Automatically Finding Prompt Injection Attacks
Researchers have just published a paper showing how to automate the discovery of prompt injection attacks. They look something like…
Security
2023 OWASP Top-10 Series: API1:2023 Broken Object Level Authorization
Welcome to the 2nd post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a…
Friday Squid Blogging: Zaqistan Flag
The fictional nation of Zaqistan (in Utah) has a squid on its flag. As usual, you can also use this…
Indirect Instruction Injection in Multi-Modal LLMs
Interesting research: “(Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs“: Abstract: We demonstrate how images and sounds…
Weekly Update 358
Presently sponsored by: Kolide ensures that if a device isn’t secure, it can’t access your apps. It’s Device Trust for…
Fooling an AI Article Writer
World of Warcraft players wrote about a fictional game element, “Glorbo,” on a subreddit for the game, trying to entice…
Backdoor in TETRA Police Radios
Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around…
Over 500K MikroTik RouterOS systems potentially exposed to hacking due to critical flaw
Experts warn of a severe privilege escalation, tracked as CVE-2023-30799, in MikroTik RouterOS that can be exploited to hack vulnerable…
New York Using AI to Detect Subway Fare Evasion
The details are scant—the article is based on a “heavily redacted” contract—but the New York subway authority is using an…
API Security in 2023: Major Insights from Postman’s State of the API Report
📣 Good news for all tech enthusiasts! The highly anticipated 2023 State of the API Report, conducted by Postman –…