SecurityWeek

From Open Source to OpenAI: The Evolution of Third-Party Risk

Software supply chain attacks are evolving as open source and AI-generated code introduce new third-party risks. Learn how ...
Hackaday

This Week In Security: PostHog, Project Zero Refresh, And Thanks For All The Fish

There’s something immensely satisfying about taking a series of low impact CVEs, and stringing them together into a full exploit. That’s the story we have from [Mehmet Ince] of ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...
CSO Online

Human-in-the-loop isn’t enough: New attack turns AI safeguards into exploits

Human-in-the-loop (HITL) safeguards that AI agents rely on can be subverted, allowing attackers to weaponize them to run ...

Anthropic reveals that as few as '250 malicious documents' are all it takes to poison an LLM's training data, regardless of model size

Claude-creator Anthropic has found that it's actually easier to 'poison' Large Language Models than previously thought. In a ...
Hackaday

It Only Takes A Handful Of Samples To Poison Any Size LLM, Anthropic Finds

It stands to reason that if you have access to an LLM’s training data, you can influence what’s coming out the other end of ...