Login
Full context: I built SecureBank AI Assistant, a deliberately vulnerable AI banking chatbot powered by Groq's Llama 3 70B.
5 exploitation techniques. 100% success rate against standard protections.
Flags cover:
System prompt extraction
Content filter bypass
Function calling abuse
Persistent backdoor injection
RAG document poisoning
CTF challenge to practice: github.com/oussamaafnakkar/AccessDenied
Try it, break it, learn from it.
Ignore patches at your own risk. According to Uncle Sam, a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack.β¦
The Netherlands' largest mobile network operator (MNO) has admitted that a breach of its customer contact system may have affected around 6.2 million people.β¦
On Call Welcome to another installment of On Call, The Register's weekly reader-contributed column that tells your tech support tales.β¦
Over $1100 worth of prizes:
Prizes
Top performers will earn no-cost access to SANS training for further cyber skills development, including four prize categories:
| Prize Category | Prize |
|---|---|
| Overall top finishers 1-3 | A license to SEC401, Security Essentials |
| Overall top finishers 4-6 | A license to SEC480, AWS Secure Builder |
| Overall top finishers 7-9 | A license to SEC495, Leveraging LLMs |
| Regional top 20 finishers (per country) | 6-month access to SANS SkillQuests by NetWars |
The event is open to all students from participating AWS Skills to Jobs Tech Alliance institutions across the US, Latin America, Europe and Asia-Pacific regions.
More than 30 malicious Chrome extensions installed by at least 260,000 users purport to be helpful AI assistants, but they steal users' API keys, email messages, and other personal data. Even worse: many of these are still available on the Chrome Web Store as of this writing.β¦
Your supervisor may like using employee monitoring apps to keep tabs on you, but crims like the snooping software even more. Threat actors are now using legit bossware to blend into corporate networks and attempt ransomware deployment.β¦
Apple patched a zero-day vulnerability affecting every iOS version since 1.0, used in what the company calls an "extremely sophisticated attack" against targeted individuals.β¦
Cybercriminals are turning supply chain attacks into an industrial-scale operation, linking breaches, credential theft, and ransomware into a "self-reinforcing" ecosystem, researchers say.β¦
Lately I've been using Al tools (Cursor / Anti gravity/ etc.) to prototype faster.
It's amazing for speed, but I noticed something
uncomfortable, a lot of the generated code had subtle security problems.
Examples I kept seeing:
Hardcoded secrets
Risky API routes
Potential IDOR patterns
So I built a small tool called CodeArmor Al that scans repos and PRs and classifies issues as:
Definite Vulnerabilities
Potential Risks (context required)
It also calculates a simple security score and PR risk delta. Not trying to replace real audits - more like a "sanity layer" for fast-moving / Al-heavy projects.
If anyone's curious or wants to roast it
Would genuinely love feedback from real devs
The UK Ministry of Defence (MoD) is offering between Β£270,000 to Β£300,000 for a senior digital leader who will oversee more than Β£4.6 billion in spending and more than 3,000 specialist staff.β¦
In an attempt to sharpen my hardware hacking skills, I took on the challenge of extracting firmware off a flip phone π±.
But... I kind of underestimated my opponent:
- No trace of the firmware online
- No OTA updates
- Debug interface nowhere to be found
- The chip holding the firmware has no legs
Quite the challenge.
I ended up dead-bugging the chip and wiring it to the Xgecu T48 Flash programmer.
Enjoy!
FreshRSS