We won second place in @DARPA's AI Cyber Challenge. Plus, GitHub Copilot prompt injections, NVIDIA Triton vulnerability disclosure, and multi-agent system hijacking demos. Read our AI-packed Tribune:

When these systems auto-downscale images, the hidden prompts emerge from previously invisible pixel patterns.

What do you want to know?.

We hacked Gemini CLI, Vertex AI, Assistant, and other AI systems by embedding prompts into images that are not visible to users.

We traced 11 years of exploit evolution: from Hailey Somerville's 2013 bug report to Luke Jahnke's latest 2024 Ruby 3.4 gadget chains. Each researcher builds on the last, but the fundamental flaw remains unfixed.

Ruby's Marshal deserialization exploits: a fundamental issue dating back over a decade. Learn the history and where we go from here 🧵

@dguido @ClickHereShow Use our open-source scripts to block Zoom's remote access feature system-wide and prevent ELUSIVE COMET attacks:.

Hackers use Zoom calls to target professionals, hunting for crypto wallets. @dguido breaks down ELUSIVE COMET's social engineering on @ClickHereShow.

RT @helpnetsecurity: Buttercup: Open-source AI-driven system detects and patches vulnerabilities - - @trailofbits @….

RT @exploitsclub: We hope everyone is recovering from there 4 day hangover. Here is a new EC to get you through the week 👇. Blind OOB Read….

@Gemini Building secure wallet infrastructure? We've reviewed systems for Kraken, Uniswap, Phantom, WalletConnect, and others with unique expertise across blockchain protocols, cryptographic implementations, and application security.

@Gemini Key recommendations for wallet teams: implement comprehensive integration testing beyond unit tests, eliminate single points of failure in access controls, and ensure complete transaction transparency in user interfaces.

@Gemini .@Gemini Wallet remediated all findings during our fix review, showing a proactive security response that's essential for production-ready wallet systems.

@Gemini We identified 3 high-severity wallet vulnerabilities, plus 6 additional lower-severity issues.

As part of the @Gemini Wallet ecosystem, we conducted a security review of the newly launched Gemini Wallet 🧵

RT @IceSolst: Starting to think that implementing your own cyber reasoning system should be a mandatory final year project for CS/security….

RT @richinseattle: I’ve looked through the AIxCC repos. If you are going to get started and try to adapt for your use, I suggest looking at….

@SecWeekly He proved this approach by finding remote code execution in the ZBar barcode library. Read our technical breakdown:

@SecWeekly His methodology: systematically check repos, issues, and oss-fuzz to identify software with no public fuzzing traces. "If there's no traces on the internet of it being fuzzed, there's probably bugs.".

Principal AppSec engineer, Artur Cygan, explains why fuzzing has become one of the most successful automated security tools on @SecWeekly #336.

RT @IceSolst: There are so many interesting ideas in this (severely underrated) blog post by the genius @suhackerr.Covers different techniq….