#ExploitCode

How to jailbreak ChatGPT and trick the AI into writing exploit code using hex encoding

by

October 29, 2024 at 06:36PM OpenAI’s GPT-4o can be manipulated into generating exploit code by encoding malicious instructions in hexadecimal, bypassing its safety features. Researcher Marco Figueroa highlights this vulnerability on Mozilla’s 0Din platform, emphasizing the need for improved AI security measures and detection mechanisms for encoded content to prevent such exploitations. ### Meeting Takeaways … Read more

Mozilla: ChatGPT Can Be Manipulated Using Hex Code

by

October 28, 2024 at 03:58PM A new prompt-injection technique demonstrates vulnerabilities in OpenAI’s GPT-4o, allowing users to bypass its safety guardrails. By encoding malicious instructions in unconventional formats, bad actors can manipulate the model to create exploit code. The model’s inability to analyze context and prevent harmful outputs raises concerns about security in AI development. … Read more

Exploit released for new Windows Server “WinReg” NTLM Relay attack

by

October 22, 2024 at 01:33PM Public exploit code has been released for CVE-2024-43532, a vulnerability in Microsoft’s Remote Registry client that may allow attackers to downgrade authentication security. It affects Windows server versions from 2008 to 2022 and Windows 10/11, enabling potential domain takeover through NTLM authentication relay attacks. A fix has been issued. ### … Read more

Critical Ivanti vTM auth bypass bug now exploited in attacks

by

September 24, 2024 at 01:06PM CISA has identified a critical Ivanti security vulnerability (CVE-2024-7593) allowing threat actors to create unauthorized admin users on vulnerable Ivanti vTM appliances. The flaw enables bypass of authentication algorithms on internet-exposed vTM admin panels. Ivanti has released security updates and recommends restricting access to the vTM management interface. CISA requires … Read more

WhatsApp fix to make View Once chats actually disappear is beaten in less than a week

by

September 17, 2024 at 08:24PM Meta’s attempt to prevent unauthorized access to WhatsApp’s View Once messages was circumvented by white-hat hackers within a week. The feature, designed to ensure message privacy, relied on digital rights management but was found to be vulnerable on certain operating systems. Despite Meta’s initial fix, security concerns remain unresolved. Based … Read more

Hackers targeting WhatsUp Gold with public exploit since August

by

September 12, 2024 at 12:43PM Hackers are utilizing publicly available exploit code to target two critical vulnerabilities in the WhatsUp Gold network monitoring solution from Progress Software. Based on the meeting notes, it appears that hackers have been exploiting two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software … Read more

TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers

by

June 11, 2024 at 10:28AM TellYouThePass ransomware gang has swiftly exploited the critical CVE-2024-4577 vulnerability in PHP, despite a recent patch. Using publicly available exploit code, they deploy webshells and execute an encryptor payload. By injecting a ransomware variant into memory, they demand 0.1 BTC for decryption. Over 450,000 exposed PHP servers could be vulnerable. … Read more

Maximum severity Flowmon bug has a public exploit, patch now

by

April 24, 2024 at 04:12PM Proof-of-concept exploit code for a critical security vulnerability in Progress Flowmon, used by over 1,500 companies worldwide, including SEGA and Volkswagen, has been released. The flaw, with severity score of 10/10, allows remote unauthenticated access and arbitrary command execution. Progress Software urged all system admins to update to versions 12.3.4 … Read more

Cisco discloses root escalation flaw with public exploit code

by

April 17, 2024 at 01:28PM Cisco has issued patches for a high-severity vulnerability in its Integrated Management Controller (IMC), allowing local attackers to escalate privileges to root using crafted CLI commands. The flaw, tracked as CVE-2024-20295, affects various Cisco devices and has a public exploit code available. Cisco has also observed recent zero-day attacks on … Read more

Exploit released for Palo Alto PAN-OS bug used in attacks, patch now

by

April 16, 2024 at 02:38PM A critical vulnerability, tracked as CVE-2024-3400, has been actively exploited in Palo Alto Networks’ PAN-OS firewall software. Threat actors can execute arbitrary code as root via command injection, impacting PAN-OS 10.2, 11.0, and 11.1. Palo Alto Networks is releasing hotfixes, urging users to disable certain features and providing threat prevention … Read more