Hidden prompt injection: The black hat trick AI outgrew

Invisible prompts once tricked AI like old SEO hacks. Here’s how LLMs filter hidden commands and protect against manipulation ...

New attack on ChatGPT research agent pilfers secrets from Gmail inboxes

Today’s installment hits OpenAI’s Deep Research agent. Researchers recently devised an attack that plucked confidential ...
GitHub

CVE-2024-3552 Web Directory Free <= 1.6.9 - Unauthenticated SQL Injection

The Web Directory Free plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.6.9 due to insufficient escaping on a user supplied parameter and lack of sufficient ...
GitHub

CVE-2024-35286 - Mitel MiCollab - SQL Injection

Mitel MiCollab NuPoint Messenger (NPM) through 9.8.0.33 contains a sql_injection caused by insufficient sanitization of user input, letting unauthenticated attackers access sensitive data and execute ...