🆕 I've released a new blog post about #KawaiiGPT, a "malicious #LLM" that popped up recently. I discuss its #jailbreak engine, how it accesses expensive LLMs for free, and some risks it exposes its users to. https://t.co/immjwYc4QF

🆕 I've released a new blog post about #KawaiiGPT, a "malicious #LLM" that popped up recently. I discuss its #jailbreak engine, how it accesses expensive LLMs for free, and some risks it exposes its users to. https://t.co/immjwYc4QF

The blog also contains a shameless plug for a small project I've been working on in the last few days 👀 https://t.co/PyHbYC2HbT

🍺 apkingo is available on Homebrew! You can now install it with: ``` brew tap andpalmier/tap brew install apkingo ``` Check out the repo, release notes, and docs: https://t.co/flgHmRHEmc #Go #Homebrew #APK #APKAnalysis

Hey all, I've published a new blog post titled "Interview preparation for a #cti role"! You can find it here:

This random document fell off the back of a bus. Weird. This random document which randomly fell off the back of a bus (randomly) says MITRE is no longer supporting the CVE program as of April 16th, 2025. Which is crazy, because this random document is dated April 15th, 2025.

Cloudflare turns AI against itself with endless maze of irrelevant facts

Security researcher @gentoo_python discovered a Prompt Injection on VirusTotal. Could this be used as a form of social engineering to trick users into thinking a file is safe when it's not? File hash: 1d30bfee48043a643a5694f8d5f3d8f813f1058424df03e55aed29bf4b4c71ce

I’ve just pushed an update to my Search Engines AD Scanner (seads)! Feel free to try it out here: https://t.co/Ks9nyNs7ye Feedback is always appreciated! :)

Today the US Cybersecurity and Infrastructure Security Agency (CISA) reported a backdoor on two patient monitors. As cybersecurity people, we find this deeply troubling. As malware people, we find this cool and badass. https://t.co/6Dnh8WlXgA

NEW: @WhatsApp says Israeli mercenary spyware company #Paragon targeted scores of users around world. The infection happened with no interaction. No link to click or attachment to open. This is called a "zero-click" attack. WA says targets included journalists & members of

⚠️ Developers, please be careful when installing Homebrew. Google is serving sponsored links to a Homebrew site clone that has a cURL command to malware. The URL for this site is one letter different than the official site.

🚨ALERT: Potential ZERO-DAY, Attackers Use Corrupted Files to Evade Detection 🧵 (1/3) ⚠️ The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox The #ANYRUN team

END OF THE THREAD! Check out the original blog post here: https://t.co/UNdjVb0IfG If that made you curious about AI Hacking, be sure to check out the CTF challenges by @dreadnode at

🤖 LLMs vs LLMs It shouldn't really come as a big surprise that some methods for attacking LLMs are using LLMs. Here are two examples: - PAIR: an approach using an attacker LLM - IRIS: inducing an LLM to self-jailbreak ⬇️

📝 Prompt rewriting: adding a layer of linguistic complexity! This class of attacks uses encryption, translation, ascii art and even word puzzles to bypass the LLMs' safety checks. ⬇️

💉 Prompt injection: embed malicious instructions in the prompt. According to OWASP, prompt injection is the most critical security risk for LLM applications. They break down this class of attacks in 2 categories: direct and indirect. Here is a summary of indirect attacks: ⬇️

😈 Role-playing: attackers ask the LLM to act as a specific persona or as part of a scenario. A common example is the (in?)famous DAN (Do Anything Now): This attacks are probably the most common in the real-word, as they often don't require a lot of sophistication. ⬇️

We interact (and therefore attack) LLMs mainly using language, therefore let's start from there. I used this dataset https://t.co/jwL887zAtu of jailbreak #prompts to create this wordcloud. I believe it gives a sense of "what works" in these attacks! ⬇️

Before we dive in: I’m *not* an AI expert! I did my best to understand the details and summarize the techniques, but I’m human. If I’ve gotten anything wrong, just let me know! :) ⬇️