Google's LLM bugSWAT event challenged hackers to find security flaws in their AI systems. Participants Joseph "REZ0" Thacker, Justin "RHYNORATER" Gardner, and Roni "LUPIN" Carta discovered vulnerabilities in Google's AI features, including exploiting a GraphQL endpoint and leaking information from Google Workspace via Bard's new extensions. Their collective efforts earned them $50,000 with Thacker, Carta, and Gardner securing the top three competition places respectively.

Researchers discovered a side-channel attack that can decipher encrypted AI assistant chats with high accuracy on specific topics by exploiting token transmission within the encryption. The attack utilizes large language models to reconstruct token sequences into readable text, potentially exposing sensitive user conversations. Major AI assistants, except for Google Gemini, are vulnerable to this method, prompting providers to seek mitigation strategies.

In this interview, Coinbase's Chief Security Officer Philip Martin, discusses the pervasiveness of scams beyond crypto and emphasizes education and proactive measures for prevention.

SSOReady can be used to add SAML support to your product for free.

NFT game Munchables, built on Blast, an Ethereum L2 network, experienced an exploit by a North Korean hacker, losing $62 million in the process. The Blast team was able to recover the stolen funds.

Privy is introducing passkey-based login for users, which combines the security of biometric authentication with an enhanced user experience. The company recognizes the current limitations of passkeys, such as cross-device usability and partial browser support, and claims to have developed solutions to solve some of these roadblocks.

Google held an event called “LLM bugSWAT” where people uncovered vulnerabilities in Google's systems. The authors of this article found significant security flaws, including an Insecure Direct Object Reference in Google's Bard and a Denial of Service vulnerability through Directive Overloading in Google's Cloud Console. They used Gemini Extensions to exfiltrate sensitive personal information by cleverly bypassing the Content Security Policy, a feat that rewarded them with a $50,000 reward.

Canva's team found security risks in popular font-handling tools. For example, they found an XML vulnerability in FontTools, where the application’s SVG font subsetting feature could be exploited to allow hackers to read arbitrary files. To prevent such issues, Canva treats fonts as untrusted inputs, sandboxes font processing, uses sanitization, and collaborates with open-source maintainers by providing security patches.

Researchers have identified significant security vulnerabilities within the ChatGPT ecosystem that potentially allow attackers to access users' accounts on third-party websites, such as GitHub, without their consent. These vulnerabilities were found both in the core ChatGPT platform and its plugins. They expose sensitive data and enable account takeovers through exploitation of the OAuth authentication process and other flaws in plugin frameworks.

Datadog's Real User Monitoring (RUM) package has an API that can lead to sensitive user data being accidentally sent to unintended domains. The "site" parameter can be confusing - developers can easily mistake it for their website domain. Instead of defaulting to Datadog's data intake domains, the RUM package constructs a new domain based on the provided "site" value, which could potentially send data to a domain the developer doesn't control. This happened to a company called Corporate Clash, where a misconfiguration led to user data being sent to an unauthorized third-party domain.

Railway, a cloud deployment platform, used to rely heavily on Google Cloud's Key Management Service (KMS) for encrypting sensitive user configuration variables. To improve performance, security, and reduce dependency on a single provider, Railway implemented envelope encryption, which encrypts data with a data encryption key that is itself encrypted with a key encryption key. This change reduced KMS usage and allows Railway to have potentially no dependencies on external cloud infrastructure in the future.

Researchers have demonstrated that OpenAI's GPT-4 model can autonomously exploit security vulnerabilities detailed in CVE advisories with an 87% success rate, far outperforming other models and tools like vulnerability scanners.

Sleeper Agents are language models that have been trained to perform malicious actions when prompted with a certain set of wake words. Probing language models with simple linear heads and the prompt “are you going to do something dangerous?” gives extremely reliable detection of these previously hidden malicious actors.

Offchain Labs, the company behind the Arbitrum L2, found two severe vulnerabilities in Optimism's fraud-proof system. The exploits, which have now been patched, allowed for fraudulent chain history to be accepted. Fortunately, the vulnerabilities were only on testnet and funds were never at risk.

OpenAI is adding former NSA head and retired General Paul Nakasone to its board of directors as well as its newly formed Safety and Security Committee.

Bittensor developers have halted their blockchain network following the discovery of a suspected security exploit targeting users' wallets initially reported by on-chain analyst ZachXBT. The halt was enacted to prevent further unauthorized access while an investigation is conducted. Approximately $8 million worth of TAO tokens were stolen, causing a 15% drop in the token's value.

Evolve Bank, a crypto-friendly bank, has acknowledged a significant data breach involving the theft of 33 terabytes of user data by the Russian ransomware group Lockbit affecting users of Bitfinex, Copper Banking, and Nomad.

A hacker gained access to OpenAI's internal messaging systems early last year. They accessed details from discussions in an internal online forum but did not get into the systems where the company houses and builds its artificial intelligence. Details of the incident were revealed to employees in April 2023. Executives decided not to share the news publicly because no information about customers or partners was stolen. It is believed that the hacker was a private individual with no known ties to a foreign government. OpenAI did not inform the FBI or anyone else in law enforcement about the incident.

TicketMaster's SafeTix, a system that uses rotating barcodes for mobile entry, is marketed as a security measure against fraud and scalping, but it can be easily reverse-engineered. The barcodes contain time-based one-time passwords (TOTPs) and a bearer token, which can be extracted and used to generate valid barcodes offline. Despite claims of preventing offline saving and transfer, the system's vulnerabilities allow for ticket duplication and potential resale outside of TicketMaster's platform.

On June 22, CoinStats detected unauthorized access to its infrastructure, resulting in the theft of approximately $2.2 million in cryptocurrency from 1,590 CoinStats Wallets.

Truffle Security found a huge security flaw on GitHub where deleted and private repository data can be accessed by anyone. The issue is due to GitHub's repository network architecture, which allows forks to retain access to commit data even after the original repository is deleted or its visibility is changed. This vulnerability allows attackers to potentially access sensitive information like API keys and private code.

As Model Merging (MM) becomes a popular method for combining fine-tuned models without additional training, new security risks emerge. This paper introduces BadMerging, the first backdoor attack specifically targeting MM.

A crypto team unknowingly hired North Korean IT workers with fake identities, resulting in a $1.3M theft from their treasury. An investigation uncovered 25+ projects employing related developers. These workers, who often use fake IDs and coordinated referrals, laundered the funds and are earning up to $500K monthly across multiple projects.

The authors of this article discovered a critical vulnerability in FlyCASS, a system used by smaller airlines to participate in the TSA's Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs. They exploited a SQL injection flaw to gain administrative access to FlyCASS, allowing them to add unauthorized individuals to the KCM and CASS programs, bypass security screening, and gain access to cockpits.

The senior enlisted leaders of the USS Manchester secretly installed a Starlink Wi-Fi network during a deployment for their exclusive use while rank-and-file sailors were denied internet access. The network, dubbed "STINKY", was installed without authorization and posed significant risks to the ship's security and operations. Command Senior Chief Grisel Marrero, the orchestrator of the scheme, was convicted at court-martial and reduced in rank.

Over 16,000 rugpulls have been launched in the past three months, with millions of dollars stolen weekly. To combat this, Pocket Universe has launched a Rugpull Detector to warn users if a token is likely linked to serial rugpullers. It has flagged about 60% of hard rugs and the company has plans for further improvements and broader coverage.

Many critical sectors still use vulnerable pager networks like POCSAG, which are easily exploited for message injection attacks via radio frequencies, for emergency communication. These networks lack encryption, allowing anyone with basic equipment to intercept and manipulate messages, posing serious security risks in sensitive environments. This blog post highlights the urgent need for stronger security measures in these outdated communication systems by demonstrating how easy it is to spoof messages.