Tag: vulnerability research
13 articles

GitHub Copilot Exposes Vulnerability to AI Safety Bypass
Researchers have made a surprising discovery about GitHub Copilot, finding that it can be vulnerable to AI safety bypasses, even when it refuses harmful prompts in isolation. This weakness emerges when the same objective is embedded in a typical multi-turn IDE session.

Convicted Felons Launch Offensive Cybersecurity Firm, Lure Researchers with Million-Dollar Payouts
Meet IRIS C2, a bold new cybersecurity firm launched by convicted felons, shaking up the industry with million-dollar payouts to attract top vulnerability researchers and exploit developers. They're offering up to $7 million for zero-day exploits and other cutting-edge capabilities.

Researcher Releases Zero-Day Exploits, Bypassing Disclosure Norms
A pseudonymous security researcher, known as "bikini," has made a bold move by releasing over 30 proof-of-concept exploits for zero-day vulnerabilities in open-source projects, sparking both interest and concern in the cybersecurity community. The researcher behind the Exploitarium GitHub repository is urging users to explore these vulnerabilities for research purposes only.

ChocoPoC Malware Targets Vulnerability Researchers via Fake PoC Repos
Beware of fake proof-of-concept repositories on GitHub - a new malware called ChocoPoC is hiding in plain sight, stealing data from vulnerability researchers through a cleverly designed trap. This sneaky malware uses a dependency chain to infect systems, masquerading as a harmless Python proof-of-concept exploit.

AI Skill Exploits Security Scanners, Reaches 26,000 Agents
In a shocking experiment, a security firm created a fake AI skill that evaded detection by security scanners and reached a staggering 26,000 agents, including those on corporate accounts. The skill, designed to be harmless, was able to bypass every scanner it was tested on, raising serious concerns about the safety of AI marketplaces.

Microsoft Softens Stance After Public Feud with 0-Day Researcher
Microsoft has backpedaled in its public feud with a 0-day researcher, easing tensions with the security community after facing criticism for its aggressive stance. The tech giant now explicitly assures that vulnerability hunters are not in its legal crosshairs.

Security Researchers Uncover 47 Zero-Days at Pwn2Own Berlin
In a thrilling three-day competition, security researchers at Pwn2Own Berlin uncovered a staggering 47 zero-day vulnerabilities, raking in nearly $1.3 million in prize money, with the Devcore Research Team taking home a whopping $505,000. The top prizes included a $200,000 award for a VMware ESXi exploit and a $100,000 prize for a Microsoft SharePoint hack.

Security Researchers Expose Zero-Days in Windows 11, Microsoft Edge
Security researchers just scored a whopping $523,000 in cash awards by uncovering 24 unique zero-days, including a game-changing exploit that chained four logic bugs to break through Microsoft Edge's sandbox. This major breakthrough has set the stage for a new wave of powerful exploits, leaving users eager to see what's next.

Security Flaws Exposed in Popular Database Projects' MCP Servers
Critical security flaws have been uncovered in MCP servers used by popular analytics databases, leaving them vulnerable to risks like SQL injection and full database takeover due to faulty validation and authentication processes. These defects, discovered by Akamai security analyst Tomer Peled, highlight a pressing need for enhanced security measures to protect sensitive data.

Open Source Models Challenge Dominance in Automated Bug Finding
The impressive performance of Anthropic's Mythos in automated bug finding, which uncovered 271 Firefox flaws, has been called into question by Ari Herbert-Voss, who argues that open-source models can be just as effective. Herbert-Voss suggests that Mythos's success can be attributed to its ability to detect both simple and complex vulnerabilities, thanks to a phenomenon he terms "supralinear scaling".

AI Models Accelerate Vulnerability Research, Raising Cybersecurity Risks
Commercial AI models are rapidly advancing vulnerability research and exploit development, cutting the time from discovery to exploitation and significantly raising the stakes for cybersecurity. This emerging trend poses new and heightened risks for the industry.

Microsoft Awards $2.3M for Cloud and AI Flaws Uncovered in Zero Day Quest Hacking Contest
Microsoft just took a bold step towards securing our digital future by awarding $2.3 million to researchers who uncovered critical cloud and AI flaws in its Zero Day Quest hacking contest, showcasing the power of incentive-driven vulnerability discovery. Nearly 700 submissions poured in, highlighting the vast scope of potential weaknesses in our rapidly evolving tech landscape.
Anthropic AI Model Exposes Vulnerabilities in Major Operating Systems
Anthropic's latest AI model, Claude Mythos Preview, has made a groundbreaking discovery, identifying vulnerabilities in every major operating system and web browser, sparking attention from intelligence agencies and a crucial debate on managing powerful tools. This revelation raises important questions about the dual role of AI in exposing and potentially enabling exploitation of critical software.