区普遍认为Claude的记忆功能存在安全隐患,批评Anthropic未奖励漏洞发现者,但也有人认为可通过关闭记忆或使用假名规避风险。
The Elon Musk-owned xAI is suing a South Carolina man who allegedly used the company's Grok AI chatbot to generate child sexual abuse material (CSAM). In a lawsuit reported earlier by Reuters, xAI claims Terry Wayne Harwood "knowingly and intentionally used Grok to circumvent safeguards, alter nonconsensual images, and generate and distribute CSAM," breaching the […]
Back in March, we released an initial version of an OpenID Connect Provider. Now, with v5.1.0, this OIDC provider is certified for Basic OP thanks to our amazing contributors and to the OpenID Foundation team for allowing us to certify at no cost. This release also includes a couple of new features like Kubernetes annotation based access controls (just got into k3s so...), deny-by-default access controls, a stable config file (turns out having a simple configuration file as an alternative to CLI
Suno says it was breached in November and "no sensitive personal information was compromised."
And Microsoft doesn't care.
Old and forgotten "shims" Microsoft failed to revoke have made Secure Boot bypasses simple.
The Iranian government exploited well-known flaws in cellphone networks to locate and then strike U.S. military personnel in the build-up and beginning of the war.
SpaceXAI's Grok Build AI coding tool was spotted uploading users' entire codebases to Google Cloud before it was reported, and the company turned it off. The Register reports that Cereblab published findings on Monday showing how the Grok Build CLI was packaging and uploading entire code repositories, "including files it was told not to open […]
Cursor 存在 0day:Windows 下打开含恶意 git.exe 的仓库即被自动执行任意代码,无需用户交互。
With residential proxies all the rage, CISA urges router users to be vigilant.
多数认为加密子代理提示是为了防止蒸馏和盗版,但也有人担忧这会降低透明度和可审计性。
A number of social media posts claim that GPT-5.6 Sol deleted files and data without warning. OpenAI had basically disclosed the problem in June.
Today I had an eye opening security scare with my homelab. I was making some dinner and went to browse reddit while I waited for my food to cook, the page wouldn't load, and my first thought was maybe my dns was down (I use pihole with unbound recursive dns). I checked my pihole dashboard, and it was operational, no issues there. I did notice that there were a few STUN requests from my ugreen nas, which I thought were unusual, having a loose understanding of what STUN is from reading the tailsca
Meta cut its workforce by 10 percent in May.
A new study found that social media platforms are referring people to sites where they can create nonconsensual, sexually explicit deepfakes for as little as $1 an image.
Hachette, Cengage, Elsevier, and other publishers allege that Google trained its AI on copyrighted works without the necessary permissions.
欧盟强制年龄验证应用仅支持 Android/iOS 遭广泛反对,认为违反数字主权和用户选择自由。
评论区普遍反对欧盟强制年龄验证应用仅支持Android和iOS,认为这侵犯选择自由并存在隐私风险,但也有人认为目前其他移动操作系统已无实际可用性。
OpenAI accused of conspiring with former Apple employees to steal trade secrets.
Apple would not comment on the "security breach," which allegedly allowed a former employee to download sensitive files from Apple's network long after he departed the company for rival OpenAI.
Apple’s trade secrets lawsuit against OpenAI contains allegations that range from employees joking about unauthorized access to Apple’s systems to claims that job candidates were asked to bring Apple hardware to interviews. Here are the complaint’s most eye-catching claims.
Angelo Martino helped scam ransomware victims out of over $75 million, officials said.
防御者反向利用提示注入:在 AWS 密钥旁放置引导指令,让 AI 黑客 Agent 被自身守则禁止而停止攻击。
arXiv:2607.09076v1 Announce Type: new Abstract: Cyberattacks on operational technology are increasingly causing costly downtime and physical damage, exposing the limitations of traditional rule-based monitoring in industrial IoT environments. While Large Language Models (LLMs) have strong semantic reasoning abilities to assist in decision support, their hallucinatory nature presents unacceptable safety liabilities for closed-loop control. This paper introduces a neuro-agentic control framework,
评论普遍认为Flock合同到期不代表摄像头会移除,因其所有权归公司,数据仍可能被出售,但也有人认为技术扩张有助于交通执法。
评论区普遍认为Grok Build CLI未经用户同意上传完整代码库,严重侵犯隐私,但也有人认为这是AI代理工具的常见做法,可通过配置禁用。
Hey everyone I just wanted to share this because we are pretty proud of this milestone. Since v2.10.0 Pocket ID is now OpenID Connect Certified™ which means that we pass all tests of the OpenID Connect test suite. Additionally we've introduced the support for OAuth 2.0 APIs and permissions (or in more technical terms "resource servers" and "scopes"). This is very useful if you are building your own application and you want to delegate authorization and authentication completely to Pocket ID. Our
欧洲议会通过 Chat Control 1.0 后社区呼吁加强自托管;2.0 仍在议程中。
Global tech, distilled into 3 minutes a day
Get the free daily digest by email. Sign up to bookmark and personalize your feed.
13 issues shipped · 150+ items sifted to 30 worth reading, every day