🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

wiki.offsecml.com has some shiny new things; - Biagio Montaruli's adversarial phishing page generator - workarounds for Tensorflow and Keras model execution thanks Mary Walker & faceteep - hidden unicode attacks for LLMs Joseph Thacker Riley Goodside -Vishing techinques

🔴 Freshly published in Science Advances the new bible of anonymisation, its many sins and potential for redemption! With Andrea Gadotti Florimond Houssiau Ana-Maria Cretu Yves-A. de Montjoye science.org/doi/10.1126/sc…

PSA: don't go mindlessly downloading miqu from the magnet link yet or you WILL be vulnerable to remote code execution attacks

Absolutely stunned by this: @XBOW went head to head against experienced pentesters (one with 20 years in the field!) and solved as many challenges as the best human (88/104, 85%). I thought this moment was years away.

🚨Google AI Studio continues to struggle with data exfiltration vulnerabilities ⚠️ This demo shows silent data exfiltration of employee feedback and performance reviews through prompt injection in one of the feedback entries. The POC triggers data exfiltration via rendering

What's really going on in machine learning? Just finished a deep dive using (new) minimal models. Seems like ML is basically about fitting together lumps of computational irreducibility ... with important potential implications for science of ML, and future tech...

We are now making our validation benchmarks public! We invite you to test your skills or systems against them and share your results with us. Read more in our blog post: xbow.com/blog/benchmark…

Incredible work by the XBOW team, and its only been 5 months..

Are you using AI agents or LLMs for hacking or in your cybersecurity work? Going to 38c3? I would love to chat! I'll be at ccc all week for my research : ) DMs open

🛰️🌊🧊📊

This is an IMPRESSIVELY good pdf password dictionary brute forcer, got a password in literally milliseconds, if you're doing recon this is 👌 github.com/mufeedvh/pdfrip

Announcing our latest attack technique, "Policy Puppetry" - a single, transferable prompt blending structured policy & roleplay that bypasses alignment in frontier AI models. Game-changing for red-teaming! #AI #GenAI #RedTeam #CyberSecurity hiddenlayer.com/innovation-hub…

Its not just the AI models that are a security nightmare, its the whole stack that comes with it (& that keeps changing)

Another nice 0day found autonomously by XBOW :D

🔥 New blog post: AI ClickFix! Explores how classic ClickFix social engineering attacks can target AI agents, like Claude Computer-Use. Learn what ClickFix is, how it works in detail, and see a working proof-of-concept. Scary stuff. 👇

Introducing AIRTBench, an AI red teaming benchmark for evaluating language models’ ability to autonomously discover and exploit AI/ML security vulnerabilities. Read the paper on arXiv: arxiv.org/abs/2506.14682 Open-source dataset and benchmark eval code repo:

For the first time in history, the #1 hacker in the US is an AI. (1/8)

I will buckle down to work as soon as I finish reading the Internet.