Tag: LLM

Copy-paste vulnerability hits AI inference frameworks at Meta, Nvidia, and Microsoft

Nov 14, 2025 1:49 PM

Tags: ai, authentication, cloud, data, data-breach, exploit, framework, google, infrastructure, Internet, linkedin, LLM, microsoft, nvidia, oracle, risk, vulnerability

Why this matters for AI infrastructure: The vulnerable inference servers form the backbone of many enterprise-grade AI stacks, processing sensitive prompts, model weights, and customer data. Oligo reported identifying thousands of exposed ZeroMQ sockets on the public internet, some tied to these inference clusters.If exploited, an attacker could execute arbitrary code on GPU clusters, escalate…
Copy-paste vulnerability hits AI inference frameworks at Meta, Nvidia, and Microsoft

Nov 14, 2025 1:49 PM

Tags: ai, authentication, cloud, data, data-breach, exploit, framework, google, infrastructure, Internet, linkedin, LLM, microsoft, nvidia, oracle, risk, vulnerability

Why this matters for AI infrastructure: The vulnerable inference servers form the backbone of many enterprise-grade AI stacks, processing sensitive prompts, model weights, and customer data. Oligo reported identifying thousands of exposed ZeroMQ sockets on the public internet, some tied to these inference clusters.If exploited, an attacker could execute arbitrary code on GPU clusters, escalate…
Security Degradation in AI-Generated Code: A Threat Vector CISOs Can’t Ignore

Nov 14, 2025 11:49 AM

Tags: ai, ciso, LLM, risk, threat, vulnerability

A new study shows LLMs introduce more vulnerabilities with each code iteration, highlighting critical risks for CISOs and the need for skilled human oversight. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/security-degradation-in-ai-generated-code-a-threat-vector-cisos-cant-ignore/
Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs

Nov 14, 2025 11:49 AM

Tags: ai, attack, bsi, germany, LLM, threat

Germany’s BSI warns of rising evasion attacks on LLMs, issuing guidance to help developers and IT managers secure AI systems. Germany’s BSI warns of rising evasion attacks on LLMs, issuing guidance to help developers and IT managers secure AI systems and mitigate related risks. A significant and evolving threat to AI systems based on large…
Security Degradation in AI-Generated Code: A Threat Vector CISOs Can’t Ignore

Nov 14, 2025 11:49 AM

Tags: ai, ciso, LLM, risk, threat, vulnerability

A new study shows LLMs introduce more vulnerabilities with each code iteration, highlighting critical risks for CISOs and the need for skilled human oversight. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/security-degradation-in-ai-generated-code-a-threat-vector-cisos-cant-ignore/
Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs

Nov 14, 2025 11:49 AM

Tags: ai, attack, bsi, germany, LLM, threat

Germany’s BSI warns of rising evasion attacks on LLMs, issuing guidance to help developers and IT managers secure AI systems. Germany’s BSI warns of rising evasion attacks on LLMs, issuing guidance to help developers and IT managers secure AI systems and mitigate related risks. A significant and evolving threat to AI systems based on large…
Survey Surfaces Sharp Rise in Cybersecurity Incidents Involving AI

Nov 12, 2025 8:49 PM

Tags: ai, cyberattack, cybersecurity, injection, intelligence, LLM, vulnerability

A survey of 500 security practitioners and decision-makers across the United States and Europe published today finds cyberattacks aimed at artificial intelligence (AI) applications are rising, with prompt injections involving large language models (LLMs) at the top of the list (76%), followed by vulnerable LLM code (66%) and LLM jailbreaking (65%). Conducted by Traceable by..…
Wie ChatGPT sich selbst eine Prompt Injection zufügt

Nov 12, 2025 6:49 PM

Tags: access, ai, chatgpt, cyberattack, endpoint, injection, Internet, LLM, microsoft, openai, tool, vulnerability

Forscher haben neue Methoden für Angriffe über ChatGPT aufgedeckt.Forscher des Sicherheitsunternehmens Tenable haben sieben neue Möglichkeiten entdeckt, wie Angreifer ChatGPT dazu bringen können, private Informationen aus den Chat-Verläufen der Nutzer preiszugeben. Bei den meisten dieser Angriffe handelt es sich um indirekte Prompt Injections, die die Standard-Tools und -funktionen von ChatGPT ausnutzen. Etwa die Fähigkeit, den…
AI-Sicherheit: Fast alle LLMs leaken private API-Keys auf Github; ChatGPT hat Schwachstellen

Nov 12, 2025 6:49 PM

Tags: ai, api, chatgpt, Internet, LLM, vulnerability

AI bzw. der Gebrauch von Sprachmodellen (LLMs) wie ChatGPT ist ja Dauerthema angeblich so wichtig wie geschnitten Brot. Insidern ist klar, dass diese Technologie die größte Gefahr für Daten-und Unternehmenssicherheit seit Einführung des Internet ist. Mir sind zwei Informationssplitter … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/12/ai-llms-die-grossen-leaker-der-zukunft/
Faster Than Real-Time: Why Your Security Fails and What to Do Next

Nov 11, 2025 5:19 AM

Tags: access, ai, apple, attack, breach, business, ceo, cio, cloud, control, cybersecurity, data, defense, detection, dns, endpoint, fintech, framework, identity, infrastructure, Internet, iot, jobs, LLM, malware, network, nist, privacy, resilience, siem, soc, technology, threat, tool, vpn, zero-day, zero-trust

“Security systems fail. When it fails, what do you do?” This critical question from Spire Connect’s Pankaj Sharma set the stage at Gitex 2025 for a conversation with Francois Driessen, the “Human Ambassador” of ADAMnetworks. His core message is blunt: in cybersecurity, even real-time is not fast enough. By the time a threat is detected,…
Faster Than Real-Time: Why Your Security Fails and What to Do Next

Nov 11, 2025 5:19 AM

Tags: access, ai, apple, attack, breach, business, ceo, cio, cloud, control, cybersecurity, data, defense, detection, dns, endpoint, fintech, framework, identity, infrastructure, Internet, iot, jobs, LLM, malware, network, nist, privacy, resilience, siem, soc, technology, threat, tool, vpn, zero-day, zero-trust

“Security systems fail. When it fails, what do you do?” This critical question from Spire Connect’s Pankaj Sharma set the stage at Gitex 2025 for a conversation with Francois Driessen, the “Human Ambassador” of ADAMnetworks. His core message is blunt: in cybersecurity, even real-time is not fast enough. By the time a threat is detected,…
LLM side-channel attack could allow snoops to guess what you’re talking about

Nov 11, 2025 1:20 AM

Tags: attack, encryption, LLM, side-channel

Encryption protects content, not context First seen on theregister.com Jump to article: www.theregister.com/2025/11/11/llm_sidechannel_attack_microsoft_researcher/
China-Aligned UTA0388 Uses AI Tools in Global Phishing Campaigns

Nov 10, 2025 5:20 PM

Tags: ai, china, LLM, phishing, spear-phishing, tactics, tool

Volexity has linked spear phishing operations to China-aligned UTA0388 in new campaigns using advanced tactics and LLMs First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/china-aligned-uta0388-ai-tools/
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations

Nov 10, 2025 2:19 PM

Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpn

Inside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations

Nov 10, 2025 2:19 PM

Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpn

Inside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations

Nov 10, 2025 2:19 PM

Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpn

Inside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations

Nov 10, 2025 2:19 PM

Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpn

Inside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
Researchers trick ChatGPT into prompt injecting itself

Nov 10, 2025 11:22 AM

Tags: attack, chatgpt, data, endpoint, injection, leak, LLM, malicious, monitoring, openai, phishing, unauthorized, vulnerability

Conversation injection and stealthy data exfiltration: Because ChatGPT receives output from SearchGPT after the search model processes content, Tenable’s researchers wondered what would happen if SearchGPT’s response itself contained a prompt injection. In other words, could they use a website to inject a prompt that instructs SearchGPT to inject a different prompt into ChatGPT, effectively…
Microsoft findet Seitenkanalangriff Whisper-Leak in LLMs

Nov 9, 2025 2:19 PM

Tags: ai, leak, LLM, microsoft

Sicherheitsforscher haben eine neue Whisper-Leaks genannte Methode entdeckt, um einen Seitenkanalangriff auf die Kommunikation mit Sprachmodellen im Streaming-Modus durchzuführen. Durch geschicktes Ausnutzung von Netzwerkpaketgrößen und -timings könnten Informationen abgezogen werden. Mit der KI-Welle werden immer häufiger große Sprachmodelle (LLMs), KI-gestützte … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/09/microsoft-findet-seitenkanalangriff-whisper-leak-in-llms/
AI benchmarks are a bad joke and LLM makers are the ones laughing

Nov 8, 2025 9:19 PM

Tags: ai, LLM

Study finds many tests don’t measure the right things First seen on theregister.com Jump to article: www.theregister.com/2025/11/07/measuring_ai_models_hampered_by/
LLM08: Vector Embedding Weaknesses FireTail Blog

Nov 8, 2025 5:20 AM

Tags: access, ai, attack, authentication, control, cyber, data, governance, injection, leak, LLM, risk, unauthorized, vulnerability

Nov 07, 2025 – – In 2025, with the rise of AI, we’ve seen a parallel rise in cyber risks. The OWASP Top 10 for LLM helps us categorize and understand the biggest risks we are seeing in today’s landscape. In previous blogs, we’ve gone over risks 1-7. Today, we’re covering #8: Vector and Embedding…
NDSS 2025 YuraScanner: Leveraging LLMs For Task-driven Web App Scanning4+

Nov 7, 2025 7:20 PM

Tags: attack, conference, detection, LLM, network, tool, vulnerability, xss, zero-day

SESSION Session 2B: Web Security Authors, Creators & Presenters: Aleksei Stafeev (CISPA Helmholtz Center for Information Security), Tim Recktenwald (CISPA Helmholtz Center for Information Security), Gianluca De Stefano (CISPA Helmholtz Center for Information Security), Soheil Khodayari (CISPA Helmholtz Center for Information Security), Glancarlo Pellegrino (CISPA Helmholtz Center for Information Security) PAPER YuraScanner: Leveraging LLMs for…
NDSS 2025 YuraScanner: Leveraging LLMs For Task-driven Web App Scanning4+

Nov 7, 2025 7:20 PM

Tags: attack, conference, detection, LLM, network, tool, vulnerability, xss, zero-day

SESSION Session 2B: Web Security Authors, Creators & Presenters: Aleksei Stafeev (CISPA Helmholtz Center for Information Security), Tim Recktenwald (CISPA Helmholtz Center for Information Security), Gianluca De Stefano (CISPA Helmholtz Center for Information Security), Soheil Khodayari (CISPA Helmholtz Center for Information Security), Glancarlo Pellegrino (CISPA Helmholtz Center for Information Security) PAPER YuraScanner: Leveraging LLMs for…
NDSS 2025 YuraScanner: Leveraging LLMs For Task-driven Web App Scanning4+

Nov 7, 2025 7:20 PM

Tags: attack, conference, detection, LLM, network, tool, vulnerability, xss, zero-day

SESSION Session 2B: Web Security Authors, Creators & Presenters: Aleksei Stafeev (CISPA Helmholtz Center for Information Security), Tim Recktenwald (CISPA Helmholtz Center for Information Security), Gianluca De Stefano (CISPA Helmholtz Center for Information Security), Soheil Khodayari (CISPA Helmholtz Center for Information Security), Glancarlo Pellegrino (CISPA Helmholtz Center for Information Security) PAPER YuraScanner: Leveraging LLMs for…
Popular LLMs dangerously vulnerable to iterative attacks, says Cisco

Nov 7, 2025 5:19 PM

Tags: ai, attack, cisco, cyber, LLM, vulnerability

Cisco researchers probed some of the most widely used public GenAI LLMs and found many of them were dangerously susceptible to so-called multi-turn cyber attacks producing undesirable outputs First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366634292/Popular-LLMs-dangerously-vulnerable-to-iterative-attacks-says-Cisco
Popular LLMs dangerously vulnerable to iterative attacks, says Cisco

Nov 7, 2025 5:19 PM

Tags: ai, attack, cisco, cyber, LLM, vulnerability

Cisco researchers probed some of the most widely used public GenAI LLMs and found many of them were dangerously susceptible to so-called multi-turn cyber attacks producing undesirable outputs First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366634292/Popular-LLMs-dangerously-vulnerable-to-iterative-attacks-says-Cisco
KI-Malware ist keine Theorie mehr

Nov 7, 2025 2:20 PM

Tags: access, ai, antivirus, api, control, cyberattack, cybercrime, cybersecurity, data, exploit, github, google, group, hacker, intelligence, LLM, malware, ransomware, RedTeam, service, skills, social-engineering, software, threat, tool, vulnerability

KI boomt auch unter Cyberkriminellen. Die ersten operativen Ergebnisse dieses Trends beleuchten Google-Sicherheitsforscher in einem aktuellen Report.Was lange befürchtet und vermutet wurde, will die Google Threat Intelligence Group (GTIG) nun im Rahmen einer aktuellen Untersuchung belegen: Cyberkriminelle nutzen KI im Rahmen ihrer Malware-Angriffskampagnen. Aber längst nicht mehr nur für Vibe-Coding-Zwecke oder zur technischen Unterstützung. Wie…
KI-Malware ist keine Theorie mehr

Nov 7, 2025 2:20 PM

Tags: access, ai, antivirus, api, control, cyberattack, cybercrime, cybersecurity, data, exploit, github, google, group, hacker, intelligence, LLM, malware, ransomware, RedTeam, service, skills, social-engineering, software, threat, tool, vulnerability

KI boomt auch unter Cyberkriminellen. Die ersten operativen Ergebnisse dieses Trends beleuchten Google-Sicherheitsforscher in einem aktuellen Report.Was lange befürchtet und vermutet wurde, will die Google Threat Intelligence Group (GTIG) nun im Rahmen einer aktuellen Untersuchung belegen: Cyberkriminelle nutzen KI im Rahmen ihrer Malware-Angriffskampagnen. Aber längst nicht mehr nur für Vibe-Coding-Zwecke oder zur technischen Unterstützung. Wie…
Google researchers detect first operational use of LLMs in active malware campaigns

Nov 7, 2025 2:20 PM

Tags: ai, api, attack, cybercrime, cybersecurity, encryption, exploit, finance, google, group, iran, LLM, malware, marketplace, phishing, RedTeam, service, skills, social-engineering, threat, tool, vulnerability

Using social engineering against LLMs: Additionally, GTIG found that attackers are increasingly using “social engineering-like pretexts” in their prompts to get around LLM safeguards. Notably, they have posed as participants in a “capture-the-flag” (CTF) gamified cybersecurity competition, persuading Gemini to give up information it would otherwise refuse to reveal. In one interaction, for instance, an attacker…
Google researchers detect first operational use of LLMs in active malware campaigns

Nov 7, 2025 2:20 PM

Tags: ai, api, attack, cybercrime, cybersecurity, encryption, exploit, finance, google, group, iran, LLM, malware, marketplace, phishing, RedTeam, service, skills, social-engineering, threat, tool, vulnerability

Using social engineering against LLMs: Additionally, GTIG found that attackers are increasingly using “social engineering-like pretexts” in their prompts to get around LLM safeguards. Notably, they have posed as participants in a “capture-the-flag” (CTF) gamified cybersecurity competition, persuading Gemini to give up information it would otherwise refuse to reveal. In one interaction, for instance, an attacker…