I had a play with some vector databases and identified a new(?) method for persistent prompt injection. Read about it here:

🚨 New threat: Persistent prompt injection with poisoned vector databases! Discover how “RAGPoison” exposes this risk and learn how to protect your LLMs. Read more: https://t.co/D5icj6zpOF #RAGPoison #PromptInjection #Cybersecurity

/1 🚨 mega-thread on exploiting MCP servers via prompt injection, buckle up 👇

Major credit to the NixOS, Lix, and Guix teams for their incredibly fast response and for issuing patches to fix the issues. Want to see the full exploit chain, from file descriptor exfiltration to root shell? Read the full technical deep dive on our blog:

With arbitrary directory deletion, we targeted /tmp to race another Nix build process. This second race allowed us to hijack a chown call, letting us change the ownership of any file on the system to a user we controlled. The target? /etc/pam.d.

This foothold allowed us to create a classic Time-of-Check, Time-of-Use (TOCTOU) race condition. By modifying a directory while the garbage collector was running, we could trick a privileged Nix process into emptying any directory on the system.

Our path to root began by looking at failed builds. We found that we could exfiltrate a file descriptor from a sandboxed build process, giving us the ability to modify a directory inside the supposedly immutable /nix/store even after the build was finished!

We just dropped a deep dive on a series of vulnerabilities the Snyk Security Labs team found in NixOS! When chained together, they allow for a full privilege escalation from any user to root on a default installation. #NixOS #Linux #infosec #vulnerability

NixOS is super neat, I managed to find some vulnerabilities resulting in a pretty cool privilege escalation. I wrote about it here: https://t.co/N4S64hMMjL

Great work from my team: Is your local AI tooling really safe from attack?

Super happy to see the results of this years top 10 and to see my work on Cookie Tossing made it in position 10! 🥳

Unveiling the mysteries of ComfyUI Custom Node Vulnerabilities with our latest blog post! 🕵️‍♂️ Dive deeper into plugin ecosystem security with our seclabs team's in-depth exploration. Don't miss it! ⚡ #AppSec #AIsecurity #ComfyUI More here:

Ever wondered how Spring properties can be leveraged to obtain Remote Code Execution (RCE)? Our seclabs team expanded on @steventseeley's research—check it out here: https://t.co/DsIRlRSAYO #Cybersecurity #RCE #JavaSecurity #AppSec #SpringFramework

Vulnerability Alert: Our SecLabs uncovered CVE-2024-21545 in Proxmox VE 8.2.2, allowing attackers with limited permissions to potentially take full control of systems. Explore our breakdown of the discovery, exploitation, and mitigation process.

Proxmox CVE-2024-21545! I turned a local file read into full root command execution on Proxmox VE 8.2.2. Pretty cool chain if I do say so myself. Writeup:

I had some fun exploiting Ubuntu 24.04 when it came out. Read more about it here:

Your #code might be more vulnerable than you think. 😱 #RepoJacking is a powerful, yet widely unknown threat to your software supply chain. Learn how this attack works and how to defend against it in our latest blog post:

New research: Exploiting WebSockets for HTTP cache poisoning & bypassing Istio RBAC with HTTP response header injection. Learn how these attacks work & secure your apps. https://t.co/GWrorOwt3b #websecurity #istio #securityresearch

Learn how Snyk security researchers uncovered the #LeakyVessels container breakout Docker vulnerabilities assigned CVE-2024-21626, CVE-2024-23652, CVE-2024-23651, and CVE-2024-23653.

🚨 BREAKING 🚨The Snyk research team has uncovered 4 critical security vulnerabilities (#LeakyVessels) impacting core container tech including Docker, runc & related cloud infrastructure like Kubernetes. Get more details, including mitigation tips here 👉