Tag: vulnerability research
-
The Register: HTTP your way into Citrix’s Virtual Apps and Desktops with fresh exploit code
Source URL: https://www.theregister.com/2024/11/12/http_citrix_vuln/ Source: The Register Title: HTTP your way into Citrix’s Virtual Apps and Desktops with fresh exploit code Feedly Summary: ‘Once again, we’ve lost a little more faith in the internet,’ researcher says Researchers are publicizing a proof of concept (PoC) exploit for what they’re calling an unauthenticated remote code execution (RCE) vulnerability…
-
Slashdot: Google’s Big Sleep LLM Agent Discovers Exploitable Bug In SQLite
Source URL: https://tech.slashdot.org/story/24/11/05/1532207/googles-big-sleep-llm-agent-discovers-exploitable-bug-in-sqlite?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google’s Big Sleep LLM Agent Discovers Exploitable Bug In SQLite Feedly Summary: AI Summary and Description: Yes **Summary:** Google has leveraged a large language model (LLM) agent, “Big Sleep,” to identify a previously undiscovered memory vulnerability in SQLite, marking a significant advancement in automated vulnerability discovery. This initiative showcases…
-
Simon Willison’s Weblog: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code
Source URL: https://simonwillison.net/2024/Nov/1/from-naptime-to-big-sleep/#atom-everything Source: Simon Willison’s Weblog Title: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code Feedly Summary: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code Google’s Project Zero security team used a system based around Gemini 1.5 Pro to find…
-
Hacker News: Using Large Language Models to Catch Vulnerabilities
Source URL: https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html Source: Hacker News Title: Using Large Language Models to Catch Vulnerabilities Feedly Summary: Comments AI Summary and Description: Yes Summary: The Big Sleep project, a collaboration between Google Project Zero and Google DeepMind, has successfully discovered a previously unknown exploitable memory-safety vulnerability in SQLite through AI-assisted analysis, marking a significant advancement in…
-
Cloud Blog: Introducing Google Cloud’s new Vulnerability Reward Program
Source URL: https://cloud.google.com/blog/products/identity-security/google-cloud-launches-new-vulnerability-rewards-program/ Source: Cloud Blog Title: Introducing Google Cloud’s new Vulnerability Reward Program Feedly Summary: Vulnerability reward programs play a vital role in driving security forward. By incentivizing security research, vulnerabilities can be found and fixed by vendors before they are potentially exploited by malicious actors, protecting users and strengthening security posture. Also known…
-
Cloud Blog: Cloud CISO Perspectives: AI vendors should share vulnerability research. Here’s why
Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-ai-vendors-should-share-vulnerability-research-heres-why/ Source: Cloud Blog Title: Cloud CISO Perspectives: AI vendors should share vulnerability research. Here’s why Feedly Summary: Welcome to the first Cloud CISO Perspectives for October 2024. Today I’m discussing new AI vulnerabilities that Google’s security teams discovered and helped fix, and why it’s important for AI vendors to share vulnerability research…