Researchers Uncover Simple Technique to Extract ChatGPT Training Data
Apparently all it takes to get a chatbot to start spilling its secrets is prompting it to repeat certain words like "poem" forever.
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
Apparently all it takes to get a chatbot to start spilling its secrets is prompting it to repeat certain words like "poem" forever.
Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits. [...]
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits. [...]
The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem.
Researchers identify scores of cryptocurrency payments
Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. [...]
New research has found that AI is significantly more accurate than traditional techniques at detecting malicious malware
Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle (MitM) attacks. [...]
Anyscale has dismissed the vulnerabilities as non-issues, according to researchers who reported the bugs to the company.
Lazarus and its cohorts are switching loaders and other code between RustBucket and KandyKorn macOS malware to fool victims and researchers.
Google says the issue has to do with organizations ensuring they implement least-privilege principles.
Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges
Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access file
Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies.
IoT Hackers Could Inject Data to Fool 'Smart' Farmers and Vets About Animal WelfareNot even dairy cows appear to be safe from internet of things flaws, researchers report after reverse-engineering health-monitoring collars for cows and finding they could eavesdrop on and alter data. Once addressed by the manufacturer, they said the non-updateable collars would have to be replaced.
Weapons systems data, AI research, and other classified information may be up for sale, not to mention access to other government agencies.