Vulnerabilities in AI Agents
LLMs are becoming increasingly accessible to everyone. It is very easy to create your own LLM system, however like with any new technology, they are challenging to secure. Many AI systems are vulnerable [...]
LLMs are becoming increasingly accessible to everyone. It is very easy to create your own LLM system, however like with any new technology, they are challenging to secure. Many AI systems are vulnerable [...]
Qiling is an emulation framework that builds upon the Unicorn emulator by providing higher level functionality such as support for dynamic library loading, syscall interception and more. In this Labs post, we are [...]
The Cisco C195 is a Cisco Email Security Appliance device. Its role is to act as an SMTP gateway on your network perimeter. This device (and the full range of appliance devices) is [...]
Artificial Intelligence (AI) has been making significant strides in recent years, with advancements in machine learning and deep learning techniques. However, as AI systems become more complex and powerful, ensuring their safety becomes [...]
This article provides a technical analysis of CVE-2024-31497, a vulnerability in PuTTY discovered by Fabian Bäumer and Marcus Brinkmann of the Ruhr University Bochum. PuTTY, a popular Windows SSH client, contains a flaw [...]
Today, we are releasing a new tool called SharpConflux, a .NET application built to facilitate Confluence exploration. It allows Red Team operators to easily investigate Confluence instances with the goal of finding credential [...]
CVE-2024-25153, a critical Unsafe File Upload and Directory Traversal vulnerability in Fortra FileCatalyst, allows a remote unauthenticated attacker to gain Remote Code Execution (RCE) on the web server. This affects Fortra FileCatalyst Workflow [...]
Silencing the Collective Groan Security headers. Everyone’s encountered them. Security testers find them on every web application test, and it can be tedious work identifying these weaknesses that usually have low impact and [...]
BloreBank Chatbot is a prompt injection game where you try to trick the AI into giving away sensitive information. With 10 levels, each one adds new safeguards against these tricks, making it tougher [...]
A great deal of security tools involve simply finding what you need — they have magnets for needles in a haystack! PortSwigger's Burp Suite is no different, and in this post I will [...]