Interesting vulnerability, not all vendors are impacted though. GPU memory leaks can have unforeseen impacts.

The tone pointing at "open models" is wrong but the research is interesting. It still proves models can be poisoned (open or not) so traceability and secured supply-chains will become very important when using large language models.

Apple keep indeed attracting a bunch of cultists... and this allows them to keep abusing their other customers.

Fascinating script which jumps over SSH servers in several hops and replicates itself without a file upload.

A not so gentle reminder that you shouldn't get sloppy in the security practices of your services.

Some of that certificate chain validation is troublesome... in Chrome based browsers it's even truly insane.

When bug bounty programs meet LLM hallucinations... developer time is wasted.

New technique for SMTP smuggling... vulnerable servers then allow to spoof while still passing DMARC checks properly. Check your providers and server configuration.

Interesting finding. This shows a potential issue in how identities are verified by providers.

Interesting new attack on the SSH protocol. This is hard to achieve outside of the LAN though.

Fascinating vulnerability. When the BIOS is at fault with a crappy image parser... you can't do much to prevent problems from happening.

Could indeed turn into a nice alternative to fail2ban.

How the medical sector is struggling with badly designed software. Also important to note how security is just getting in the way of nurses and doctors jobs.

Nice approach to also hunt for memory safety issues while software is in production.

Finally a standardized protocol for end-to-end encryption! Let's see where this gets used.

This is indeed a very nasty vulnerability. This won't improve my low trust in this product. They've been trying to phase it out for a while, it shows now.

It's really coming from everywhere these days. Let's make sure this doesn't get adopted.

Things could indeed be more convenient... if this was the case we'd probably have less security breaches. Making super complex tools and then complaining that people are holding them wrong isn't gonna help.

Attacks on machine learning models are getting more accessible. This means even more care will have to be taken to deploy and use those.

OAuth is nice and taking over the world... but don't weaken the security, follow all the steps and verify the tokens you get handed.