Danny Palmer
@dannyjpalmer@infosec.exchange  ·  activity timestamp 5 days ago

Security researchers from Palo Alto Networks' Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it's quite simple.

You just have to ensure that your prompt uses terrible grammar and is one massive run-on sentence like this one which includes all the information before any full stop which would give the guardrails a chance to kick in before the jailbreak can take effect and guide the model into providing a "toxic" or otherwise verboten response the developers had hoped would be filtered out.

https://www.theregister.com/2025/08/26/breaking_llms_for_fun/

#cybersecurity#AI
The DefendOps Diaries
@defendopsdiaries@infosec.exchange  ·  activity timestamp 4 days ago

Imagine ransomware that writes its own playbook on the fly. PromptLock is using AI to dodge detection and hit across every platform. How ready are we for cyber threats that constantly evolve?

https://thedefendopsdiaries.com/ai-powered-ransomware-the-rise-of-promptlock-and-its-implications/

#ai
#ransomware
#cybersecurity
#promptlock
#infosec
The DefendOps Diaries
@defendopsdiaries@infosec.exchange  ·  activity timestamp 4 days ago

Imagine ransomware that writes its own playbook on the fly. PromptLock is using AI to dodge detection and hit across every platform. How ready are we for cyber threats that constantly evolve?

https://thedefendopsdiaries.com/ai-powered-ransomware-the-rise-of-promptlock-and-its-implications/

#ai
#ransomware
#cybersecurity
#promptlock
#infosec
Miguel Afonso Caetano
@remixtures@tldr.nettime.org  ·  activity timestamp 4 days ago

"Members of the Department of Government Efficiency uploaded a copy of a crucial Social Security database in June to a vulnerable cloud server, putting the personal information of hundreds of millions of Americans at risk of being leaked or hacked, according to a whistle-blower complaint filed by the Social Security Administration’s chief data officer.

The database contains records of all Social Security numbers issued by the federal government. It includes individuals’ full names, addresses and birth dates, among other details that could be used to steal their identities, making it one of the nation’s most sensitive repositories of personal information.

The account by the whistle-blower, Charles Borges, underscores concerns that have led to lawsuits seeking to block young software engineers at the agency built by Elon Musk from having access to confidential government data. In his complaint, Mr. Borges said DOGE members copied the data to an internal agency server that only DOGE could access, forgoing the type of “independent security monitoring” normally required under agency policy for such sensitive data and creating “enormous vulnerabilities.”

Mr. Borges did not indicate that the database had been breached or used inappropriately.

But his disclosure stated that as of late June, “no verified audit or oversight mechanisms” existed to monitor what DOGE was using the data for or whether it was being shared outside the agency."

https://www.nytimes.com/2025/08/26/us/politics/doge-social-security-data.html

#USA#Trump#DOGE#Musk#SocialSecurity#Privacy#CyberSecurity#DataProtection
Miguel Afonso Caetano
@remixtures@tldr.nettime.org  ·  activity timestamp 4 days ago

"Members of the Department of Government Efficiency uploaded a copy of a crucial Social Security database in June to a vulnerable cloud server, putting the personal information of hundreds of millions of Americans at risk of being leaked or hacked, according to a whistle-blower complaint filed by the Social Security Administration’s chief data officer.

The database contains records of all Social Security numbers issued by the federal government. It includes individuals’ full names, addresses and birth dates, among other details that could be used to steal their identities, making it one of the nation’s most sensitive repositories of personal information.

The account by the whistle-blower, Charles Borges, underscores concerns that have led to lawsuits seeking to block young software engineers at the agency built by Elon Musk from having access to confidential government data. In his complaint, Mr. Borges said DOGE members copied the data to an internal agency server that only DOGE could access, forgoing the type of “independent security monitoring” normally required under agency policy for such sensitive data and creating “enormous vulnerabilities.”

Mr. Borges did not indicate that the database had been breached or used inappropriately.

But his disclosure stated that as of late June, “no verified audit or oversight mechanisms” existed to monitor what DOGE was using the data for or whether it was being shared outside the agency."

https://www.nytimes.com/2025/08/26/us/politics/doge-social-security-data.html

#USA#Trump#DOGE#Musk#SocialSecurity#Privacy#CyberSecurity#DataProtection
Danny Palmer
@dannyjpalmer@infosec.exchange  ·  activity timestamp 5 days ago

Security researchers from Palo Alto Networks' Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it's quite simple.

You just have to ensure that your prompt uses terrible grammar and is one massive run-on sentence like this one which includes all the information before any full stop which would give the guardrails a chance to kick in before the jailbreak can take effect and guide the model into providing a "toxic" or otherwise verboten response the developers had hoped would be filtered out.

https://www.theregister.com/2025/08/26/breaking_llms_for_fun/

#cybersecurity#AI
Chris Womack
@hollowoak@mastodon.social  ·  activity timestamp 5 days ago

It's a new Threat Model: #Cybersecurity, and @violetblue 's editorial on America's slide into authoritarian fascism is a must-read. So go do that, then share widely and send some support:
https://www.patreon.com/posts/137364702
#infosec #natsec

Header image for today's newsletter is a two-panel X Files meme. Top panel: Scully speaks with a witness in a trailer park, who is looking off to the side and gesturing: "you see, I've seen the future and the future looks just like him." Bottom panel: Mulder, in tie and trenchcoat, standing with hands on hips and one foot on the bottom step of a trailer, in a pose evocative of Washington crossing the Delaware: "Imagine going through your whole life looking like that"
Header image for today's newsletter is a two-panel X Files meme. Top panel: Scully speaks with a witness in a trailer park, who is looking off to the side and gesturing: "you see, I've seen the future and the future looks just like him." Bottom panel: Mulder, in tie and trenchcoat, standing with hands on hips and one foot on the bottom step of a trailer, in a pose evocative of Washington crossing the Delaware: "Imagine going through your whole life looking like that"
Header image for today's newsletter is a two-panel X Files meme. Top panel: Scully speaks with a witness in a trailer park, who is looking off to the side and gesturing: "you see, I've seen the future and the future looks just like him." Bottom panel: Mulder, in tie and trenchcoat, standing with hands on hips and one foot on the bottom step of a trailer, in a pose evocative of Washington crossing the Delaware: "Imagine going through your whole life looking like that"
Threat Model Cybersecurity: August 26, 2025 This week: FTC warns Big Tech companies not to backdoor encryption for other countries, six password managers are vulnerable to a clickjacking attack, manipulating AI-generated text summaries into spewing malware commands, teen faces trial for selling boyfriend to a telecom fraud compound, US border phone searches at record high, the COVID-Conscious Therapist Directory has been updated, everyone’s noticing US media blatantly ignoring America’s new status as  an authoritarian and fascist nation-state, and more. Threat Model is a free, reader-supported publication. Keep the news without paywalls flowing by becoming a patron. If you find value here, you can also donate via Venmo, Cashapp, or PayPal. Charge your batteries with The Covid Safety Handbook, How To Be A Digital Revolutionary, or A Fish Has No Word For Water. 
Threat Model Cybersecurity: August 26, 2025 This week: FTC warns Big Tech companies not to backdoor encryption for other countries, six password managers are vulnerable to a clickjacking attack, manipulating AI-generated text summaries into spewing malware commands, teen faces trial for selling boyfriend to a telecom fraud compound, US border phone searches at record high, the COVID-Conscious Therapist Directory has been updated, everyone’s noticing US media blatantly ignoring America’s new status as  an authoritarian and fascist nation-state, and more. Threat Model is a free, reader-supported publication. Keep the news without paywalls flowing by becoming a patron. If you find value here, you can also donate via Venmo, Cashapp, or PayPal. Charge your batteries with The Covid Safety Handbook, How To Be A Digital Revolutionary, or A Fish Has No Word For Water. 
Threat Model Cybersecurity: August 26, 2025 This week: FTC warns Big Tech companies not to backdoor encryption for other countries, six password managers are vulnerable to a clickjacking attack, manipulating AI-generated text summaries into spewing malware commands, teen faces trial for selling boyfriend to a telecom fraud compound, US border phone searches at record high, the COVID-Conscious Therapist Directory has been updated, everyone’s noticing US media blatantly ignoring America’s new status as  an authoritarian and fascist nation-state, and more. Threat Model is a free, reader-supported publication. Keep the news without paywalls flowing by becoming a patron. If you find value here, you can also donate via Venmo, Cashapp, or PayPal. Charge your batteries with The Covid Safety Handbook, How To Be A Digital Revolutionary, or A Fish Has No Word For Water. 
Chris Womack
@hollowoak@mastodon.social  ·  activity timestamp 5 days ago

It's a new Threat Model: #Cybersecurity, and @violetblue 's editorial on America's slide into authoritarian fascism is a must-read. So go do that, then share widely and send some support:
https://www.patreon.com/posts/137364702
#infosec #natsec

Header image for today's newsletter is a two-panel X Files meme. Top panel: Scully speaks with a witness in a trailer park, who is looking off to the side and gesturing: "you see, I've seen the future and the future looks just like him." Bottom panel: Mulder, in tie and trenchcoat, standing with hands on hips and one foot on the bottom step of a trailer, in a pose evocative of Washington crossing the Delaware: "Imagine going through your whole life looking like that"
Header image for today's newsletter is a two-panel X Files meme. Top panel: Scully speaks with a witness in a trailer park, who is looking off to the side and gesturing: "you see, I've seen the future and the future looks just like him." Bottom panel: Mulder, in tie and trenchcoat, standing with hands on hips and one foot on the bottom step of a trailer, in a pose evocative of Washington crossing the Delaware: "Imagine going through your whole life looking like that"
Header image for today's newsletter is a two-panel X Files meme. Top panel: Scully speaks with a witness in a trailer park, who is looking off to the side and gesturing: "you see, I've seen the future and the future looks just like him." Bottom panel: Mulder, in tie and trenchcoat, standing with hands on hips and one foot on the bottom step of a trailer, in a pose evocative of Washington crossing the Delaware: "Imagine going through your whole life looking like that"
Threat Model Cybersecurity: August 26, 2025 This week: FTC warns Big Tech companies not to backdoor encryption for other countries, six password managers are vulnerable to a clickjacking attack, manipulating AI-generated text summaries into spewing malware commands, teen faces trial for selling boyfriend to a telecom fraud compound, US border phone searches at record high, the COVID-Conscious Therapist Directory has been updated, everyone’s noticing US media blatantly ignoring America’s new status as  an authoritarian and fascist nation-state, and more. Threat Model is a free, reader-supported publication. Keep the news without paywalls flowing by becoming a patron. If you find value here, you can also donate via Venmo, Cashapp, or PayPal. Charge your batteries with The Covid Safety Handbook, How To Be A Digital Revolutionary, or A Fish Has No Word For Water. 
Threat Model Cybersecurity: August 26, 2025 This week: FTC warns Big Tech companies not to backdoor encryption for other countries, six password managers are vulnerable to a clickjacking attack, manipulating AI-generated text summaries into spewing malware commands, teen faces trial for selling boyfriend to a telecom fraud compound, US border phone searches at record high, the COVID-Conscious Therapist Directory has been updated, everyone’s noticing US media blatantly ignoring America’s new status as  an authoritarian and fascist nation-state, and more. Threat Model is a free, reader-supported publication. Keep the news without paywalls flowing by becoming a patron. If you find value here, you can also donate via Venmo, Cashapp, or PayPal. Charge your batteries with The Covid Safety Handbook, How To Be A Digital Revolutionary, or A Fish Has No Word For Water. 
Threat Model Cybersecurity: August 26, 2025 This week: FTC warns Big Tech companies not to backdoor encryption for other countries, six password managers are vulnerable to a clickjacking attack, manipulating AI-generated text summaries into spewing malware commands, teen faces trial for selling boyfriend to a telecom fraud compound, US border phone searches at record high, the COVID-Conscious Therapist Directory has been updated, everyone’s noticing US media blatantly ignoring America’s new status as  an authoritarian and fascist nation-state, and more. Threat Model is a free, reader-supported publication. Keep the news without paywalls flowing by becoming a patron. If you find value here, you can also donate via Venmo, Cashapp, or PayPal. Charge your batteries with The Covid Safety Handbook, How To Be A Digital Revolutionary, or A Fish Has No Word For Water. 
activity timestamp 5 days ago

🆕 blog! “Security Flaws in the WebMonetization Site”

I've written before about the nascent WebMonetization Standard. It is a proposal which allows websites to ask users for passive payments when they visit. A visitor to this site could, if this standard is widely adopted, opt to send me cash for my very fine blog…

👀 Read more: https://shkspr.mobi/blog/2025/08/security-flaws-in-the-webmonetization-site/

#BugBounty#CyberSecurity#ResponsibleDisclosure#WebMonetization #xss
Terence Eden
@Edent@mastodon.social  ·  activity timestamp 5 days ago

🆕 blog! “Security Flaws in the WebMonetization Site”

I've written before about the nascent WebMonetization Standard. It is a proposal which allows websites to ask users for passive payments when they visit. A visitor to this site could, if this standard is widely adopted, opt to send me cash for my very fine blog…

👀 Read more: https://shkspr.mobi/blog/2025/08/security-flaws-in-the-webmonetization-site/

#BugBounty#CyberSecurity#ResponsibleDisclosure#WebMonetization #xss
jfmblinux :jeditux:
@jfmblinux@mastodon.jfmblinux.fr  ·  activity timestamp 6 days ago

🇫🇷
#Codeberg sous l’assaut de robots #IA : Le système de défense #Anubis contourné.

Le 15 août 2025, The Register a révélé que Codeberg, une plateforme d’hébergement de code axée sur la gratuité et l’open source, se trouve confrontée à un problème croissant : une prolifération de robots alimentés par l’intelligence artificielle (IA). Ces robots parviennent désormais à déjouer les mesures de sécurité mises en place par Codeberg, notamment son système de défense surnommé « Anubis ».

https://fr.itb.co.jp/2025/08/19/codeberg-sous-lassaut-de-robots-ia-le-systeme-de-defense-anubis-contournethe-register/

🇬🇧
Codeberg beset by AI bots that now bypass Anubis tarpit

Codeberg, a Berlin-based code hosting community, is struggling to cope with a deluge of AI bots that can now bypass previously effective defenses.

In a series of posts to the Mastodon social network on Friday, Codeberg volunteer staff said AI crawlers are no longer being kept at bay by Anubis, an AI bot tarpit.

"It seems like the #AI crawlers learned how to solve the Anubis challenges," the Codeberg account said.

#Anubis #OpenSource#CyberSecurity#Security#InfoSec#IA#NoAI#Technology

🇫🇷 #Codeberg sous l’assaut de robots #IA : Le système de défense #Anubis contourné. Le 15 août 2025, The Register a révélé que Codeberg, une plateforme d’hébergement de code axée sur la gratuité et l’open source, se trouve confrontée à un problème croissant : une prolifération de robots alimentés par l’intelligence artificielle (IA). Ces robots parviennent désormais à déjouer les mesures de sécurité mises en place par Codeberg, notamment son système de défense surnommé « Anubis ». https://fr.itb.co.jp/2025/08/19/codeberg-sous-lassaut-de-robots-ia-le-systeme-de-defense-anubis-contournethe-register/ 🇬🇧 Codeberg beset by AI bots that now bypass Anubis tarpit Codeberg, a Berlin-based code hosting community, is struggling to cope with a deluge of AI bots that can now bypass previously effective defenses. In a series of posts to the Mastodon social network on Friday, Codeberg volunteer staff said AI crawlers are no longer being kept at bay by Anubis, an AI bot tarpit. "It seems like the #AI crawlers learned how to solve the Anubis challenges," the Codeberg account said. #Anubis #OpenSource #CyberSecurity #Security #InfoSec #IA #NoAI #Technology
🇫🇷 #Codeberg sous l’assaut de robots #IA : Le système de défense #Anubis contourné. Le 15 août 2025, The Register a révélé que Codeberg, une plateforme d’hébergement de code axée sur la gratuité et l’open source, se trouve confrontée à un problème croissant : une prolifération de robots alimentés par l’intelligence artificielle (IA). Ces robots parviennent désormais à déjouer les mesures de sécurité mises en place par Codeberg, notamment son système de défense surnommé « Anubis ». https://fr.itb.co.jp/2025/08/19/codeberg-sous-lassaut-de-robots-ia-le-systeme-de-defense-anubis-contournethe-register/ 🇬🇧 Codeberg beset by AI bots that now bypass Anubis tarpit Codeberg, a Berlin-based code hosting community, is struggling to cope with a deluge of AI bots that can now bypass previously effective defenses. In a series of posts to the Mastodon social network on Friday, Codeberg volunteer staff said AI crawlers are no longer being kept at bay by Anubis, an AI bot tarpit. "It seems like the #AI crawlers learned how to solve the Anubis challenges," the Codeberg account said. #Anubis #OpenSource #CyberSecurity #Security #InfoSec #IA #NoAI #Technology
🇫🇷 #Codeberg sous l’assaut de robots #IA : Le système de défense #Anubis contourné. Le 15 août 2025, The Register a révélé que Codeberg, une plateforme d’hébergement de code axée sur la gratuité et l’open source, se trouve confrontée à un problème croissant : une prolifération de robots alimentés par l’intelligence artificielle (IA). Ces robots parviennent désormais à déjouer les mesures de sécurité mises en place par Codeberg, notamment son système de défense surnommé « Anubis ». https://fr.itb.co.jp/2025/08/19/codeberg-sous-lassaut-de-robots-ia-le-systeme-de-defense-anubis-contournethe-register/ 🇬🇧 Codeberg beset by AI bots that now bypass Anubis tarpit Codeberg, a Berlin-based code hosting community, is struggling to cope with a deluge of AI bots that can now bypass previously effective defenses. In a series of posts to the Mastodon social network on Friday, Codeberg volunteer staff said AI crawlers are no longer being kept at bay by Anubis, an AI bot tarpit. "It seems like the #AI crawlers learned how to solve the Anubis challenges," the Codeberg account said. #Anubis #OpenSource #CyberSecurity #Security #InfoSec #IA #NoAI #Technology
jfmblinux :jeditux:
@jfmblinux@mastodon.jfmblinux.fr  ·  activity timestamp 6 days ago

🇫🇷
#Codeberg sous l’assaut de robots #IA : Le système de défense #Anubis contourné.

Le 15 août 2025, The Register a révélé que Codeberg, une plateforme d’hébergement de code axée sur la gratuité et l’open source, se trouve confrontée à un problème croissant : une prolifération de robots alimentés par l’intelligence artificielle (IA). Ces robots parviennent désormais à déjouer les mesures de sécurité mises en place par Codeberg, notamment son système de défense surnommé « Anubis ».

https://fr.itb.co.jp/2025/08/19/codeberg-sous-lassaut-de-robots-ia-le-systeme-de-defense-anubis-contournethe-register/

🇬🇧
Codeberg beset by AI bots that now bypass Anubis tarpit

Codeberg, a Berlin-based code hosting community, is struggling to cope with a deluge of AI bots that can now bypass previously effective defenses.

In a series of posts to the Mastodon social network on Friday, Codeberg volunteer staff said AI crawlers are no longer being kept at bay by Anubis, an AI bot tarpit.

"It seems like the #AI crawlers learned how to solve the Anubis challenges," the Codeberg account said.

#Anubis #OpenSource#CyberSecurity#Security#InfoSec#IA#NoAI#Technology

🇫🇷 #Codeberg sous l’assaut de robots #IA : Le système de défense #Anubis contourné. Le 15 août 2025, The Register a révélé que Codeberg, une plateforme d’hébergement de code axée sur la gratuité et l’open source, se trouve confrontée à un problème croissant : une prolifération de robots alimentés par l’intelligence artificielle (IA). Ces robots parviennent désormais à déjouer les mesures de sécurité mises en place par Codeberg, notamment son système de défense surnommé « Anubis ». https://fr.itb.co.jp/2025/08/19/codeberg-sous-lassaut-de-robots-ia-le-systeme-de-defense-anubis-contournethe-register/ 🇬🇧 Codeberg beset by AI bots that now bypass Anubis tarpit Codeberg, a Berlin-based code hosting community, is struggling to cope with a deluge of AI bots that can now bypass previously effective defenses. In a series of posts to the Mastodon social network on Friday, Codeberg volunteer staff said AI crawlers are no longer being kept at bay by Anubis, an AI bot tarpit. "It seems like the #AI crawlers learned how to solve the Anubis challenges," the Codeberg account said. #Anubis #OpenSource #CyberSecurity #Security #InfoSec #IA #NoAI #Technology
🇫🇷 #Codeberg sous l’assaut de robots #IA : Le système de défense #Anubis contourné. Le 15 août 2025, The Register a révélé que Codeberg, une plateforme d’hébergement de code axée sur la gratuité et l’open source, se trouve confrontée à un problème croissant : une prolifération de robots alimentés par l’intelligence artificielle (IA). Ces robots parviennent désormais à déjouer les mesures de sécurité mises en place par Codeberg, notamment son système de défense surnommé « Anubis ». https://fr.itb.co.jp/2025/08/19/codeberg-sous-lassaut-de-robots-ia-le-systeme-de-defense-anubis-contournethe-register/ 🇬🇧 Codeberg beset by AI bots that now bypass Anubis tarpit Codeberg, a Berlin-based code hosting community, is struggling to cope with a deluge of AI bots that can now bypass previously effective defenses. In a series of posts to the Mastodon social network on Friday, Codeberg volunteer staff said AI crawlers are no longer being kept at bay by Anubis, an AI bot tarpit. "It seems like the #AI crawlers learned how to solve the Anubis challenges," the Codeberg account said. #Anubis #OpenSource #CyberSecurity #Security #InfoSec #IA #NoAI #Technology
🇫🇷 #Codeberg sous l’assaut de robots #IA : Le système de défense #Anubis contourné. Le 15 août 2025, The Register a révélé que Codeberg, une plateforme d’hébergement de code axée sur la gratuité et l’open source, se trouve confrontée à un problème croissant : une prolifération de robots alimentés par l’intelligence artificielle (IA). Ces robots parviennent désormais à déjouer les mesures de sécurité mises en place par Codeberg, notamment son système de défense surnommé « Anubis ». https://fr.itb.co.jp/2025/08/19/codeberg-sous-lassaut-de-robots-ia-le-systeme-de-defense-anubis-contournethe-register/ 🇬🇧 Codeberg beset by AI bots that now bypass Anubis tarpit Codeberg, a Berlin-based code hosting community, is struggling to cope with a deluge of AI bots that can now bypass previously effective defenses. In a series of posts to the Mastodon social network on Friday, Codeberg volunteer staff said AI crawlers are no longer being kept at bay by Anubis, an AI bot tarpit. "It seems like the #AI crawlers learned how to solve the Anubis challenges," the Codeberg account said. #Anubis #OpenSource #CyberSecurity #Security #InfoSec #IA #NoAI #Technology